Add Dependabot version updates (weekly, grouped)

[finallyjay]

Adds .github/dependabot.yml for version updates, configured to minimize noise:

• npm ecosystem — weekly, all bumps grouped into one PR (open-pull-requests-limit: 5)
• github-actions ecosystem — weekly, grouped (future-proof; no workflows yet)
• Labels (dependencies) and tidy commit prefixes (deps, deps-dev, ci)

Note: Dependabot alerts and automated security fixes are enabled separately in repo settings — this file only controls routine version bumps.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Enabled automated dependency updates to keep project dependencies current with scheduled weekly checks.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
daily-dev-roulette	Ready	Preview, Comment	Jun 3, 2026 7:26pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 94e608d6-072e-417c-9036-16ac0f1978b7

📥 Commits

Reviewing files that changed from the base of the PR and between 846202c and d1d7118.

📒 Files selected for processing (1)

• .github/dependabot.yml

---

📝 Walkthrough

Walkthrough

This PR adds a .github/dependabot.yml configuration file to enable automated weekly dependency updates for npm packages and GitHub Actions ecosystems, with update grouping, ecosystem-specific labels, and commit message prefixes.

Changes

Dependency Automation Setup

Layer / File(s)	Summary
Dependabot configuration for npm and GitHub Actions .github/dependabot.yml	Configures Dependabot to check npm and GitHub Actions dependencies weekly, groups updates into single PRs with labels (dependencies, github-actions), and uses commit message prefixes (deps, deps-dev for npm; ci for actions).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🐰 A rabbit hops with glee so bright,
Dependencies now stay current each night!
Dependabot watches with careful sight,
Weekly updates keep the code just right! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title clearly and concisely summarizes the main change: adding Dependabot configuration for automated weekly version updates with grouped pull requests.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add-dependabot

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds a Dependabot configuration to automate routine dependency version bumps while keeping update noise low via weekly scheduling and grouping.

Changes:

• Introduces .github/dependabot.yml for weekly npm dependency updates, grouped into a single PR.
• Adds weekly GitHub Actions update configuration (grouped) to support future workflow additions.
• Applies consistent labels and commit-message prefixes for Dependabot PRs.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.