From 487906c05ac3f41305f4fe807e3c615a826f2beb Mon Sep 17 00:00:00 2001
From: clee2000 <44682903+clee2000@users.noreply.github.com>
Date: Thu, 9 Jan 2025 10:28:50 -0800
Subject: [PATCH] Dependabot for GHA (#6152)

I followed
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
but I'm not sure this works since this file only has /setup-ssh for npm
and we definitely get dependabot PRs for stuff outside of setup-ssh

After looking at the dependabot config, I think the non setup-ssh
updates might come from security updates, not version updates
---
 .github/dependabot.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 7f349b4530..a6189a9834 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,3 +7,8 @@ updates:
     # Check the npm registry for updates every day (weekdays)
     schedule:
       interval: 'weekly'
+
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'