The "Allow" rule meant that Dependabot could only open PRs for prod dependencies, even if it was trying to patch a security vulnerability in a dev dependency.
Removing this rule means it can open PRs to fix vulnerabilities in dev dependencies, but the open pull request limit rule will still prevent it opening PRs for non-security updates.
The "Allow" rule meant that Dependabot could only open PRs for prod dependencies, even if it was trying to patch a security vulnerability in a dev dependency.
Removing this rule means it can open PRs to fix vulnerabilities in dev dependencies, but the open pull request limit rule will still prevent it opening PRs for non-security updates.