From 17eea7b0bd2899edca2dea7349fdb91d976b943e Mon Sep 17 00:00:00 2001
From: Leo Gertsenshteyn <146586+leoger@users.noreply.github.com>
Date: Tue, 21 Jan 2025 10:50:57 -0800
Subject: [PATCH 1/2] Revert dependency bump that breaks Java 11 build

Dependabot changed `error-prone` library to 2.36.0 again in #1089,
re-breaking the fix that was included in #1083.

This reverts commit 6902df09e38d3715a1da6d737f180b8d6cfae8b5.
---
 .github/dependabot.yml | 4 ++++
 pom.xml                | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 7239c0b14..b6854450e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,6 +5,10 @@ updates:
     schedule:
       interval: daily
     target-branch: main
+    ignore:
+      # Ignore minor version updates for dependencies with group ID "com.google.errorprone"
+      - dependency-name: "com.google.errorprone:*"
+        update-types: [ "version-update:semver-minor" ]
 
   - package-ecosystem: "github-actions"
     directory: "/"
diff --git a/pom.xml b/pom.xml
index 66a082318..bfe8ac814 100644
--- a/pom.xml
+++ b/pom.xml
@@ -81,7 +81,7 @@
         <threetenbp.version>1.7.0</threetenbp.version>
 
         <!-- Error Prone version > 2.31.0 can't run on JDK 11. see https://errorprone.info/docs/installation -->
-        <error-prone.version>2.36.0</error-prone.version>
+        <error-prone.version>2.31.0</error-prone.version>
 
         <jacoco.version>0.8.12</jacoco.version>
         <surefire.version>3.5.2</surefire.version>

From bcaebe55cd32ab74d106f4f4787c92a68660c7de Mon Sep 17 00:00:00 2001
From: Leo Gertsenshteyn <146586+leoger@users.noreply.github.com>
Date: Tue, 21 Jan 2025 12:09:17 -0800
Subject: [PATCH 2/2] further dependabot config refinements

---
 .github/dependabot.yml | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index b6854450e..e7a53e801 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,15 +3,33 @@ updates:
   - package-ecosystem: maven
     directory: "/"
     schedule:
-      interval: daily
+      interval: weekly
     target-branch: main
     ignore:
       # Ignore minor version updates for dependencies with group ID "com.google.errorprone"
       - dependency-name: "com.google.errorprone:*"
         update-types: [ "version-update:semver-minor" ]
+    groups:
+      security:
+        # Group security updates into a single pull request
+        applies-to: security-updates
+        patterns:
+          - "*"
+      production-dependencies:
+        # Group version updates for "production" dependencies into a single pull request
+        applies-to: version-updates
+        dependency-type: production
+        patterns:
+          - "*"
+      development-dependencies:
+        # Group version updates for "development" dependencies into a single pull request
+        applies-to: version-updates
+        dependency-type: development
+        patterns:
+          - "*"
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     target-branch: main
\ No newline at end of file