Dependabot Version Updates

Dependabot is a GitHub-native automation service that keeps your project dependencies up-to-date. It scans your dependency files (package.json, requirements.txt, Gemfile, Cargo.toml, etc.), detects outdated versions, and automatically creates pull requests to bump them. You configure Dependabot via .github/dependabot.yml. It runs on a schedule (daily, weekly) and creates PRs grouped by package, severity, or update type (security patch vs major version). You review each PR (check that tests pass, no breaking changes), then merge.