From 387c5b43d1c3d30f48dca75f20afc156bea33755 Mon Sep 17 00:00:00 2001
From: Jon C <me@jonc.dev>
Date: Tue, 25 Feb 2025 14:56:32 -0500
Subject: [PATCH] CI: Only get security updates

#### Problem

Dependabot updates all versions of packages, which is less flexible for
end users. This made sense for agave, which is focused on providing a
binary, but libraries are more useful when dependencies are relaxed.

#### Summary of changes

Change the open pull request number to 0 to only enable security
updates, as documented at
[Dependabot's documentation](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file)

Fixes #55
---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 58a213c5..50d2f11d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,4 +11,4 @@ updates:
     interval: daily
     time: "08:00"
     timezone: UTC
-  open-pull-requests-limit: 6
+  open-pull-requests-limit: 0