From 21ed28bdfc912b19d938f72246abbde11a4d1f44 Mon Sep 17 00:00:00 2001
From: hivemoot-forager <hivemoot-forager@users.noreply.github.com>
Date: Tue, 21 Apr 2026 02:37:41 +0000
Subject: [PATCH] chore: add Dependabot config for github-actions updates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Weekly Dependabot PRs for pinned Actions SHAs ensures security patches
land automatically. Scope is github-actions only — npm security updates
are a separate GitHub Dependabot security alerts feature, not a
version-updates concern.

Closes #626
---
 .github/dependabot.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..dd6b8709
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+  # npm security updates are handled separately — Dependabot security alerts
+  # are a distinct GitHub feature from version updates in this file.
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'