chore: update dependabot.yml

[DeepakNemad]

• Added dependabot.yml for scan pnpm
• Github Action will run this yml file every monday and raised the PR if affected packages found

Summary by CodeRabbit

• Chores
  • Enabled automated weekly dependency update checks for npm, GitHub Actions, Docker, and Docker Compose packages. Updates are intelligently grouped by severity and automatically labeled for streamlined dependency management and easier review workflows.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds a complete Dependabot configuration file to automate dependency updates across four ecosystems: npm, GitHub Actions, Docker, and Docker Compose. Updates are scheduled weekly on Monday at 09:00 (Asia/Kolkata) and target the main branch, with patch and minor updates grouped into single PRs and ecosystem-specific labels applied.

Changes

Dependabot Setup

Layer / File(s)	Summary
Dependabot Configuration and Ecosystems .github/dependabot.yml	Root configuration establishes weekly Monday schedule (09:00 Asia/Kolkata) and main branch targeting. Four ecosystem blocks added: npm with chore prefix, GitHub Actions with ci prefix, Docker with build prefix, and Docker Compose with build prefix. All ecosystems group patch/minor updates and apply dependencies label plus ecosystem-specific labels.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

A rabbit hops in, with updates to see,
Dependencies bundled, as smooth as can be,
npm and Actions, Docker so fine,
Weekly they'll sync—a schedule divine! 🐰📦

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: update dependabot.yml' accurately describes the main change—adding and configuring a dependabot.yml file. It's concise, clear, and directly related to the primary objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch Feat/dependabot-yaml

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/dependabot.yml (1)

145-147: ⚡ Quick win

Consider using ecosystem-specific label for Docker Compose.

Both the Docker (line 111) and Docker Compose (line 147) configurations use the same "docker" label. Consider using "docker-compose" for this ecosystem to make it easier to filter and identify PRs by their specific ecosystem.

♻️ Proposed improvement

     labels:
       - "dependencies"
-      - "docker"
+      - "docker-compose"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/dependabot.yml around lines 145 - 147, Update the labels for the
Docker Compose dependabot configuration: locate the labels array for the Docker
Compose ecosystem (the block that currently lists "docker") and replace or
augment the "docker" label with a distinct "docker-compose" label so PRs from
that ecosystem can be filtered separately; ensure the change is applied to the
labels key in the same YAML block that defines the Docker Compose config.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/dependabot.yml:
- Around line 121-122: The Dependabot config uses the invalid key "directories"
(plural); replace it with the required singular key "directory" and keep the
existing value (e.g., "/") so the Docker Compose ecosystem entry reads with
"directory" instead of "directories"; update the key where "directories" appears
to "directory" to conform to Dependabot v2 schema.
- Around line 85-86: Replace the plural "directories" key with the singular
"directory" for the single-entry dependabot configuration: change the mapping
that currently uses "directories: - \"/\"" to use "directory: \"/\"" so
Dependabot v2 idiomatically specifies the single monitored path; update the same
block in the .github/dependabot.yml where the "directories" key appears.

---

Nitpick comments:
In @.github/dependabot.yml:
- Around line 145-147: Update the labels for the Docker Compose dependabot
configuration: locate the labels array for the Docker Compose ecosystem (the
block that currently lists "docker") and replace or augment the "docker" label
with a distinct "docker-compose" label so PRs from that ecosystem can be
filtered separately; ensure the change is applied to the labels key in the same
YAML block that defines the Docker Compose config.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a78514e8-08aa-4370-a9ff-06ac3442855d

📥 Commits

Reviewing files that changed from the base of the PR and between aa7a154 and d00051e.

📒 Files selected for processing (1)

• .github/dependabot.yml