From 5874f642f6abcaa02e04dbc3bb306c255d78303c Mon Sep 17 00:00:00 2001
From: Mike Singleton <mike@iteratehq.com>
Date: Mon, 6 Apr 2026 10:42:06 -0400
Subject: [PATCH] Add dependabot.yml to limit version updates to production
 deps
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

DevDependency version update PRs add noise without security value —
security alerts for devDeps are handled separately via manual triage.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/dependabot.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..6f30651
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    allow:
+      - dependency-type: "production"