chore(ts): add npm ecosystem to dependabot config (#7)

dougborg · web-flow · commit 7d0e9de8543d · 2026-04-20T15:56:41.000-06:00
The TypeScript client + its dev toolchain live in pnpm-lock.yaml but
Dependabot wasn't scanning them. Add an npm entry that groups minor/
patch updates and tags PRs with `ts-client` so they're easy to spot
alongside the existing uv/actions/docker scans.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -73,3 +73,26 @@ updates:
     commit-message:
       prefix: "chore(docker)"
       include: "scope"
+
+  # npm dependencies for the TypeScript client package.
+  # Dependabot reads the workspace root's pnpm-lock.yaml automatically.
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "npm"
+      - "ts-client"
+    groups:
+      npm-minor-patch:
+        update-types:
+          - "minor"
+          - "patch"
+    commit-message:
+      prefix: "chore(ts)"
+      include: "scope"
