From 2bcbea2cf32a5dab1f4780b9816c2724ad3f0b1b Mon Sep 17 00:00:00 2001 From: Christian Clauss Date: Mon, 13 Jul 2026 08:55:45 +0200 Subject: [PATCH] Keep GitHub Actions up to date with GitHub's Dependabot * [Keeping your software supply chain secure with Dependabot](https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain) * [Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/auto-update-actions) * [Configuration options for the `dependabot.yml` file - package-ecosystem](https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#package-ecosystem-) To see all GitHub Actions dependencies, type: % `git grep 'uses: ' .github/workflows/` --- .github/workflows/dependabot.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/workflows/dependabot.yml diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml new file mode 100644 index 000000000..b542c0d6c --- /dev/null +++ b/.github/workflows/dependabot.yml @@ -0,0 +1,16 @@ +# Keep GitHub Actions up to date with GitHub's Dependabot... +# https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/auto-update-actions +# https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#package-ecosystem +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + groups: + github-actions: + patterns: + - "*" # Group all Actions updates into a single larger pull request + schedule: + interval: weekly + cooldown: # https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html + default-days: 7 + exclude: