Add dependabot to automatically update dependencies

[olaservo]

Add Dependabot configuration to automatically monitor and update dependencies across the monorepo. Updates are grouped by ecosystem to minimize PR overhead.

Grouping strategy:

• All npm updates (root + src/everything + src/filesystem + src/memory + src/sequentialthinking) → 1 PR
• All pip updates (src/fetch + src/git + src/time) → 1 PR
• All GitHub Actions updates → 1 PR

Maximum PRs: 3 per week (only when updates are available)

Schedule: Weekly checks every Monday

Server Details

N/A - This is a repository infrastructure change, not a server modification.

Motivation and Context

This repository contains multiple npm and Python packages across different directories. Without Dependabot, dependencies become outdated and security vulnerabilities may go unnoticed.

How Has This Been Tested?

• Will be validated by GitHub when PR is merged (Dependabot will run on next scheduled interval)

Breaking Changes

None

Types of changes

• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Protocol Documentation
• My changes follows MCP security best practices
• I have updated the server's README accordingly (N/A)
• I have tested this with an LLM client (N/A)
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling (N/A)
• I have documented all environment variables and configuration options (N/A)

[Copilot]

Pull Request Overview

This PR adds Dependabot configuration to automate dependency updates across the monorepo's multiple npm and Python packages. Updates are grouped by ecosystem to reduce PR noise, with weekly checks scheduled for Mondays.

Key changes:

• Configures dependency monitoring for 5 npm packages (root and 4 src directories)
• Configures dependency monitoring for 3 Python packages (fetch, git, time)
• Groups updates by ecosystem to consolidate into ~3 PRs per week maximum

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

All npm package ecosystems use the same group name 'npm-dependencies', but Dependabot group names must be unique per update configuration. Each directory's npm updates will create separate PRs instead of being consolidated. To group all npm updates into a single PR as described in the PR description, you need to use unique group names or configure a repository-level grouping rule in the Dependabot configuration.

[Copilot]

All npm package ecosystems use the same group name 'npm-dependencies', but Dependabot group names must be unique per update configuration. Each directory's npm updates will create separate PRs instead of being consolidated. To group all npm updates into a single PR as described in the PR description, you need to use unique group names or configure a repository-level grouping rule in the Dependabot configuration.

Suggested change

	groups:
	npm-dependencies:
	patterns:
	- "*"
	# TypeScript/Node.js servers
	- package-ecosystem: "npm"
	directory: "/src/everything"
	schedule:
	interval: "weekly"
	groups:
	npm-dependencies:
	patterns:
	- "*"
	- package-ecosystem: "npm"
	directory: "/src/filesystem"
	schedule:
	interval: "weekly"
	groups:
	npm-dependencies:
	patterns:
	- "*"
	- package-ecosystem: "npm"
	directory: "/src/memory"
	schedule:
	interval: "weekly"
	groups:
	npm-dependencies:
	patterns:
	- "*"
	- package-ecosystem: "npm"
	directory: "/src/sequentialthinking"
	schedule:
	interval: "weekly"
	groups:
	npm-dependencies:
	patterns:
	- "*"
	# TypeScript/Node.js servers
	- package-ecosystem: "npm"
	directory: "/src/everything"
	schedule:
	interval: "weekly"
	- package-ecosystem: "npm"
	directory: "/src/filesystem"
	schedule:
	interval: "weekly"
	- package-ecosystem: "npm"
	directory: "/src/memory"
	schedule:
	interval: "weekly"
	- package-ecosystem: "npm"
	directory: "/src/sequentialthinking"
	schedule:
	interval: "weekly"
	groups:
	npm-dependencies:
	patterns:
	- "*"
	update-types:
	- "all"

[Copilot]

All pip package ecosystems use the same group name 'python-dependencies', but group names must be unique per update configuration. Each Python directory will create separate PRs instead of being consolidated into a single PR as intended. To achieve the grouping strategy described in the PR description, you need unique group names or a repository-level grouping configuration.

[Copilot]

All pip package ecosystems use the same group name 'python-dependencies', but group names must be unique per update configuration. Each Python directory will create separate PRs instead of being consolidated into a single PR as intended. To achieve the grouping strategy described in the PR description, you need unique group names or a repository-level grouping configuration.

[Copilot]

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The npm entries (lines 8-32) lack the groups configuration that would consolidate all npm updates into a single PR as described in the PR description. Each directory will generate separate PRs unless groups are added to these entries.

Suggested change

	interval: "weekly"
	# TypeScript/Node.js servers
	- package-ecosystem: "npm"
	directory: "/src/everything"
	schedule:
	interval: "weekly"
	- package-ecosystem: "npm"
	directory: "/src/filesystem"
	schedule:
	interval: "weekly"
	- package-ecosystem: "npm"
	directory: "/src/memory"
	schedule:
	interval: "weekly"
	- package-ecosystem: "npm"
	directory: "/src/sequentialthinking"
	schedule:
	interval: "weekly"
	interval: "weekly"
	groups:
	npm-dependencies:
	patterns:
	- "*"
	# TypeScript/Node.js servers
	- package-ecosystem: "npm"
	directory: "/src/everything"
	schedule:
	interval: "weekly"
	groups:
	npm-dependencies:
	patterns:
	- "*"
	- package-ecosystem: "npm"
	directory: "/src/filesystem"
	schedule:
	interval: "weekly"
	groups:
	npm-dependencies:
	patterns:
	- "*"
	- package-ecosystem: "npm"
	directory: "/src/memory"
	schedule:
	interval: "weekly"
	groups:
	npm-dependencies:
	patterns:
	- "*"
	- package-ecosystem: "npm"
	directory: "/src/sequentialthinking"
	schedule:
	interval: "weekly"
	groups:
	npm-dependencies:
	patterns:
	- "*"

[Copilot]

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

All npm package ecosystems use the same group name 'npm-dependencies', which will result in separate PRs per directory rather than a single grouped PR as described in the PR description. To achieve the stated goal of '1 PR for all npm updates', use a unique group name (e.g., 'all-npm-dependencies') consistently across all npm configurations, or consider Dependabot's repository-level grouping feature if available.