# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  # We don't really use Dependabot for Rust dependencies, since we are tracking Gecko,
  # but we do want to be notified of security vulnerabilities.
  - package-ecosystem: "cargo"
    directory: "/"
    schedule:
      interval: "weekly"
    # Disable all non-security updates.
    # <https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit>
    open-pull-requests-limit: 0
    cooldown:
      default-days: 10
      semver-major-days: 20
      semver-minor-days: 10
      semver-patch-days: 5
  - package-ecosystem: "github-actions"
    directories:
      - "/.github/actions/*"
      - "/"
    schedule:
      interval: "weekly"
    cooldown:
      default-days: 10
      # "semver" not supported for github-actions; see https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#configuration-of-cooldown
      # semver-major-days: 20
      # semver-minor-days: 10
      # semver-patch-days: 5
  - package-ecosystem: "docker"
    directory: "/qns"
    schedule:
      interval: "weekly"
    cooldown:
      default-days: 10
      # "semver" not supported for docker; see https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#configuration-of-cooldown
      # semver-major-days: 20
      # semver-minor-days: 10
      # semver-patch-days: 5