From 63bbf4dab31b56f1f0475275c66e21ca1b3820ab Mon Sep 17 00:00:00 2001
From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com>
Date: Tue, 12 May 2026 23:10:20 +0200
Subject: [PATCH] ci(dependabot): restore cargo PR limit so security + version
 PRs flow

Aligns with hyperpolymath/rsr-template-repo#37: open-pull-requests-limit: 0
empirically suppressed Dependabot SECURITY PRs in addition to version
updates. Restoring limit: 10 with grouped minor/patch updates to keep
noise contained while letting security advisories flow.
---
 .github/dependabot.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 85dba19..5391781 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -18,7 +18,14 @@ updates:
     # `ignore: "*" patch` rule also silenced security PRs under GitHub\'s
     # current Dependabot behaviour. See rsr-template-repo commit 78b050e
     # and 007-lang/audits/audit-dependabot-automation-gap-2026-04-17.md.
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 10
+    groups:
+      cargo:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
   
   - package-ecosystem: "npm"
     directory: "/"
@@ -28,4 +35,4 @@ updates:
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "weekly"
\ No newline at end of file