Reduce dependabot spam by limiting to weekly updates and/or grouping similar packages into one update #1146
Description
dependabot sends a lot of PRs for every patch version, which results in a lot of very small PRs that are often overlooked. Perhaps we can reduce it's update frequency to once a week so that we are more likely to look at the updates? The concern with that is we still want to make sure that security updates come through right away.
Another alternative is to look into renovate, which has the feature that it can group together similar package updates coming from the same monorepo. Our partner repo react-native-test-app has already moved to using renovate over dependabot: microsoft/react-native-test-app#490