From 51890954afca3f5dc8dd392cebef0baa96a467a0 Mon Sep 17 00:00:00 2001
From: Christian Clauss <cclauss@me.com>
Date: Mon, 8 Apr 2024 08:07:49 +0200
Subject: [PATCH] Keep GitHub Actions up to date with GitHub's Dependabot

From https://github.com/actions/starter-workflows/blob/main/.github/dependabot.yml

Fixes the nine supply chain safety warnings at the bottom right of
https://github.com/actions/setup-node/actions/runs/8558803200
---
 .github/dependabot.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..ee66df244
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"