From af0fcb608b87f159f70d5ac3a6b9dced89fe1476 Mon Sep 17 00:00:00 2001
From: Matt McKay <mmcky@users.noreply.github.com>
Date: Tue, 5 May 2026 13:34:08 +1000
Subject: [PATCH] ci: add Dependabot config for bundler and GitHub Actions
 (#93)

Enables automated dependency update PRs for:
- bundler: weekly updates for Jekyll gems (Gemfile/Gemfile.lock)
- github-actions: weekly updates for workflow action versions

The original jQuery XSS alerts have already been resolved. This config
ensures future dependency updates are surfaced automatically rather than
requiring manual monitoring.

Closes #93
---
 .github/dependabot.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..688efa8
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+version: 2
+updates:
+  # Keep Ruby gems (Jekyll + plugins) up to date
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+
+  # Keep GitHub Actions up to date
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5