From 5090395ca7e6a4ebc7a08cbb5911f1bb823816c2 Mon Sep 17 00:00:00 2001
From: Eldred Habert <me@eldred.fr>
Date: Tue, 31 Mar 2026 02:03:37 +0200
Subject: [PATCH] Enable GH Actions to be automatically bumped

Turns out those get new major releases somewhat often, and we get deprecation warnings and brownouts and all that.
Automatic bumps should help us avoid that, though I've set a *very* large scan interval to shield us from churn.
---
 .github/dependabot.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..514b41f1
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,14 @@
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "quarterly" # We do not need *immediate* bumps, only frequent enough to avoid falling out of support range.
+    cooldown: # Avoid bumping deps immediately, to give time for security audits to be conducted
+      default-days: 15
+      include: [ * ]
+    groups:
+      actions:
+    labels: [ builds ] # Since those are CI-related updates...
+