chore: add dependabot groups for npm patch updates

[gkorland]

No description provided.

[railway-app]

🚅 Deployed to the QueryWeaver-pr-428 environment in queryweaver

Service	Status	Web	Updated (UTC)
QueryWeaver	🕛 Waiting for status checks (View Logs)	Web	Feb 23, 2026 at 11:15 am

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch main

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[overcut-ai]

Completed Working on "Code Review"

✅ Workflow completed successfully.

---

👉 View complete log

[overcut-ai]

Findings: 1 MINOR (Dependabot group name advertises minor+patch but only enables patch updates).

Theme: Dependabot configuration naming doesn’t match the actual update types, which can confuse maintainers about the scope of automated bumps.

Next steps: Either rename the group to indicate it is patch-only or add the minor update type so the behavior matches the stated intent.

[overcut-ai]

[minor]: Group name says minor+patch but update-types only include patch. Rename group to npm-patch-only or add minor to update-types to match intent.