Context
No automated dependency update mechanism exists. Stale dependencies are a maintenance burden and a security risk.
Change required
Add .github/dependabot.yml:
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
groups:
dev-dependencies:
dependency-type: "development"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"Using groups keeps the PR noise manageable.
Context
No automated dependency update mechanism exists. Stale dependencies are a maintenance burden and a security risk.
Change required
Add
.github/dependabot.yml:Using
groupskeeps the PR noise manageable.