From e770f46f6bac3ec649ac23c1fcf27764c5b8f7e7 Mon Sep 17 00:00:00 2001
From: Dennis Ploeger <dennis.ploeger@kps.com>
Date: Fri, 29 Dec 2023 09:24:38 +0100
Subject: [PATCH] chore: Modified dependabot to only use security updates

---
 .github/dependabot.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a0daa43..1c9af97 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,4 +1,6 @@
 # Set update schedule for GitHub Actions
+# open-pull-requests-limit is set to 0 because we only want security updates and those override this limit
+# see https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file
 version: 2
 updates:
     - package-ecosystem: "gomod"
@@ -7,13 +9,16 @@ updates:
           interval: "daily"
       allow:
           - dependency-type: "direct"
+      open-pull-requests-limit: 0
     - package-ecosystem: "npm"
       directory: "/ccc-client"
       schedule:
           interval: "daily"
       allow:
           - dependency-type: "direct"
+      open-pull-requests-limit: 0
     - package-ecosystem: "github-actions"
       directory: "/"
       schedule:
           interval: "weekly"
+      open-pull-requests-limit: 0
\ No newline at end of file