From 839aa73c18051272b3a3754c5c9274895ef2c1d7 Mon Sep 17 00:00:00 2001
From: Martin Geisler <martin@geisler.net>
Date: Tue, 1 Oct 2024 23:02:46 +0900
Subject: [PATCH] Configure automatic Dependabot updates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

These will happen once month — security vulnerabilities will still be
patched immediately.

We ignore patch updates since Cargo handles this for us: it will
already use the latest SemVer compatible when people download the
library.
---
 .github/dependabot.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..19b8c5e
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,18 @@
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+
+  - package-ecosystem: cargo
+    directory: /
+    schedule:
+      interval: monthly
+    ignore:
+      - dependency-name: "*"
+        update-types:
+          - "version-update:semver-patch"