chore: configure dependabot to only open PRs for security issues (#1034)

Author: zone117x

.github/dependabot.yml

@@ -7,10 +7,15 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+    # Disable version updates for npm dependencies
+    # https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#open-pull-requests-limit
+    open-pull-requests-limit: 0
 
   # Maintain dependencies for npm
   - package-ecosystem: "npm"
     target-branch: "develop"
     directory: "/"
     schedule:
       interval: "daily"
+    # Disable version updates for npm dependencies
+    open-pull-requests-limit: 0