Handle multi-package-monorepo sourced dependency updates better

[jeking3]

Some dependabot updates come from a momorepo with multiple released packages, for example:

• npm: @sentry/{integrations,react,tracing}
• pypi: opentelemetry/{api, exporter-jaeger, exporter-otlp, instrumentation-botocore, instrumentation-celery, sdk, ...}

These packages also do not release code-free dependency bundles as they expect you to pick only what you need.

As a user, I find handling the dependabot updates on these quite annoying:

1. They update often.
2. Dependabot updates each one individually.
3. In some package managers, merging one of them causes the others to have to rebase and rebuild.
4. If you set a limit on the number of dependencies outstanding, these usually clog everything up.
5. All of this greatly increases the GitHub Actions minutes used.

What would be really nice is one of the following:

1. Dependabot understands this and updates them together in one pull request instead of separately, or
2. GitHub allows me to select multiple pull requests and squash them into the project together.

Solution 2 would still cause GitHub Action minutes to grow, but might be useful anyway. :)
Solution 1 would solve all concerns.

Many thanks!

[marikaner]

I was about to suggest the same. Another problem with monorepo packages is that some of these dependencies only work together with the same version and fail to build when different versions are combined (e.g. @docusaurus/{core, preset-classic}.

I think another idea how to solve this problem could be, that the dependabot configuration allows to define dependencies that should always be updated together.