ci: add Dependabot configuration for automated dependency updates

Configure weekly automated dependency update PRs for all ecosystems: - gomod: /veza-backend-api (Go modules) - cargo: /veza-chat-server, /veza-stream-server (Rust crates) - npm: /apps/web (frontend packages) - github-actions: / (CI action versions) Each ecosystem gets appropriate labels for easy triage. Addresses audit finding A06: no automated dependency update mechanism. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-11 23:26:18 +01:00 · 2026-02-11 23:26:18 +01:00 · ff5d6736f8
commit ff5d6736f8
parent ba232c2f56
1 changed files with 31 additions and 0 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,31 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/veza-backend-api"
+    schedule:
+      interval: "weekly"
+    labels: ["dependencies", "go"]
+
+  - package-ecosystem: "cargo"
+    directory: "/veza-chat-server"
+    schedule:
+      interval: "weekly"
+    labels: ["dependencies", "rust"]
+
+  - package-ecosystem: "cargo"
+    directory: "/veza-stream-server"
+    schedule:
+      interval: "weekly"
+    labels: ["dependencies", "rust"]
+
+  - package-ecosystem: "npm"
+    directory: "/apps/web"
+    schedule:
+      interval: "weekly"
+    labels: ["dependencies", "frontend"]
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels: ["dependencies", "ci"]