chore: Tweak dependabot

[jmgate]

Type: Task

Description

Run weekly instead of daily, and group updates into a single PR for each packaging ecosystem.

Motivation

Just tired of so many dependency updates. Our existing configuration was automatically generated by the @step-security-bot, following best practices defined by the OpenSSF, but I'm not convinced updating all dependencies on a potentially daily basis via separate PRs is the best thing to do.

Implementation Details

Followed this documentation.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 94.04%. Comparing base (48e71aa) to head (c4c9252).
Report is 2 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #223   +/-   ##
=======================================
  Coverage   94.04%   94.04%           
=======================================
  Files           2        2           
  Lines         168      168           
  Branches       42       42           
=======================================
  Hits          158      158           
  Misses          4        4           
  Partials        6        6           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[GhostofGoes]

THANK YOU. I was close to muting notifications from this repo because dependabot made up half of my notifications for a week 😅

[jmgate]

Yeah, I don't know why the official recommendations are so noisy. I'll make sure dependabot still runs correctly when next it kicks off, and then I'll make the same changes to my other repositories as well.