From c88935e5ce79a2ff23e7a4ba9b8d0d154c56aba0 Mon Sep 17 00:00:00 2001
From: Christian Clauss <cclauss@me.com>
Date: Mon, 8 Apr 2024 08:07:49 +0200
Subject: [PATCH] Keep GitHub Actions up to date with GitHub's Dependabot

From https://github.com/actions/starter-workflows/blob/main/.github/dependabot.yml

Fixes the nine supply chain safety warnings at the bottom right of
https://github.com/actions/setup-node/actions/runs/8558803200
---
 .github/dependabot.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..7052fd3f
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'