From de604ecdbea2f625f867fc1f965eb7889e08af7a Mon Sep 17 00:00:00 2001
From: Xianpeng Shen <xianpeng.shen@gmail.com>
Date: Mon, 22 Sep 2025 13:58:03 +0300
Subject: [PATCH] fix: update dependabot.yml to add applies-to

I am not sure how exclude-patterns works with group. But it seems `applies-to: "security-updates"` seems to work from this example

https://github.com/hashicorp/golang-lru/blob/1ecdc13547b564bf736db9161ed89f1864010108/.github/dependabot.yml#L19-L36
---
 .github/dependabot.yml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e2ebb49..4ea1aac 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -27,9 +27,7 @@ updates:
           - "mypy"
           - "pre-commit"
           - "ruff"
-        update-types:
-          - "major"
-          - "minor"
+        applies-to: "security-updates"
       docs:
         patterns:
           - "mkdocs-gen-files"
@@ -38,6 +36,4 @@ updates:
           - "mkdocs-material"
           - "mkdocs"
           - "pyyaml"
-        update-types:
-          - "major"
-          - "minor"
+        applies-to: "security-updates"