From 9b60652ee9d0038b228eb6cf820da562669ff351 Mon Sep 17 00:00:00 2001
From: valoq <valoq@mailbox.org>
Date: Thu, 30 Apr 2026 13:46:55 +0200
Subject: [PATCH] use dependabot

---
 .github/dependabot.yml | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..8992a3859
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,38 @@
+# Dependabot configuration for ouch.
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+version: 2
+updates:
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "deps"
+    groups:
+      # Patch and minor bumps land together to reduce PR churn.
+      # Major bumps still get one PR each so they get a proper review.
+      cargo-patch-and-minor:
+        update-types:
+          - "patch"
+          - "minor"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "ci"
+    commit-message:
+      prefix: "ci"
+    groups:
+      gha-patch-and-minor:
+        update-types:
+          - "patch"
+          - "minor"