From cfe1d9dccb476b906b78827fcb7b60e0eae58276 Mon Sep 17 00:00:00 2001
From: Peder <pederhp@hotmail.com>
Date: Thu, 18 Jun 2026 15:08:23 +0200
Subject: [PATCH] ci: add Dependabot version-update config across SDKs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Enables scheduled version updates for the C#, Go, and TypeScript SDKs
plus the CI GitHub Actions. Previously the repo had no dependabot.yml, so
only repository-level security updates were running — meaning the C# SDK
(and the others) received CVE-driven PRs but no routine dependency
freshening.

Weekly cadence; npm and nuget updates are grouped to keep PR noise down.
Python (python/sdk) is omitted until a real Python SDK exists — it is
currently alpha scaffolding; add a `pip` entry when that lands.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .github/dependabot.yml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..344bb31
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,39 @@
+# Dependabot version-update configuration.
+#
+# Note: security updates (CVE-driven PRs) are enabled at the repository level
+# and do NOT depend on this file — they already cover every ecosystem. This
+# config adds *scheduled version updates* ("keep dependencies current" PRs).
+#
+# Python (python/sdk) is intentionally omitted until a real Python SDK exists;
+# it is currently alpha scaffolding. Add a `pip` entry when that lands.
+version: 2
+updates:
+  # C# SDK
+  - package-ecosystem: nuget
+    directory: /csharp/sdk
+    schedule:
+      interval: weekly
+    groups:
+      dotnet:
+        patterns: ["*"]
+
+  # Go SDK
+  - package-ecosystem: gomod
+    directory: /go/sdk
+    schedule:
+      interval: weekly
+
+  # TypeScript SDK
+  - package-ecosystem: npm
+    directory: /typescript/sdk
+    schedule:
+      interval: weekly
+    groups:
+      npm:
+        patterns: ["*"]
+
+  # GitHub Actions used by CI workflows
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly