Remove test fixture lockfiles, re-enable Dependabot (#2096)

Remove test fixture lockfiles, re-enable Dependabot

Author: KRRT7

.github/dependabot.yml

@@ -1,26 +1,25 @@
-# TEMPORARILY DISABLED — re-enable by removing open-pull-requests-limit: 0
 version: 2
 updates:
   # Python (root pyproject.toml)
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 5
 
   # JavaScript (codeflash npm package)
   - package-ecosystem: "npm"
     directory: "/packages/codeflash"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 5
 
   # GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 5
 
   # code_to_optimize/ directories are test fixtures — do NOT update them.
-  # Dependabot PRs for these always fail (missing secrets) and waste CI.
+  # Their package-lock.json files are gitignored to prevent Dependabot alerts.

.gitignore

@@ -275,6 +275,9 @@ tessl.json
 **/dist-nuitka/**
 **/.npmrc
 
+# Test fixture lockfiles — prevents Dependabot from scanning them
+code_to_optimize/**/package-lock.json
+
 # Tessl auto-generates AGENTS.md on install; ignore to avoid cluttering git status
 AGENTS.md
 .serena/