Handle Misconfigured Dependabot for PNPM Workspaces

[kbukum1]

What are you trying to accomplish?

This PR ensures Dependabot correctly detects and prevents updates from inside PNPM workspace subdirectories when a workspace root update is already configured.

Why?

• In PNPM workspaces, all dependencies should be updated from the root directory, where pnpm-workspace.yaml and pnpm-lock.yaml exist.
• Customers sometimes misconfigure Dependabot by adding both root and subdirectory updates, which causes no change errors since the lockfile update is already handled at the root.
• This PR raises a MisconfiguredTooling error when:
  1. pnpm-workspace.yaml exists in a parent directory (../pnpm-workspace.yaml)
  2. pnpm-lock.yaml exists in a parent directory (../pnpm-lock.yaml)
  3. The update process is executed from a subdirectory instead of the workspace root

What issues does this affect or fix?

This resolves incorrect Dependabot behavior where updates are attempted from workspace subdirectories instead of the root, causing no change errors.

Anything you want to highlight for special attention from reviewers?

• The logic ensures that only cases where both pnpm-workspace.yaml and pnpm-lock.yaml are in a parent directory trigger an error.
• Valid configurations where the entire workspace is inside a subdirectory (e.g., /some-project instead of /) will not raise errors.
• If only one of pnpm-workspace.yaml or pnpm-lock.yaml is found in the parent directory, the update proceeds normally.

✅ Proper Configuration:

If you are using PNPM workspaces, you should only define the root directory (/) in dependabot.yml. Dependabot will automatically update dependencies across all workspaces from there.

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "09:00"

❌ Misconfigured Dependabot:

If you define subdirectories (/client, /server, etc.) separately, Dependabot may attempt to run updates inside a workspace subdirectory, which is not supported and will trigger an error.

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "09:00"
  - package-ecosystem: "npm"
    directory: "/client"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "09:00"
  - package-ecosystem: "npm"
    directory: "/server"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "09:00"

How will you know you've accomplished your goal?

• Test cases confirm that workspace subdirectory updates trigger MisconfiguredTooling when both pnpm-workspace.yaml and pnpm-lock.yaml are in a parent directory.
• Manual validation ensures that valid PNPM workspace configurations continue working as expected.
• Running Dependabot in a correctly configured workspace does not raise errors.

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.