chore: add dependabot file for project (#627)

GangGreenTemperTatum · web-flow · commit aa3e317c1c4b · 2025-04-24T15:56:54.000-04:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,51 @@
+# .github/dependabot.yml
+version: 2
+updates:
+  # Enable version updates for npm/yarn (JavaScript/TypeScript dependencies)
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    # Ignore the agent_security_initiative directory as it contains deliberately insecure code
+    ignore:
+      - dependency-name: "*"
+        paths:
+          - "initiatives/agent_security_initiative/**"
+    labels:
+      - "dependencies"
+      - "security"
+
+  # Enable version updates for Python dependencies (pip/pipenv/poetry)
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "*"
+        paths:
+          - "initiatives/agent_security_initiative/**"
+    labels:
+      - "dependencies"
+      - "security"
+
+  # Enable version updates for Docker
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "*"
+        paths:
+          - "initiatives/agent_security_initiative/**"
+    labels:
+      - "dependencies"
+      - "security"
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+      - "ci"
