Dependabot ignoring update-types and exclude-patterns for group

[sceiler]

I have configured Dependabot to group PRs. This is my dependabot.yml:

version: 2
updates:
    - package-ecosystem: "github-actions"
      directory: "/"
      schedule:
          interval: "weekly"
    - package-ecosystem: "npm"
      directory: "/"
      schedule:
          interval: "daily"
          time: "06:00"
      groups:
          all-dependencies:
              update-types: ["patch", "minor"]
              exclude-patterns:
                - "tailwindcss"

However, I still get PRs that want to update tailwindcss from 3.4.17 to 4.x.x which should not happen as this is a major version and only minor and patch versions should be updated. In addition, I tried to exclude it using exclude-patterns but this is ignored as well.

What is the right way to tell Dependabot not to do major version updates?