Is it possible to configure Dependabot to only create PRs for updates that satisfy the current manifest? For example if my version constraint in npm or composer is ^2.4.1
that PRs would be raised for any minor or patch version, but nothing 3.0.0
or greater?
Ultimately I’d like Dependabot to match what a npm update
or composer update
command would update instead of raising PRs to newer major versions-- more than just security updates, but less than major releases of dependencies.