[no-Jira] Disable Dependabot PRs for non-security updates

[canac]

Description

• Prevent Dependabot from creating PRs for package updates that aren't vulnerable. This config would have prevented PRs like Bump @graphql-codegen/typescript from 4.0.6 to 4.1.2 #1235, Bump node-fetch from 3.3.1 to 3.3.2 #1236, Bump @babel/core from 7.20.5 to 7.26.0 #1237, Bump clsx from 1.2.1 to 2.1.1 #1238 from being created.
• Update the GitHub workflow to replace all instances of invalid URL characters with dashes in the Amplify Preview URL comment instead of just the first.

@dr-bizz Let me know if you like those PRs, but I was thinking that we ignore them so they don't add noise and we can focus on Dependabot updates that resolve security vulnerabilities.

Checklist:

• I have given my PR a title with the format "MPDX-(JIRA#) (summary sentence max 80 chars)"
• I have applied the appropriate labels. (Add the label "On Staging" to get the branch automatically merged into staging.)
• I have requested a review from another person on the project

[github-actions]

Bundle sizes [mpdx-react]

Compared against 70ada23

No significant changes found

[dr-bizz]

Yes, I'm all for making less noise if we can.

[dr-bizz]

As I'm out today, I don't want to block you, but I was unsure what the below does and how it is different from CruGlobal/amplify-preview-actions@handle-existing-branches

CruGlobal/amplify-preview-actions@sed-replace-all

[dr-bizz]

What does this do?

[canac]

Here's the diff. Before it was only replacing the first character that isn't valid in a URL with a dash. Now it replaced all of them. This was code that generates the preview URL comment on the PR. So now the comment will have the right link in Dependabot PRs because those branches contain special characters like / and .

CruGlobal/amplify-preview-actions@handle-existing-branches...CruGlobal:amplify-preview-actions:sed-replace-all