Add Dependabot configuration for dependency security scanning [Generated by gurnben's Agent]

[gurnben]

Summary

Adds Dependabot configuration for automated dependency security scanning and update PRs.

Ecosystems configured

GitHub Actions, Go modules

AgentReady Score Impact

This PR is part of an organization-wide initiative to improve AI-assisted development readiness across openshift-online, measured by AgentReady (v2.31.2).

Metric	Value
Current score	31.0/100 (Needs Improvement)
This PR	+5 points
Score after this PR	36/100 (Needs Improvement)
All open PRs combined	+32 points → 63/100 (Silver)

Attributes addressed by this PR

• Dependency Security Scanning (+5)

Context

This matches the pattern already used by ocm-cli. Dependabot will:

• Monitor dependencies for known security vulnerabilities (CVEs)
• Create PRs to update vulnerable dependencies
• Run weekly checks for new dependency versions
• Respect the configured PR limits to prevent notification overload

Testing

• No functional code changes — configuration only

---

:robot_face: This PR was generated by an AI agent (Claude) as part of an organization-wide initiative to improve AI-assisted development readiness across openshift-online. The agent assessed all 32 public repositories using AgentReady, identified improvement opportunities, generated the changes, and opened this PR. All commits are GPG-signed by @gurnben.

[coderabbitai]

Warning

Rate limit exceeded

@gurnben has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 17 minutes and 1 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 17 minutes and 1 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 09d1b7b7-41da-42b6-9be5-e29c77598183

📥 Commits

Reviewing files that changed from the base of the PR and between 2420432 and f1d188f.

📒 Files selected for processing (1)

• .github/dependabot.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: gurnben
Once this PR has been reviewed and has the lgtm label, please assign ahitacat for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment