Add Dependabot configuration for Maven updates

[t-burch]

Configure Dependabot for Maven dependencies with daily updates for master and 6.X branches.

Summary by CodeRabbit

• Chores
  • Added automated dependency-management configuration to run daily Maven update checks at the repository root.
  • Configured updates for the master and 6.X branches, with no open-pull-requests allowed (open PRs limit set to 0).

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1be64f87-c471-46c7-91ca-2bacc7739e89

📥 Commits

Reviewing files that changed from the base of the PR and between c3fe8a3 and 65fdf85.

📒 Files selected for processing (1)

• .github/dependabot.yml

✅ Files skipped from review due to trivial changes (1)

• .github/dependabot.yml

---

📝 Walkthrough

Walkthrough

Adds a Dependabot configuration file to run daily Maven dependency update checks against the repository root for the master and 6.X branches, with open-pull-requests-limit set to 0 for both.

Changes

Cohort / File(s)	Summary
Dependabot Configuration \.github/dependabot.yml	Adds a new Dependabot config enabling daily Maven updates for the repository root, with separate update blocks for master and 6.X, each setting open-pull-requests-limit: 0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A tiny file I hopped to make,

It scouts for updates by the lake,
Two branches watched at break of day,
No open PRs will clog the way,
I twitch my nose — automation's play ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding Dependabot configuration for Maven updates, which is exactly what the changeset introduces.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot-on-6-X

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/dependabot.yml:
- Around line 13-15: Move the open-pull-requests-limit key out of the schedule
block so it is a top-level (sibling) property in .github/dependabot.yml and
change its value from 0 (which disables PRs) to a non-zero limit (e.g., 5) or
remove it to use the default; ensure the YAML keeps schedule: interval: "daily"
unchanged and that open-pull-requests-limit appears alongside schedule (not
nested) to restore Dependabot PR creation.
- Around line 6-8: The YAML has mis-indented and disabling keys: move
open-pull-requests-limit out of the schedule mapping so it sits at the same
top-level as package-ecosystem, directory, schedule, and target-branch, and set
its value to a non-zero default (e.g., 5) instead of 0 to re-enable updates;
apply the same fix to the second Maven configuration block (the other
package-ecosystem: "maven" entry). Ensure keys are aligned at the same
indentation level so schedule only contains interval and the
open-pull-requests-limit is a sibling key.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4f945039-6f3f-4bed-8365-4590c6fa22f2

📥 Commits

Reviewing files that changed from the base of the PR and between 541fa7e and c3fe8a3.

📒 Files selected for processing (1)

• .github/dependabot.yml

[membrane-ci-server]

This pull request needs "/ok-to-test" from an authorized committer.