Limit Dependabot alerts to major version updates only

[avazirna]

Technical Summary

Configures Dependabot to ignore patch and minor semver updates for GitHub Actions dependencies. Only major version updates will trigger Dependabot PRs going forward, reducing noise from low-risk automated PRs.

• Add ignore rules to .github/dependabot.yml filtering out version-update:semver-patch and version-update:semver-minor

Safety Assurance

Safety story

This only affects Dependabot's PR creation behavior — no application code is changed. Major version updates will still be reported.

Special deploy instructions

• This PR can be deployed after merge with no further considerations.

Rollback instructions

• This PR can be reverted after deploy with no further considerations.

Review

• The set of people pinged as reviewers is appropriate for the level of risk of the change.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.08%. Comparing base (51c35b3) to head (c05f695).

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #1779      +/-   ##
============================================
- Coverage     70.10%   70.08%   -0.03%     
+ Complexity     2028     2027       -1     
============================================
  Files           257      257              
  Lines          8005     8005              
  Branches        763      763              
============================================
- Hits           5612     5610       -2     
- Misses         2110     2112       +2     
  Partials        283      283              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.