Platform Automation | Add and configure dependabot.yaml

[platauto-bot]

Author

Platform Automation Team

---

Summary

This pull request introduces a dependabot.yaml configuration file to the repository, enabling automated dependency monitoring and updates through GitHub's Dependabot.

---

Purpose

By configuring Dependabot, we aim to:

• Automate the detection and resolution of outdated or vulnerable dependencies
• Minimize manual maintenance overhead
• Ensure consistent use of the latest, most secure versions of packages across supported ecosystems

This enhancement contributes to better security posture and maintainability of the codebase.

---

What is Dependabot?

Dependabot is a GitHub-native tool that automatically checks for:

• Outdated dependencies
• Security vulnerabilities in third-party libraries

It generates automated pull requests to keep your dependencies up to date. Dependabot supports a wide range of package managers and seamlessly integrates with your existing GitHub workflows.

---

Configuration Guide

Details on how to configure and customize dependabot.yaml can be seen here.

---

Need Help?

If you have any questions or need assistance, please reach out to the PlatformAutomation (PA) team on the
#rd-devops Slack channel.

---

IMPORTANT

Kindly refrain from changing the PR title as it will result in the automation creating multiple Pull Requests.

[acquia-stalebot-platauto]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Please remove the stale label to avoid it being closed. Thank you for your contributions. More info: https://github.com/acquia/devops-github-administration/blob/main/docs/operations_related_to_repositories.md#acquia-stale-bot