From e355c9d168c7635b895d1f15c0e37d1e9db78384 Mon Sep 17 00:00:00 2001 From: "Eri A." Date: Fri, 10 Jan 2025 02:38:13 +0100 Subject: [PATCH] feat(dependabot): automate dependency management and security updates (#749) This PR is to address the re-occuring issue of managing dependencies or transitive dependency for the project - including but not limited to, security updates. With dependabot, we are one step closer with keeping underlying dependencies up-to-date, minimizing the overhead of manual intervention. This would require constant review of the bot PRs, to ensure updates or security updates are in-line with future release and backward compatible with this package/libarary. --- .github/dependabot.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..078c4204 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + labels: + - "dependencies"