From c88935e5ce79a2ff23e7a4ba9b8d0d154c56aba0 Mon Sep 17 00:00:00 2001 From: Christian Clauss Date: Mon, 8 Apr 2024 08:07:49 +0200 Subject: [PATCH] Keep GitHub Actions up to date with GitHub's Dependabot From https://github.com/actions/starter-workflows/blob/main/.github/dependabot.yml Fixes the nine supply chain safety warnings at the bottom right of https://github.com/actions/setup-node/actions/runs/8558803200 --- .github/dependabot.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..7052fd3f6 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,16 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: 'npm' + directory: '/' + schedule: + interval: 'weekly' + + - package-ecosystem: 'github-actions' + directory: '/' + schedule: + interval: 'weekly'