Dependabot rejected the previous configuration due to duplicate
package-ecosystem/directory combinations. Merged separate patch/minor/major
update configs into single configs per directory with grouped update types.
Replaced monolithic dependency grouping with 13 separate update groups
across Cargo (game/server), npm (frontend), and GitHub Actions ecosystems.
Key improvements:
- Separate patch/minor/major updates to prevent breaking changes from
blocking safe updates
- Group by crate (game vs server) for easier review
- Enable auto-merge for patch updates via labels
- Weekly checks with 5 PR limit to avoid spam
- Ignore bevy_ecs 0.17+ and jsonwebtoken 10+ until manual migration
Closed PR #10 (22 jumbled updates causing build failures).
