chore: disable non-security dependabot version bumps (#1315)

JonathanOppenheimer · web-flow · commit 4e612d45a40d · 2025-09-26T16:33:43.000Z
This setting is counter-intuitive to read, but is the correct way to go about this.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -11,6 +11,4 @@ updates:
       interval: "daily"
       time: "05:00"
       timezone: "America/Los_Angeles"
-    open-pull-requests-limit: 10
-    allow:
-      - dependency-type: "all"
+    open-pull-requests-limit: 0 # Disable non-security version updates
