[Infra] Add Dependabot config for npm, cargo, and GitHub Actions

[ogazboiz]

Join the discussion on Telegram

Why this matters

The repo has no Dependabot configuration (.github/dependabot.yml does not exist), so dependency updates and security patches are entirely manual across three ecosystems: npm (root workspace, frontend, backend), Cargo (contracts), and GitHub Actions. The dedicated security.yml workflow already runs npm audit at the critical level, but auditing without an automated update path means vulnerabilities sit until someone notices. Dependabot keeps the three ecosystems patched with reviewable PRs and complements the existing audit gate.

Acceptance criteria

• Add .github/dependabot.yml with package-ecosystem entries for: npm (root, /frontend, /backend), cargo (/contracts), and github-actions (/).
• Set a sensible weekly schedule and a reasonable open-pull-requests-limit.
• Group minor/patch updates where appropriate to reduce PR noise.
• Confirm the file is valid (Dependabot will surface parse errors in the repo's Insights → Dependency graph).

Files to touch

• .github/dependabot.yml (new)

Out of scope

• Auto-merge automation for Dependabot PRs.

[Signor1]

Can I fix this ?

[emdevelopa]

@emdevelopa has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hiii maintainer i'd like to jump on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @emdevelopa to this issue.

[drips-wave]

Congratulations, @emdevelopa! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @emdevelopa: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[drips-wave]

This issue has been completed by @emdevelopa as part of the Stellar Wave Program's 5th Wave 🥳

😎 @emdevelopa: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here. You can also Leave a review to share your experience working on this issue.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.