From eab6cfece7f9fdbbe8d5a9e3adfd9b732c2a48d6 Mon Sep 17 00:00:00 2001
From: Koichi ITO <koic.ito@gmail.com>
Date: Mon, 2 Feb 2026 15:50:59 +0900
Subject: [PATCH] Enable Dependabot for GitHub Actions

Configure Dependabot to automatically detect updates to the actions used in
GitHub Actions (e.g., `actions/checkout`) and create pull requests for them.

For example, `actions/checkout@v4` is likely updatable, as v6 is already available:
https://github.com/modelcontextprotocol/typescript-sdk/blob/b0ef89f/.github/workflows/conformance.yml#L21

This PR enables Dependabot to update such GitHub Actions dependencies.

Updates to outdated actions packages in `.github/workflows` are intentionally not included in this PR,
as they will be updated by the initial Dependabot run as part of verifying its behavior.

Based on experience, checking for updates on a weekly interval should work well.
---
 .github/dependabot.yml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..b18fd2935
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'