From 8cfc4b9d50cde472d5bcca3d55f1630b86f86fe4 Mon Sep 17 00:00:00 2001 From: Christian Clauss Date: Wed, 8 May 2024 01:25:46 +0200 Subject: [PATCH] ci: keep GitHub Actions up to date with GitHub's Dependabot (#42042) * Keep GitHub Actions up to date with GitHub's Dependabot Fixes software supply chain safety warnings like at the bottom right of https://github.com/electron/electron/actions/runs/8619491231 * [Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot) * [Configuration options for the dependabot.yml file - package-ecosystem](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) * Apply suggestion from code review * chore: fully remove groups --------- Co-authored-by: David Sanders --- .github/dependabot.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000000..6decf1226d6e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +# Keep GitHub Actions up to date with GitHub's Dependabot... +# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot +# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly