From 2dd6bd3bce033edbbd2f9ff4cea77642320edf01 Mon Sep 17 00:00:00 2001
From: Shin'ya Ueoka <ueokande@i-beam.org>
Date: Wed, 6 May 2026 15:23:21 +0900
Subject: [PATCH] Remove Dependabot to prevent supply-chain attacks

Automated dependency updates via Dependabot can be exploited as a
supply-chain attack vector. Removing the config disables automatic
PRs that could introduce malicious package versions.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/dependabot.yml | 6 ------
 1 file changed, 6 deletions(-)
 delete mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index 122534f..0000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: 'npm'
-    directory: '/'
-    schedule:
-      interval: 'daily'