fix: remove invalid security-updates group from dependabot (#39)

nullhack · web-flow · commit e4963dd93f91 · 2026-04-13T16:32:54.000-04:00
The security-updates group used 'security' as an update-type which is
not a valid value according to GitHub's dependabot specification.
Valid values are: major, minor, patch.

This removes the invalid group configuration that was causing the
dependabot check to fail, while keeping the valid dev-dependencies
group for grouping development tool updates.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,5 +1,5 @@
 version: 2
-# SECURITY: Automated dependency updates with security-focused grouping
+# Automated dependency updates for Python packages
 updates:
   # Enable version updates for Python packages
   - package-ecosystem: "pip"
@@ -27,11 +27,6 @@ updates:
         update-types:
           - "minor"
           - "patch"
-      security-updates:
-        patterns:
-          - "*"
-        update-types:
-          - "security"
     # Configuration options
     open-pull-requests-limit: 5
     # Allow auto-merge for security updates
