dependabot-2.0: update schema for multi-ecosystem groups

[dmitris]

Area with issue?

JSON Schema

✔️ Expected Behavior

Expecting the validation based on dependabot-2.0.json schema to work on any valid dependabot.yml files including https://github.com/dependabot/dependabot-core/blob/main/.github/dependabot.yml

❌ Actual Behavior

Currently for the updates stanza the schema requires unconditionally the schedule field:

schemastore/src/schemas/json/dependabot-2.0.json

Line 1071 in a0674ec

"required": ["package-ecosystem", "schedule"]

      "allOf": [
        {
          "required": ["package-ecosystem", "schedule"]
        },

This makes the schema-based validation to fail in the presence of the multi-ecosystem groups - see also the blog post Single pull request for Dependabot (multi-ecosystem support). One example of a dependabot.yml file where the validation based on the current dependabot-2.0.json schema fails is from github.com/dependabot/dependabot-core repository: https://github.com/dependabot/dependabot-core/blob/main/.github/dependabot.yml.

The solution would be to update the schema to have a conditional clause with the following logic:

if multi-ecosystem-group then
  require package-ecosystem
else
  require schedule
endif

### JSON, YAML, or TOML file that does not work.

https://github.com/dependabot/dependabot-core/blob/main/.github/dependabot.yml (the current [dc0a9d9](https://github.com/dependabot/dependabot-core/blob/dc0a9d975729a6598455ccf89ba53217ca0a7f7f/.github/dependabot.yml) version)

```json
version: 2
multi-ecosystem-groups:
  uv-ecosystem:
    schedule:
      interval: "weekly"
      day: "sunday"
      time: "16:00"

updates:
[...]
  - package-ecosystem: "docker"
    directory: "/uv"
    multi-ecosystem-group: "uv-ecosystem"
    patterns: ["*"]
  - package-ecosystem: "pip"
    directory: "/uv/helpers"
    multi-ecosystem-group: "uv-ecosystem"
    patterns: ["*"]

IDE or code editor.

None

Are you making a PR for this?

Yes - #5250.