From e031444b0fd2c3b3538e39fddba9f5884c8687d9 Mon Sep 17 00:00:00 2001
From: Jesse Wright <63333554+jeswr@users.noreply.github.com>
Date: Sat, 4 Apr 2026 23:36:18 +0100
Subject: [PATCH 1/4] Add Dependabot configuration file

Configure Dependabot for npm and GitHub Actions updates.
---
 .github/dependabot.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..7caa8fd
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+version: 2
+
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

From 3f440616040e6ca76e8258e26982de419140ac72 Mon Sep 17 00:00:00 2001
From: Jesse Wright <63333554+jeswr@users.noreply.github.com>
Date: Sat, 4 Apr 2026 23:37:13 +0100
Subject: [PATCH 2/4] Add automerge workflow for dependabot PRs

---
 .github/workflows/automerge.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/automerge.yml

diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
new file mode 100644
index 0000000..7578bd7
--- /dev/null
+++ b/.github/workflows/automerge.yml
@@ -0,0 +1,20 @@
+name: Enable automerge on dependabot PRs
+
+on:
+  pull_request_target:
+
+jobs:
+  automerge:
+    name: Enable automerge on dependabot PRs
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      repository-projects: write
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - uses: actions/checkout@v6
+      - run: gh pr merge ${{ github.event.pull_request.html_url }} --auto --squash
+      - run: gh pr review ${{ github.event.pull_request.html_url }} --approve
+    env:
+      GH_TOKEN: ${{ github.token }}

From fecddbb0802ba512f8455ca6184dd03c9732f386 Mon Sep 17 00:00:00 2001
From: Jesse Wright <63333554+jeswr@users.noreply.github.com>
Date: Sat, 4 Apr 2026 23:41:11 +0100
Subject: [PATCH 3/4] Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/automerge.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
index 7578bd7..097cb80 100644
--- a/.github/workflows/automerge.yml
+++ b/.github/workflows/automerge.yml
@@ -13,7 +13,6 @@ jobs:
       repository-projects: write
     if: github.actor == 'dependabot[bot]'
     steps:
-      - uses: actions/checkout@v6
       - run: gh pr merge ${{ github.event.pull_request.html_url }} --auto --squash
       - run: gh pr review ${{ github.event.pull_request.html_url }} --approve
     env:

From db998fa95d10d0f9085d772369995488f8cde721 Mon Sep 17 00:00:00 2001
From: Jesse Wright <63333554+jeswr@users.noreply.github.com>
Date: Sat, 4 Apr 2026 23:42:55 +0100
Subject: [PATCH 4/4] Apply suggestion from @jeswr

---
 .github/workflows/automerge.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
index 097cb80..c7fcf2a 100644
--- a/.github/workflows/automerge.yml
+++ b/.github/workflows/automerge.yml
@@ -10,7 +10,6 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
-      repository-projects: write
     if: github.actor == 'dependabot[bot]'
     steps:
       - run: gh pr merge ${{ github.event.pull_request.html_url }} --auto --squash