Create dependabot.yml#1
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request adds a Dependabot configuration file to automatically keep GitHub Actions workflows up to date through weekly automated pull requests.
- Adds
.github/dependabot.ymlwith configuration for GitHub Actions updates - Configures weekly update checks with all updates grouped together
- Restricts updates to minor and patch versions only
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| github-actions-all: | ||
| patterns: | ||
| - "*" | ||
| update-types: |
There was a problem hiding this comment.
The update-types configuration only includes "minor" and "patch" updates, which means major version updates for GitHub Actions will be excluded. This could result in missing important updates, security fixes, or new features that come with major version releases. Consider adding "major" to the update-types list, or remove the update-types restriction entirely to allow all types of updates. If the exclusion of major updates is intentional to avoid breaking changes, consider adding a comment explaining this decision.
| update-types: | |
| update-types: | |
| - "major" |
use dependabot to keep workflows up to date