Add GitHub Actions to the dependabot config

Author: mrbiggred

.github/dependabot.yml

@@ -1,9 +1,10 @@
-# Please see the documentation for all configuration options:
-# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
 version: 2
 updates:
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

AGENTS.md

@@ -29,6 +29,7 @@ This is the **Weekly Dev Chat** website, a static site built with MkDocs Materia
 ├── create_post.sh             # Bash script to create new blog posts
 ├── create_post.ps1            # PowerShell script to create new blog posts
 ├── .github/
+│   ├── dependabot.yml         # Dependabot dependency updates
 │   └── workflows/
 │       └── ci.yml             # GitHub Actions deployment workflow
 └── docs/                      # All site content
@@ -206,6 +207,39 @@ Not typically needed due to automated workflow, but can be done:
 mkdocs gh-deploy --force
 ```
 
+## Dependency Management
+
+### Dependabot
+
+Dependabot is configured in `.github/dependabot.yml` to automatically keep dependencies up to date:
+
+- **Python packages** (`requirements.txt`): Checked weekly for updates to mkdocs-material
+- **GitHub Actions**: Checked weekly for updates to workflow actions (checkout, setup-python, cache)
+
+When updates are available, Dependabot automatically creates pull requests with:
+- Version bump details
+- Changelog information
+- Compatibility notes
+
+**Configuration**:
+```yaml
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+```
+
+**Review Process**: Review and merge Dependabot PRs after verifying:
+1. CI/CD workflow passes
+2. Local testing confirms no breaking changes
+3. Release notes indicate compatibility
+
 ## Git Ignore Patterns
 
 The following are ignored:

README.md

@@ -112,6 +112,7 @@ These scripts will:
 ├── create_post.sh             # Bash script to create blog posts
 ├── create_post.ps1            # PowerShell script to create blog posts
 ├── .github/
+│   ├── dependabot.yml         # Dependabot configuration
 │   └── workflows/
 │       └── ci.yml             # GitHub Actions deployment
 └── docs/                      # All site content
@@ -164,6 +165,15 @@ While not typically needed, you can manually deploy:
 ```bash
 mkdocs gh-deploy --force
 ```
+
+## Dependency Management
+
+The project uses **Dependabot** to automatically keep dependencies up to date. Dependabot is configured to check weekly for:
+- Python package updates (mkdocs-material)
+- GitHub Actions updates
+
+When updates are available, Dependabot creates pull requests automatically. Review and merge these PRs after verifying the CI workflow passes.
+
 ## Resources
 
 - [MkDocs Documentation](https://www.mkdocs.org)