From a1017d8a9ece74d25e3fe28dfad131c6981700c7 Mon Sep 17 00:00:00 2001
From: Jon C <me@jonc.dev>
Date: Mon, 29 Sep 2025 18:23:23 +0200
Subject: [PATCH] dependabot: Only get security patches

#### Problem

Dependabot updates all versions of packages, which is less flexible for
end users. Libraries are more useful when dependencies are relaxed.

#### Summary of changes

Change the open pull request number to 0 to only enable security
updates, as documented at
[Dependabot's documentation](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file)
---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 1957ade0..ab75a98b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,7 +11,7 @@ updates:
     interval: daily
     time: "08:00"
     timezone: UTC
-  open-pull-requests-limit: 6
+  open-pull-requests-limit: 0
 - package-ecosystem: npm
   directory: "/"
   schedule: