Is it possible to configure Dependabot to only create PRs for updates that satisfy the current manifest? For example if my version constraint in npm or composer is
^2.4.1 that PRs would be raised for any minor or patch version, but nothing
3.0.0 or greater?
Ultimately I’d like Dependabot to match what a
npm update or
composer update command would update instead of raising PRs to newer major versions-- more than just security updates, but less than major releases of dependencies.