From 8738ec4f61755844fd3bf1a1c3056f095d5b96cf Mon Sep 17 00:00:00 2001
From: Seth Vargo <seth@sethvargo.com>
Date: Tue, 11 Jul 2023 11:09:54 -0400
Subject: [PATCH] dependabot: only do security updates (#320)

---
 .github/dependabot.yml | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 5eb221c3..3a92eae4 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,20 +1,10 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    commit-message:
-      prefix: "chore(deps): "
-    rebase-strategy: "disabled"
+  - package-ecosystem: 'npm'
+    directory: '/'
+    rebase-strategy: 'disabled'
     schedule:
-      interval: "daily"
-    ignore:
-      - dependency-name: "*"
-        update-types: [
-            "version-update:semver-patch",
-            "version-update:semver-minor",
-          ] # Security updates are unaffected by this setting
+      interval: 'daily'
+    commit-message:
+      prefix: 'security: '
+    open-pull-requests-limit: 0 # only check security updates