[Feature Request] Increase simultaneous dependabot version bumps

[dbwiddis]

Is your feature request related to a problem? Please describe

Dependabot is currently configured to have only one open version bump PR per module, with weekly updates. For example, here is the configuration for repository-azure

OpenSearch/.github/dependabot.yml

Lines 950 to 954 in 9bef705

	- directory: /plugins/repository-azure/
	open-pull-requests-limit: 1
	package-ecosystem: gradle
	schedule:
	interval: weekly

While this appears intended to reduce PR spam from version bumps, it has an unfortunate side effect. When a version bump is stalled for some reason, no other version bumps go through. See for example:

• Bump com.azure:azure-storage-blob from 12.28.1 to 12.29.0 in /plugins/repository-azure #17059 (Jan 20), superceded by
• Bump com.azure:azure-storage-blob from 12.28.1 to 12.29.1 in /plugins/repository-azure #17562 (today)

This is significant because the version of a completely different dependency was never bumped, despite being needed to resolve CVE-2024-57699, published Feb 5 (33 days ago).

Describe the solution you'd like

Increase the limit of open PRs to 2, to prevent a single stalled version bump from blocking all others for a module.

Related component

Libraries

Describe alternatives you've considered

• Change dependency management to Mend Remediate. While the same PR throttling limits (and more flexibility) is included, it provides a "Dependency Dashboard" where one can also view pending PRs which have been throttled, and click a box to request a PR; a good workflow to establish in the run-up to a release when fixing CVEs should be a priority.
• Investigate any other way to prioritize CVE-fixing version bumps

Additional context

No response

[andrross]

Catch All Triage - 1

Seems reasonable to me to increase this. @dbwiddis want to open a PR to change this?