chore: configure Dependabot schedule and grouping

[ToRyVand]

Summary

Closes #756

Adds .github/dependabot.yml to reduce dependency-update noise and keep CI actions current.

• npm: weekly (Mon 06:00 UTC), minor/patch grouped into a single PR, majors stay individual, limit raised to 10
• github-actions: weekly (Mon 06:00 UTC), default settings (low volume — only a handful of actions across 4 workflows)
• Conventional chore commit prefix and consistent dependencies labels per ecosystem

Why not grouping for github-actions?

This repo uses ~5-8 distinct actions total across all workflows, so individual PRs there are already low-volume and easier to review one-by-one. Keeping the change scoped to what the issue asked for.

Test plan

• YAML syntax validated locally (yaml.safe_load)
• No duplicate Dependabot config in the repo
• Workflows exist under .github/workflows/ so the github-actions ecosystem entry is meaningful
• After merge: confirm GitHub's Dependabot tab shows no schema errors
• After merge: confirm next Monday run produces the expected grouped npm PR

Summary by CodeRabbit

• Chores
  • Added automated dependency management configuration to streamline weekly updates for npm packages and GitHub Actions, ensuring dependencies remain current and secure.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 3f7e1ce9-9d47-4246-ac51-bb5b8a2a9fee

📥 Commits

Reviewing files that changed from the base of the PR and between e838c79 and 4bc6378.

📒 Files selected for processing (1)

• .github/dependabot.yml

---

Walkthrough

Adds a new Dependabot configuration file that automatically manages npm and GitHub Actions dependency updates. The configuration schedules weekly updates on Mondays at 06:00 UTC, limits concurrent pull requests to 10 per week, uses standardized commit message prefixes, and groups npm minor and patch updates together.

Changes

Dependency automation

Layer / File(s)	Summary
Dependabot configuration setup .github/dependabot.yml	Dependabot version 2 configuration enables npm and github-actions ecosystems with weekly Monday schedules at 06:00 UTC, 10 pull request limit per week, chore-prefixed commit messages with scope, dependencies labeling, and npm minor/patch grouping.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A config file hops into place,
Dependabot joins the race!
Mondays at six, updates in sight,
Dependencies bundled just right. 📦✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title clearly summarizes the main change: configuring Dependabot with schedule and grouping settings.
Linked Issues check	✅ Passed	The pull request fully addresses all coding requirements from issue #756: npm minor/patch grouping, major updates as individual PRs, weekly schedule on Monday, and github-actions ecosystem configuration.
Out of Scope Changes check	✅ Passed	The pull request contains only the necessary .github/dependabot.yml configuration file with no extraneous or unrelated changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}