From 071dd5a884b2785351f5d4a164b26c3b76bf2429 Mon Sep 17 00:00:00 2001
From: mhucka <mhucka@google.com>
Date: Fri, 27 Mar 2026 02:57:35 +0000
Subject: [PATCH 1/2] Add a Dependabot configuration file

This config file customizes Dependabot's behavior to be more useful for
this project.
---
 .github/dependabot.yaml | 50 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 .github/dependabot.yaml

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 000000000..1875a45b4
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,50 @@
+# Copyright 2026 The TensorFlow Quantum Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============================================================================
+
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    exclude-paths:
+      - "third_party/**"
+    schedule:
+      interval: "monthly"
+      versioning-strategy: "increase-if-necessary"
+    labels:
+      - "area/dependencies"
+      - "area/python"
+      - "area/health"
+
+  - package-ecosystem: "github-actions"
+    # The "github-actions" code explicitly looks in /.github/workflows if the
+    # value "/" is given for the directory attribute. Yes, that's confusing.
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      # Ideally, we would group all monthly updates together into 1 group,
+      # but Dependabot does not support that. The best we can do is 2 groups.
+      actions-version-updates:
+        applies-to: "version-updates"
+        patterns:
+          - "*"
+      actions-security-updates:
+        applies-to: "security-updates"
+        patterns:
+          - "*"
+    labels:
+      - "area/devops"
+      - "area/health"
+      - "kind/chore"

From 3a7325338d7d64bd7f95edb170557ece10d0d80a Mon Sep 17 00:00:00 2001
From: mhucka <mhucka@google.com>
Date: Fri, 27 Mar 2026 03:00:09 +0000
Subject: [PATCH 2/2] Fix syntax

---
 .github/dependabot.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
index 1875a45b4..9bcde8455 100644
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -21,7 +21,7 @@ updates:
       - "third_party/**"
     schedule:
       interval: "monthly"
-      versioning-strategy: "increase-if-necessary"
+    versioning-strategy: "increase-if-necessary"
     labels:
       - "area/dependencies"
       - "area/python"