Update dependabot policy

.github/dependabot.yml

@@ -1,11 +1,17 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
 version: 2
 updates:
-  - package-ecosystem: "maven" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "maven"
+    directory: "/"
     schedule:
       interval: "weekly"
+    groups:
+      maven:
+        patterns:
+          - "*:*"
+        update-types:
+          - "patch"
+          - "minor"
+    pull-request-title: "Apply all minor and patch-level updates for Maven dependencies"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]

.github/workflows/dependabot-automerge.yml

@@ -0,0 +1,25 @@
+name: Dependabot Auto-Merge
+on: 
+  pull_request:
+    types:
+      - opened
+
+permissions:
+  pull-requests: write 
+  contents: read
+
+jobs:
+  dependabot-auto-merge:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && startsWith(github.event.pull_request.title, 'Apply all minor and patch-level')
+    steps:
+      - name: Fetch Pull Request Metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Merge Pull Request
+        run: gh pr merge --auto "$PR_URL"
+        env:
+          PR_URL: "${{ github.event.pull_request.html_url }}"
+          GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"