chore: remove dependabot — manual dep bumps only

[sebyx07]

Summary

Founder direction: no automated dependency bumps.

The first batch (5 PRs in <1 hour) showed why:

• biome 2.x rejected our 1.9.4 config schema
• typescript 6.x broke the bun frozen-lockfile invariant
• 3 action major bumps (checkout 4→6, upload-artifact 4→7, labeler 5→6) had unverified breaking changes

Manual cadence going forward: cargo upgrade / bun update runs as part of the four-stage pipeline (spec → contract → impl → tests) — each bump treated as a real change, not noise.

Closing #2 #3 #4 #5 #6 alongside this commit.

Test plan

• .github/dependabot.yml removed
• CI green on this PR
• No new dependabot PRs after merge

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Removed automated dependency update configuration, eliminating scheduled weekly dependency update pull requests.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b8f1279d-480a-4ef7-adc5-25c851f1b342

📥 Commits

Reviewing files that changed from the base of the PR and between 50548fa and 6f72184.

📒 Files selected for processing (1)

• .github/dependabot.yml

💤 Files with no reviewable changes (1)

• .github/dependabot.yml

---

Walkthrough

The pull request removes the entire .github/dependabot.yml configuration file, which previously automated weekly dependency updates for Rust (cargo), npm scripts, and GitHub Actions with grouping and commit/label rules.

Changes

Cohort / File(s)	Summary
Configuration cleanup .github/dependabot.yml	Deleted entire Dependabot configuration (82 lines) that scheduled weekly dependency updates for Rust, npm, and GitHub Actions. Includes removal of grouping rules, commit message prefixes, and PR labels.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: removing Dependabot automation and switching to manual dependency management.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/remove-dependabot

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}