From 055f008c0d9592e8a57cc42edd01c3c3d8b53ac6 Mon Sep 17 00:00:00 2001
From: Whymarrh Whitby <whymarrh.whitby@gmail.com>
Date: Fri, 23 Oct 2020 12:24:10 -0230
Subject: [PATCH] Add a GitHub Dependabot config (#9664)

This change adds a GitHub Dependabot configuration to enable daily checks for dependency updates.

[See the docs for more information.][1]

  [1]:https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/configuration-options-for-dependency-updates

This config enables checking for dependencies in the root `package.json` file (`directory`) every weekday (`schedule.interval`) only for lockfile updates, ignoring any new versions that would require package manifest changes. (if necessary, `versioning-strategy`). This is all restricted to the organization's `@metamask/*` packages.
---
 .github/dependabot.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..3c2610e72
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    allow:
+      - dependency-name: "@metamask/*"
+    versioning-strategy: "lockfile-only"