From e6ab219f81443f69765862d6a69f9f4f37319280 Mon Sep 17 00:00:00 2001
From: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Date: Fri, 8 Apr 2022 10:10:07 -0500
Subject: [PATCH] Included githubactions in the dependabot config

Dependabot will help ensure that references to actions in a repository's workflow files are kept up to date. For each action in the file, Dependabot checks the action's reference (typically a version number or commit identifier associated with the action) against the latest version. If a more recent version of the action is available, Dependabot will send you a pull request that updates the reference in the workflow file to the latest version. This keeps the project up to date and avoids the project from missing any security updates that the upstream makes.

This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.

Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot

GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
---
 .github/dependabot.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 2ed51e73..7e704c76 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -143,3 +143,9 @@ updates:
   - dependency-name: data-encoding
     versions:
     - 2.3.2
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: weekly
+    time: "13:00"
+  open-pull-requests-limit: 10