roziscoding · roziscoding · Jun 28, 2026 · Jun 28, 2026 · Jun 28, 2026
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -17,18 +17,18 @@ updates:
     schedule:
       interval: weekly
     open-pull-requests-limit: 10
-    # Batch routine bumps into a few PRs instead of one-per-dependency.
+    # Collapse every routine bump (prod + dev) into a SINGLE weekly PR for the
+    # whole workspace. A lone "*" group with no update-type filter catches them all.
     groups:
-      production-dependencies:
-        dependency-type: production
-        update-types:
-          - minor
-          - patch
-      development-dependencies:
-        dependency-type: development
+      all-dependencies:
+        patterns:
+          - '*'
+    # Never raise major-version bumps — handle those deliberately by hand.
+    # (Dependabot security updates still apply regardless of this rule.)
+    ignore:
+      - dependency-name: '*'
         update-types:
-          - minor
-          - patch
+          - version-update:semver-major
     commit-message:
       prefix: chore(deps)
       prefix-development: chore(dev-deps)

diff --git a/apps/ui/package.json b/apps/ui/package.json
@@ -16,7 +16,7 @@
     "@nuxt/ui": "^4.9.0",
     "nuxt": "^4.1.3",
     "vue": "^3.5.21",
-    "vue-router": "^4.5.1"
+    "vue-router": "^5.1.0"
   },
   "devDependencies": {
     "tailwindcss": "^4.1.13",