Dependabot opens individual PRs as well as PRs for groups

[conan]

Select Topic Area

Question

Body

We're using the group support in dependabot.yml to try to group PRs by package ecosystem. We have many npm locations (e.g. for AWS lambdas) and want to keep dependencies in sync across all of them, so we don't ever want an update that only affects a single package.json.

Dependabot creates grouped PRs correctly, but for the npm package ecosystem using directories: it also creates an individual PR for every update. How can we prevent this? It doesn't happen for the gradle package ecosystem.

Note that these are not security updates, we have no security bulletins for these bumps.

Our dependabot.yml:

version: 2
updates:
  - package-ecosystem: "gradle"
    directory: "/"
    schedule:
      interval: "weekly"
    groups:
      gradle:
        patterns:
          - "*"
        update-types:
          - "patch"
          - "minor"

  - package-ecosystem: "npm"
    directories:
      - "directory1"
      - "directory2"
      - "directory3"
      - "directory4"
      - "directory5"
    schedule:
      interval: "weekly"
    groups:
      npm:
        patterns:
          - "*"
        update-types:
          - "patch"
          - "minor"   

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬