From fda6a2d75e41c97e32c476a3d2b5e8b733ab3558 Mon Sep 17 00:00:00 2001
From: Daniel Silva <mail@dannyps.net>
Date: Tue, 10 Dec 2024 13:46:31 +0000
Subject: [PATCH] add a decent dependabot

---
 .github/workflows/dependabot.yml        |  9 ++++++
 .github/workflows/dependency-review.yml | 41 -------------------------
 2 files changed, 9 insertions(+), 41 deletions(-)
 create mode 100644 .github/workflows/dependabot.yml
 delete mode 100644 .github/workflows/dependency-review.yml

diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
new file mode 100644
index 0000000..7d2115a
--- /dev/null
+++ b/.github/workflows/dependabot.yml
@@ -0,0 +1,9 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+
+version: 2
+updates:
+- package-ecosystem: "" # See documentation for possible values
+  directory: "/src" # Location of package manifests
+  schedule:
+    interval: "weekly"
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
deleted file mode 100644
index 9765640..0000000
--- a/.github/workflows/dependency-review.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-# Dependency Review Action
-#
-# This Action will scan dependency manifest files that change as part of a Pull Request,
-# surfacing known-vulnerable versions of the packages declared or updated in the PR.
-# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable
-# packages will be blocked from merging.
-#
-# Source repository: https://github.com/actions/dependency-review-action
-# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
-name: 'Dependency review'
-on:
-  schedule:
-    - cron: '45 3 */3 * *'
-  workflow_dispatch:
-# If using a dependency submission action in this workflow this permission will need to be set to:
-#
-# permissions:
-#   contents: write
-#
-# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api
-permissions:
-  contents: read
-  # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option
-  pull-requests: write
-
-jobs:
-  dependency-review:
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout repository'
-        uses: actions/checkout@v4
-      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v4
-        # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
-        with:
-          comment-summary-in-pr: always
-          base-ref: main
-          head-ref: main
-        #   fail-on-severity: moderate
-        #   deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later
-        #   retry-on-snapshot-warnings: true