fix: add security label to dependabot updates

[don-petry]

Summary

• Adds security label to both npm and github-actions Dependabot update configurations

Detail

The Dependabot config was missing the required security label on updates, as required by the dependabot-policy standard.

Closes #106

Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated Dependabot configuration to improve pull request organization and workflow management.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a2802d7e-2e93-44c4-9031-ea7d8bf147bb

📥 Commits

Reviewing files that changed from the base of the PR and between 760b8cd and ea53fa1.

📒 Files selected for processing (1)

• .github/dependabot.yml

---

📝 Walkthrough

Walkthrough

Added labels: ['security'] configuration to Dependabot update entries for npm and github-actions ecosystems in .github/dependabot.yml. This metadata-only change ensures generated Dependabot pull requests are tagged with the security label without altering scheduling or rate limits.

Changes

Cohort / File(s)	Summary
Dependabot Configuration .github/dependabot.yml	Added labels: ['security'] field to npm and github-actions ecosystem configurations to apply security labels to generated pull requests.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related issues

• Compliance: missing-security-label #106 (Compliance: missing-security-label) — This PR directly addresses the compliance finding by adding the required security label to Dependabot configurations as specified in the dependabot-policy standard.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding security labels to Dependabot update configurations.
Linked Issues check	✅ Passed	The pull request successfully adds the security label to both npm and github-actions Dependabot configurations, directly addressing issue #106's requirement to comply with the dependabot-policy standard.
Out of Scope Changes check	✅ Passed	All changes are directly related to the linked issue #106; only the Dependabot configuration was modified to add security labels as required.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/issue-106-20260406-1856

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds the required security label to Dependabot updates to comply with the repository’s dependabot-policy standard (closes #106).

Changes:

• Add labels: ['security'] to the npm Dependabot update config
• Add labels: ['security'] to the github-actions Dependabot update config

[don-petry]

All CI checks are green. @don-petry — no CODEOWNERS file found in this repo, so tagging you directly to review and merge.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud