It says it in the title.
As it seems that there are no signs dependabot spam will go away, I ended up disabling it and avoiding adopting it for any new projects. Disable dependabot due to spammy nature by ssbarnea · Pull Request #1396 · ansible-community/ansible-lint · GitHub
Dependabot is great idea, but it fails to cover some critical aspects like being able to create single update commit with all updated dependencies. Lack of this feature makes is impractical for any projects that have either many dependencies or some that change often. Usually on python world, this means >10 deps in total, it already became a burden.