Dependencies matched by group patterns are marked as "handled" regardless of update-types, suppressing major version PRs

[RasmanTuta]

Summary

When using dependency groups with update-types limited to minor and patch, major version updates are silently suppressed. According to the documentation, dependencies with major version updates should be opened as separate, individual PRs when the group only includes minor/patch. Instead, they are never checked at all.

Configuration

updates:
- package-ecosystem: maven
  directory: "/"
  schedule:
    interval: daily
  open-pull-requests-limit: 15
  groups:
    fiks-deps:
      patterns:
      - "no.ks.fiks*"
      update-types:
      - "minor"
      - "patch"
    other-deps:
      patterns:
      - "*"
      exclude-patterns:
      - "no.ks.fiks*"
      update-types:
      - "minor"
      - "patch"

Expected behavior

Dependencies matching a group's patterns but having a major version update available should be opened as individual PRs, since major is not included in update-types.

Actual behavior

All dependencies matching a group's patterns are marked as "handled" during group processing, regardless of update-types. No individual update check is performed afterward for major versions.

Evidence from job logs

The grouped update job processes groups sequentially. When processing the fiks-deps group:

INFO Starting grouped update job for ks-no/fiks-porten
INFO Found 2 group(s).
INFO Detected existing pull request # for the dependency group 'fiks-deps'.
INFO Deferring creation of a new pull request. The existing pull request will update in a separate job.
INFO Marking group 'fiks-deps' as handled.
INFO Adding dependencies as handled: (no.ks.fiks:fiks-parent, no.ks.fiks:commons, ...)

no.ks.fiks:fiks-parent (which has a major version update available) is marked as handled based solely on pattern matching. It never appears in the subsequent "Checking if X needs updating" phase, which only runs for the other-deps group.

After both groups are processed, the job ends immediately with "Finished job processing" — there is no phase for creating individual PRs for dependencies that matched a group's pattern but not its update-types.

Impact

Any repository using groups with update-types limited to minor/patch will silently miss all major version updates. This is particularly problematic because:

1. The configuration appears to work correctly (minor/patch PRs are created as expected)
2. There is no warning or indication that major updates are being skipped
3. The documentation explicitly states that non-matching update types should result in individual PRs

[yeikel]

Hi, I might be mistaken, but I believe that you misinterpreted the documentation. Would you mind sharing where did you read that:

dependencies with major version updates should be opened as separate

Because maybe the docs is outdated/needs to be reviewed.

From what I understand, this is a known limitation with grouped updates, where one usually has to choose between the two approaches rather than combining them

Related issue where I am asking for what you are reporting: #13665

[RasmanTuta]

Actually, it is not in the documentation, but in the issue for the grouped PRs feature: Group updates on Semantic Versioning level Beta #7795