From 695b8dec9e487ff8ce996697722a7ed24405e98b Mon Sep 17 00:00:00 2001
From: TriplEight <pisarevden@gmail.com>
Date: Sun, 22 Mar 2026 10:18:40 +0100
Subject: [PATCH] ci: add Dependabot config for github-actions and cargo.

  Weekly schedule (Mondays), 7-day cooldown, grouped updates to keep PR
  noise low. Actions updates prefixed `ci`, Cargo prefixed `deps`. Major
  version bumps for Cargo crates are ignored - those are for manualreview
  given they can introduce breaking API or behaviour changes.
---
 .github/dependabot.yml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..74e0db27
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,39 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/Amsterdam"
+    open-pull-requests-limit: 10
+    cooldown:
+      days: 7
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+    commit-message:
+      prefix: "ci"
+
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/Amsterdam"
+    open-pull-requests-limit: 10
+    cooldown:
+      days: 7
+    groups:
+      cargo-dependencies:
+        patterns:
+          - "*"
+    commit-message:
+      prefix: "deps"
+    ignore:
+      # Ignore major version bumps — review these manually
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]