Keep GitHub Actions up to date with GitHub's Dependabot

From https://github.com/actions/starter-workflows/blob/main/.github/dependabot.yml

Fixes the nine supply chain safety warnings at the bottom right of
https://github.com/actions/setup-node/actions/runs/8558803200
This commit is contained in:
Christian Clauss 2024-04-08 08:07:49 +02:00
parent c2ac33f2c6
commit c88935e5ce

16
.github/dependabot.yml vendored Normal file
View file

@ -0,0 +1,16 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: 'npm'
directory: '/'
schedule:
interval: 'weekly'
- package-ecosystem: 'github-actions'
directory: '/'
schedule:
interval: 'weekly'