Dependabot supports vendoring for Ruby/bundler

Dependabot can now update repositories that use RubyGems, use bundler, and vendor their gems by committing the vendor/cache folder to the repo. In your Dependabot configuration file, add a vendor: true option:

version: 2
updates:
  - package-ecosystem: "bundler"
    directory: "/"
    schedule:
      interval: "daily"
    vendor: true

version: 2
updates:
  - package-ecosystem: "bundler"
    directory: "/"
    schedule:
      interval: "daily"
    vendor: true

If you'd like Dependabot to support vendored packages from other package ecosystems, vote for the corresponding feature request on the dependabot/dependabot-core repository.