From 31590a8a3b8cc03d589a838829b67e962b5c83e6 Mon Sep 17 00:00:00 2001
From: Sutou Kouhei <kou@cozmixng.org>
Date: Sat, 7 Mar 2026 12:12:18 +0900
Subject: [PATCH] Enable Dependabot for GitHub Actions (#8778)

Our workflows use old GitHub Actions. For example, we use
`actions/checkout@v3` but `actions/checkout@v5` is the latest version:

https://github.com/google/flatbuffers/blob/599847236c35fa3802ea4e46e20e93a55d3a4a94/.github/workflows/build.yml#L33

https://github.com/actions/checkout/releases

How about enabling Dependabot? If we enable Dependabot, Dependabot
opens PRs that update old GitHub Actions.

Dependabot document:
https://docs.github.com/en/code-security/dependabot

Dependabot configuration document:
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference
---
 .github/dependabot.yml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..5ace4600a
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"