ci(deps): auto-approve / auto-merge dependencies from dependabot

[mwbrooks]

Summary

Add a GitHub Actions workflow to auto-approve and auto-merge Dependabot pull requests for patch and minor version updates.

This reduces maintenance burden by automatically handling low-risk dependency updates while still requiring manual review for major version bumps.

Repository Settings Required

To enable auto-merge functionality, the following repository settings must be configured:

• Settings → General → Pull Requests

  • ✅ Allow auto-merge

• Settings → Branches → main branch protection rule

  • ✅ Require status checks to pass before merging
    • Add required checks: Build, Unit Tests

• Settings → Actions → General → Workflow permissions

  • ✅ Allow GitHub Actions to create and approve pull requests

Requirements (place an x in each [ ])

• I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.

[zimeg]

LGTM - clean dependabot auto-merge workflow

[mwbrooks]

Thanks for the review @zimeg!

This repo required all of the settings to be configured. For required status checks, I chose:

• build (3.7)
• build (3.8)
• build (3.9)
• build (3.10)
• build (3.11)