From 8346f18a5b9b88907b6db29e9c11cdbdeeb0958e Mon Sep 17 00:00:00 2001
From: Markus Unterwaditzer <markus-tarpit+git@unterwaditzer.net>
Date: Mon, 27 Apr 2026 13:57:25 +0200
Subject: [PATCH] Fix dependabot config

PR #998 was supposed to filter dependabot PRs to security updates only.
But applies-to was on the wrong level of nesting.

Also renamed the group from "dependency-type" to "security", right now
we get PRs like "Bump the dependency-type group in /installer-gui with 7
updates#1010"

Search for applies-to on this page:
https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference
-- it's on the same level as patterns.

This PR was fully AI-generated, description hand-written though.
---
 .github/dependabot.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ea1467a..f9f3283 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,8 +11,8 @@ updates:
       interval: "weekly"
     open-pull-requests-limit: 0
     groups:
-      applies-to: "security-updates"
-      dependency-type:
+      security:
+        applies-to: "security-updates"
         patterns:
           - "*"
 
@@ -23,8 +23,8 @@ updates:
       interval: "weekly"
     open-pull-requests-limit: 0
     groups:
-      applies-to: "security-updates"
-      dependency-type:
+      security:
+        applies-to: "security-updates"
         patterns:
           - "*"
 
@@ -35,8 +35,8 @@ updates:
       interval: "weekly"
     open-pull-requests-limit: 0
     groups:
-      applies-to: "security-updates"
-      dependency-type:
+      security:
+        applies-to: "security-updates"
         patterns:
           - "*"
 
@@ -47,7 +47,7 @@ updates:
       interval: "weekly"
     open-pull-requests-limit: 0
     groups:
-      applies-to: "security-updates"
-      dependency-type:
+      security:
+        applies-to: "security-updates"
         patterns:
           - "*"