Lower the amount of PRs created by Dependabot

[gdubicki]

We only want security updates PRs + updates for some key packages

But this change means that occasionally we should check our other dependencies for updates manually!

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (bc65408) 84.41% compared to head (ccf79ad) 79.72%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #691      +/-   ##
==========================================
- Coverage   84.41%   79.72%   -4.70%     
==========================================
  Files          69       69              
  Lines        2747     2747              
==========================================
- Hits         2319     2190     -129     
- Misses        428      557     +129     

see 14 files with indirect coverage changes

[amimas]

We only want security updates PRs + updates for some key packages

I actually feel we should stay up to date on all of our dependencies. If needed, we could reduce the frequency for how often dependabot openns PR but I think it's fine as is? What would be great or help out is to implement #620 .

As you said, this will require manually checking and updating our other dependencies. Given the lack of resource or dedicated maintainer for this project, I'm afraid we'll just end up with outdated dependencies. Eventually we might even face a situation where significant effort might be needed for updating one of the dependencies which might have issues or vulnerabilities.