We have missused `exclude-patterns` and `applies-to` in previous setup,
they are documented in [1]:
- `exclude-patterns`: Use to exclude certain dependencies from the
group. If a dependency is excluded from a group, Dependabot will
continue to **raise single pull requests** to update the dependency to
its latest version.
- `applies-to`: Use to specify whether the rules in the group apply to
version updates or security updates. applies-to can be version-updates
or security-updates.
Options in `groups` section is a matter of grouping strategy of these
detected udpates.
All in all, to effectively "group" these updates, we need to use `allow`
and `ignore` to specify update "candidates" for dependabot, if the
"candidates" were duplicated in the first place, no matter the grouping
strategy, the PRs raised are bound to be overlaped/duplicated.
[1] https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
60a29e2403