Simplify dependabot configuration by splitting Maven groups and removing GitHub Actions grouping

[Copilot]

Description

Simplified and reorganized the dependabot configuration to improve maintainability:

Maven ecosystem:

• Replaced the monolithic auto-merge-minor-and-patch group with three focused groups using wildcard patterns:
  • spring-boot-dependencies: org.springframework.boot:* and org.springframework.integration:*
  • squareup-dependencies: com.squareup.*:* (okhttp3 artifacts)
  • jsonwebtoken-dependencies: io.jsonwebtoken:* (jjwt artifacts)
• Removed update-types restriction; groups now apply to all update types
• Ungrouped dependencies (h2, maven plugins, etc.) will be handled individually

GitHub Actions ecosystem:

• Removed auto-merge-minor-and-patch grouping entirely
• GitHub Actions will now be updated individually

No behavioral change: auto-merge controlled by dependabot-auto-approve-merge.yml workflow, which operates on semver update-type metadata independent of grouping. The groupings only affect PR organization, not auto-merge behavior.

Checklist:

• Public methods are documented
• Public methods are tested
• New and existing tests pass when run locally
• There are no new warnings or errors

Original prompt

in the dependabot.yml configuration auto-merge-minor-and-patch group should be split into a group for org.springframework.boot dependancies and a group for com.squareup dependancies and a group for io.jsonwebtoken dependancies. The groups can be for all update-types. Check that the auto-merge-minor-and-patch groups isn't refrenced anywhere else (such as the workflows). If the auto-merge-minor-and-patch isn't refrenced anywhere and the group can be deleted even if the remaining dependancies don't fit into one of the the new groups. My understanind is that all minor and patch dependancies are auto approved and auto merged regardless of what group they are in, please check this understanding.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[thomasturrell]

@copilot does grouping github-actions into auto-merge-minor-and-patch serve any purpose. if not remove the grouping.

[Copilot]

@copilot does grouping github-actions into auto-merge-minor-and-patch serve any purpose. if not remove the grouping.

Removed the github-actions grouping in commit 23fb922. The grouping served no functional purpose since the auto-merge workflow handles all minor/patch updates based on semver update-type regardless of grouping. GitHub Actions will now be updated individually.

[Copilot]

Pull request overview

This PR simplifies the Dependabot configuration by reorganizing dependency grouping to improve maintainability. The monolithic auto-merge-minor-and-patch group has been replaced with three focused Maven groups using wildcard patterns, and GitHub Actions grouping has been removed entirely.

Changes:

• Split Maven dependencies into three logical groups (Spring Boot, Square/OkHttp, JsonWebToken) using wildcard patterns instead of explicit artifact lists
• Removed update-type restrictions from groups to apply to all update types
• Removed GitHub Actions grouping to handle each action update individually

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud