From 1f4927258ea240e0e7caaefea800629646e385ab Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 16 Nov 2025 13:03:33 +0000
Subject: [PATCH] Run dependabot for bundler

Processes non-security updates once a week grouping gems
into a few PRs and excluding anything other than patch
updates for rails altogether.
---
 .github/dependabot.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 7b0fe114b..79f44a2ff 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,27 @@
 version: 2
 updates:
+  - package-ecosystem: "bundler"
+    versioning-strategy: "increase-if-necessary"
+    directory: "/"
+    ignore:
+      - dependency-name: rails
+        update-types: version-update:semver-minor
+    groups:
+      rails:
+        applies-to: version-updates
+        patterns:
+          - rails
+      rubocop:
+        applies-to: version-updates
+        patterns:
+          - rubocop*
+      dependencies:
+        applies-to: version-updates
+        exclude-patterns:
+          - rails
+          - rubocop*
+    schedule:
+      interval: "weekly"
   - package-ecosystem: "npm"
     versioning-strategy: "increase-if-necessary"
     directory: "/"
-- 
2.39.5