update dependabot config (#3155)

* Configure dependabot to only provide security updates for the active components.

.github/dependabot.yml

@@ -1,33 +1,33 @@
 version: 2
 updates:
+# Ignore version updates and only open a PR for security updates!
   - package-ecosystem: "github-actions"
     directory: "/.github/workflows"
     schedule:
-      interval: "weekly"
+      interval: "monthly"
+    open-pull-requests-limit: 0
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 3
-    allow:
-      - dependency-type: "direct"
+      interval: "monthly"
+    open-pull-requests-limit: 0
   - package-ecosystem: "pip"
     directory: "/test_requirements.txt"
     schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 3
-    allow:
-      - dependency-type: "direct"
+      interval: "monthly"
+    open-pull-requests-limit: 0
   - package-ecosystem: "npm"
     directory: "/timesketch/frontend-ng"
     schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 3
-    allow:
-      - dependency-type: "direct"
+      interval: "monthly"
+    open-pull-requests-limit: 0
 # ignore dependencies of the legacy front-end since it is deprecated
   - package-ecosystem: "npm"
     directory: "/timesketch/frontend"
     schedule:
       interval: "monthly"
     open-pull-requests-limit: 0
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor", "version-update:semver-patch"]
+