From 823f7509c194c9f01f0c393a76385e82d31d191b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=B5=B5=E6=97=A5=E5=A4=A9?= <truenine304520@gmail.com>
Date: Mon, 6 Apr 2026 23:28:28 +0800
Subject: [PATCH] Fix Dependabot npm workspace entry for pnpm catalogs

---
 .github/dependabot.yml | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 55be7159..8ab96d9d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -39,17 +39,11 @@ updates:
           - '*'
 
   # This repo uses a shared pnpm workspace lockfile plus `catalog:` versions.
-  # Keep npm updates in a single workspace-level Dependabot entry so manifests
-  # resolve against the same root context instead of as isolated packages.
+  # Dependabot succeeds when it enters through the workspace root and fails
+  # when the same workspace is fanned out into child directories, because the
+  # subdirectory runs cannot reliably rewrite shared catalog-backed versions.
   - package-ecosystem: npm
-    directories:
-      - /
-      - /cli
-      - /sdk
-      - /mcp
-      - /gui
-      - /doc
-      - /libraries/*
+    directory: /
     target-branch: dev
     schedule:
       interval: weekly