We should enable automated GitHub Actions dependency updates for this repository so workflow action versions and tool pins do not drift. ## Why - we currently update workflow actions manually, see #166 - CI behavior can depend on old pinned tool versions, as seen with the `setup-uv` / `uv 0.6.6` mismatch - a bot-managed update flow would make smaller, more regular CI maintenance PRs easier to review ## Scope - add a `.github/dependabot.yml` entry for `package-ecosystem: "github-actions"` - choose a reasonable schedule and PR grouping strategy - confirm whether we also want Dependabot to manage other ecosystems in this repo
We should enable automated GitHub Actions dependency updates for this repository so workflow action versions and tool pins do not drift.
Why
setup-uv/uv 0.6.6mismatchScope
.github/dependabot.ymlentry forpackage-ecosystem: "github-actions"