From 75fe2ff0c3c8a2528e2323334095ead6cd5731cc Mon Sep 17 00:00:00 2001
From: Christian Clauss <cclauss@me.com>
Date: Mon, 13 May 2024 10:57:13 +0200
Subject: [PATCH] Keep GitHub Actions up to date with Dependabot (#10268)

# Fixes software supply chain safety warnings like at the bottom right of
https://github.com/dmlc/xgboost/actions/runs/9048469681

* [Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)
* [Configuration options for the dependabot.yml file - package-ecosystem](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem)
---
 .github/dependabot.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0cc0c16fd..06badec5f 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -29,3 +29,7 @@ updates:
     directory: "/jvm-packages/xgboost4j-spark-gpu"
     schedule:
       interval: "monthly"
+  - package-ecosystem: "github-actions"
+    directory: /
+    schedule:
+      interval: "monthly"