Configure Dependabot to auto-merge patch-level dependency bumps after CI passes.
Context
Dependabot opens weekly PRs for all 4 ecosystems (npm, pip, GitHub Actions, Docker). Patch-level bumps (e.g., 0.48.0 → 0.48.1) are low-risk and could merge automatically.
Acceptance Criteria
Reference: docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
Configure Dependabot to auto-merge patch-level dependency bumps after CI passes.
Context
Dependabot opens weekly PRs for all 4 ecosystems (npm, pip, GitHub Actions, Docker). Patch-level bumps (e.g., 0.48.0 → 0.48.1) are low-risk and could merge automatically.
Acceptance Criteria
Reference: docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions