Update dependabot.yml to allow only security vulnerabilities

[rita-gorokhod]

Fixes OPS-3425

[Copilot]

Pull request overview

This PR reconfigures Dependabot to disable automatic pull requests for dependency updates, allowing only security vulnerability alerts. The configuration is also simplified by removing grouping, cooldown periods, and commit message customization.

Changes:

• Set open-pull-requests-limit: 0 for both npm and GitHub Actions ecosystems to prevent automatic update PRs
• Removed dependency grouping configurations (react, aws, fastify, production/development dependencies, and actions)
• Removed cooldown period settings and commit message prefix customization
• Simplified YAML syntax by removing unnecessary quotes

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[linear]

OPS-3425 Update dependabot.yml to allow only security vulnerabilities

[maor-rozenfeld]

If you don't want non-security updates by Dependabot, you can simply delete this file. However we will then be stuck with ancient package versions and it will be a nightmare to upgrade when the time comes.