Reducing noise from dependabot PRs

[eregon]

The current dependabot config creates a ridiculous amount of PRs and that turns into tons of spam-like emails for everyone watching this repo (which I would presume are interested in Prism development but not in tons of dependency bumps).
FWIW I have tried to setup an email filter to exclude those but it's tricky and not perfect, there seems to be no easy way to filter those.

I can imagine some ways to fix this:

• Convince dependabot to create one PR weekly with all updates instead of a dozen PRs.
• Drop dependabot, if there not enough values in these updates. For example, are Bump sorbet from 0.5.11734 to 0.5.11751 in /gemfiles/typecheck #3405 Bump parser from 3.3.6.0 to 3.3.7.0 in /gemfiles/jruby #3438 Bump parser from 3.3.6.0 to 3.3.7.0 in /gemfiles/typecheck #3440 useful?
• Remove the Gemfile.lock files entirely, like many gems do, and just automatically use the latest gems without a ton of extra PRs/spam. The CI logs will anyway show which versions have been used.
• Consolidate the various Gemfile.lock files to have a smaller amount of them.

Thoughts?

[eregon]

A quick search found https://slar.se/dependabots-dependency-grouping.html and https://github.blog/changelog/2023-08-24-grouped-version-updates-for-dependabot-are-generally-available/
That seems an easy solution.

[eregon]

Here is a try: #3450

[eregon]

#3450 seems good enough, I'll close this then