feat: auto-merge non-breaking dependency updates (#5)

## Summary
Minori now automatically merges dependency update PRs when they meet safety criteria, reducing manual work whilst maintaining safety for potentially breaking changes.

## Changes
- ✨ Add version comparison utility to detect major version bumps
- ✨ Add Gitea service methods for checking commit status and merging PRs
- ✨ Add auto-merge logic that checks:
  - Is it a major version bump? (if yes, skip auto-merge)
  - Did CI checks pass? (if no, skip auto-merge)
  - If both conditions pass → auto-merge! 🎉
- ✅ Add comprehensive tests for all new functionality
- 📊 Maintain ~94% test coverage

## How It Works
When Minori processes a dependency update:
1. Check if a PR already exists for that dependency
2. If it exists, verify:
   - **Not a major version bump** (major bumps need manual review)
   - **CI status = "success"** (all checks must pass)
3. If both conditions are met → automatically merge the PR and delete the branch

## Test Plan
- [x] All 114 tests passing
- [x] New tests for version comparison utility
- [x] New tests for Gitea service extensions
- [x] Build successful
- [x] Linting clean

---
✨ This PR was created with help from Hikari~ 🌸

Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com>
Reviewed-on: #5
Co-authored-by: Hikari <hikari@nhcarrigan.com>
Co-committed-by: Hikari <hikari@nhcarrigan.com>

src/services/updateOrchestratorService.ts

@@ -6,6 +6,10 @@
 
 import { config } from "../config.js";
 import { logger } from "../utils/logger.js";
+import {
+  isMajorVersionBump,
+  stripVersionPrefix,
+} from "../utils/versionComparison.js";
 import { DependencyAnalyzerService } from "./dependencyAnalyzerService.js";
 import { GiteaService } from "./giteaService.js";
 import {
@@ -17,15 +21,6 @@ import { NpmService } from "./npmService.js";
 import type { GiteaRepository } from "../types/gitea.types.js";
 import type { DependencyUpdate, PackageJson } from "../types/package.types.js";
 
-/**
- * Strips version prefix characters from a version string.
- * @param version - The version string with potential prefixes.
- * @returns The version without prefix characters.
- */
-const stripVersionPrefix = (version: string): string => {
-  return version.replace(/^[<=>^~]*/, "");
-};
-
 /**
  * Generates the body content for a PR.
  * @param update - The dependency update information.
@@ -142,6 +137,103 @@ class UpdateOrchestratorService {
     await logger.log("info", "Dependency update check complete!");
   }
 
+  /**
+   * Attempts to merge an existing PR after checking CI status.
+   * @param repo - The repository information.
+   * @param update - The dependency update details.
+   * @param matchingPR - The existing PR with head SHA and number.
+   * @param matchingPR.head - The PR head information.
+   * @param matchingPR.head.sha - The commit SHA to check.
+   * @param matchingPR.number - The PR number for merging.
+   * @returns True if merge was attempted, false otherwise.
+   */
+  private async attemptPRMerge(
+    repo: GiteaRepository,
+    update: DependencyUpdate,
+    matchingPR: { head: { sha: string }; number: number },
+  ): Promise<boolean> {
+    const commitStatus = await this.giteaService.getCommitStatus(
+      config.giteaOrg,
+      repo.name,
+      matchingPR.head.sha,
+    );
+
+    if (commitStatus.state !== "success") {
+      await logger.log(
+        "info",
+        `    PR exists for ${update.packageName} but CI status is ${commitStatus.state}, skipping auto-merge...`,
+      );
+      return true;
+    }
+
+    await logger.log(
+      "info",
+      `    Auto-merging PR for ${update.packageName} (CI passed, non-major bump)...`,
+    );
+
+    const merged = await this.giteaService.mergePullRequest(
+      config.giteaOrg,
+      repo.name,
+      matchingPR.number,
+    );
+
+    if (merged) {
+      await logger.log(
+        "info",
+        `    Successfully merged PR for ${update.packageName}`,
+      );
+      return true;
+    }
+
+    await logger.log(
+      "warn",
+      `    Failed to merge PR for ${update.packageName}`,
+    );
+    return true;
+  }
+
+  /**
+   * Checks if an existing PR can be auto-merged based on CI status and version bump type.
+   * @param repo - The repository information.
+   * @param update - The dependency update details.
+   * @param branchName - The branch name for the PR.
+   * @returns True if the PR exists and was handled, false otherwise.
+   */
+  private async checkAndMergeExistingPR(
+    repo: GiteaRepository,
+    update: DependencyUpdate,
+    branchName: string,
+  ): Promise<boolean> {
+    const existingPRs = await this.giteaService.listPullRequests(
+      config.giteaOrg,
+      repo.name,
+      "open",
+    );
+
+    const matchingPR = existingPRs.find((pr) => {
+      return pr.head.ref === branchName;
+    });
+
+    if (matchingPR === undefined) {
+      return false;
+    }
+
+    const isMajorBump = isMajorVersionBump(
+      update.currentVersion,
+      update.latestVersion,
+    );
+
+    if (isMajorBump) {
+      await logger.log(
+        "info",
+        `    PR exists for ${update.packageName} but is a major version bump, skipping auto-merge...`,
+      );
+      return true;
+    }
+
+    return await this.attemptPRMerge(repo, update, matchingPR);
+  }
+
   /**
    * Creates or updates a PR for a dependency update.
    * @param repo - The repository information.
@@ -157,6 +249,16 @@ class UpdateOrchestratorService {
       = `${config.prBranchPrefix}${update.packageName.replaceAll(/[/@]/g, "-")}`;
 
     try {
+      const existingPRMerged = await this.checkAndMergeExistingPR(
+        repo,
+        update,
+        branchName,
+      );
+
+      if (existingPRMerged) {
+        return;
+      }
+
       const result = await createOrUpdateBranch({
         branchName:    branchName,
         clonedRepo:    clonedRepo,