From 8518db1c271470ba37c52f3b4dd5731c9a79a044 Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Tue, 4 Jan 2022 10:23:21 -0800
Subject: [PATCH 1/2] Configure Dependabot to check for outdated actions used
 in workflows

Dependabot will periodically check the versions of all actions used in the repository's workflows. If any are found to
be outdated, it will submit a pull request to update them.

NOTE: Dependabot's PRs will occasionally propose to pin to the patch version of the action (e.g., updating
`uses: foo/bar@v1` to `uses: foo/bar@v2.3.4`). When the action author has provided a major version ref, use that instead
(e.g., `uses: foo/bar@v2`). Dependabot will automatically close its PR once the workflow has been updated.

More information:
https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot
---
 .github/dependabot.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..f2bfa72
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+# See: https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#about-the-dependabotyml-file
+version: 2
+
+updates:
+  # Configure check for outdated GitHub Actions actions in workflows.
+  # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/dependabot/README.md
+  # See: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot
+  - package-ecosystem: github-actions
+    directory: / # Check the repository's workflows under /.github/workflows/
+    schedule:
+      interval: daily
+    labels:
+      - "topic: infrastructure"

From f9cf150a8e28e7d92062a2ebe141a0edbf0e14cd Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Tue, 4 Jan 2022 10:25:42 -0800
Subject: [PATCH 2/2] Configure Dependabot to check for outdated npm package
 dependencies

Dependabot will periodically check all npm package dependencies of the project. If any are found to be outdated, it will submit a pull request to update them.
---
 .github/dependabot.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f2bfa72..14b70a2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,3 +11,9 @@ updates:
       interval: daily
     labels:
       - "topic: infrastructure"
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+    labels:
+      - "topic: infrastructure"