From 93e76774629ca8f3f335de27c6b5d2d911f158f9 Mon Sep 17 00:00:00 2001
From: Jeremy Massel <1123407+jkmassel@users.noreply.github.com>
Date: Mon, 11 May 2026 11:58:00 -0600
Subject: [PATCH] ci: have Dependabot watch the Bundler ecosystem too
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Dependabot was only scanning npm. The Gemfile was never watched, which is
why we walked into 14.0 of `fastlane-plugin-wpmreleasetoolkit` (moved
`env_manager/` into the auto-load glob) without any warning.

A weekly bundler check would have surfaced this — and will surface future
fastlane / release-toolkit / transitive-gem bumps.
---
 .github/dependabot.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 35d6fb548..46a801b3a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -15,3 +15,8 @@ updates:
             update-types: ['version-update:semver-major']
           - dependency-name: 'eslint-plugin-react-refresh' # eslint-plugin-react-refresh@>=0.5.x requires eslint@>=9.x.x, blocked by https://github.com/WordPress/gutenberg/issues/64782
             update-types: ['version-update:semver-minor']
+
+    - package-ecosystem: 'bundler'
+      directory: '/'
+      schedule:
+          interval: 'weekly'