From e809409fa3f9b65a80046c72891271eb5bce7b60 Mon Sep 17 00:00:00 2001
From: BenSheridanEdwards <BenSheridanEdwards@users.noreply.github.com>
Date: Thu, 28 May 2026 14:02:08 -0500
Subject: [PATCH] ci(deps): add grouped Dependabot config

Weekly npm (pnpm workspace), cargo (Tauri shell), and github-actions
updates, grouped by family (TanStack, Tauri, React, test stack, build
tooling, semantic-release, commitlint) to keep related bumps in one PR.

Co-authored-by: Ben Sheridan-Edwards <BenSheridanEdwards@users.noreply.github.com>
---
 .github/dependabot.yml | 105 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..cb55d89
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,105 @@
+# Dependabot configuration
+# Docs: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # ─── JavaScript / pnpm workspace ──────────────────────────────────────────
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/London"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "javascript"
+    groups:
+      # Keep TanStack libs in lockstep — they release as a family
+      tanstack:
+        patterns:
+          - "@tanstack/*"
+      # Tauri JS bindings
+      tauri:
+        patterns:
+          - "@tauri-apps/*"
+      # Test stack
+      testing:
+        patterns:
+          - "vitest"
+          - "@vitest/*"
+          - "@testing-library/*"
+          - "jsdom"
+          - "@playwright/*"
+      # Build/lint tooling
+      tooling:
+        patterns:
+          - "@biomejs/*"
+          - "turbo"
+          - "vite"
+          - "@vitejs/*"
+          - "typescript"
+      # React core
+      react:
+        patterns:
+          - "react"
+          - "react-dom"
+          - "@types/react"
+          - "@types/react-dom"
+      # Semantic-release ecosystem
+      semantic-release:
+        patterns:
+          - "semantic-release"
+          - "@semantic-release/*"
+      # Commitlint + husky
+      commit-tooling:
+        patterns:
+          - "@commitlint/*"
+          - "husky"
+
+  # ─── Rust / Cargo (Tauri desktop shell) ───────────────────────────────────
+  - package-ecosystem: "cargo"
+    directory: "/packages/desktop/src-tauri"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/London"
+    open-pull-requests-limit: 3
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "rust"
+    groups:
+      tauri-core:
+        patterns:
+          - "tauri"
+          - "tauri-*"
+      tokio:
+        patterns:
+          - "tokio"
+          - "tokio-*"
+          - "futures"
+          - "futures-*"
+
+  # ─── GitHub Actions workflow pins ─────────────────────────────────────────
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/London"
+    open-pull-requests-limit: 3
+    commit-message:
+      prefix: "chore(ci)"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "github-actions"