From 824ddc883b4d36ea1a36d68493c3a7e7d51ada01 Mon Sep 17 00:00:00 2001
From: Mathieu Pillard <mpillard@mozilla.com>
Date: Mon, 8 Dec 2025 14:26:40 +0100
Subject: [PATCH] Update zizmor, specifying cooldown for all ecosystems

The latest version of zizmor checks for the cooldown parameter for
all ecosystems, and dependabot documentation says that should work,
so let's try that again.

docker-compose ecosystem is added to keep zizmor up to date.
---
 .github/dependabot.yml   | 13 ++++++++++++-
 docker-compose.tools.yml |  2 +-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f2af7c2..9c18c4e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,10 +3,21 @@ updates:
 - package-ecosystem: "github-actions"
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
+  cooldown:
+    default-days: 7
+  open-pull-requests-limit: 99
+- package-ecosystem: "docker-compose"
+  directory: "/"
+  schedule:
+    interval: weekly
+  cooldown:
+    default-days: 7
   open-pull-requests-limit: 99
 - package-ecosystem: pip
   directory: "/requirements"
   schedule:
     interval: daily
+  cooldown:
+    default-days: 7
   open-pull-requests-limit: 99
diff --git a/docker-compose.tools.yml b/docker-compose.tools.yml
index fd2aa79..97659cf 100644
--- a/docker-compose.tools.yml
+++ b/docker-compose.tools.yml
@@ -13,6 +13,6 @@ services:
 
   zizmor:
     extends: base
-    image: ghcr.io/zizmorcore/zizmor:1.11.0@sha256:ecb5e81e47bdb9e61ffa26b3def736ef4a6842d25e106986fd9dc579da0c9a68
+    image: ghcr.io/zizmorcore/zizmor:1.18.0@sha256:c5bbdb28b75702f181695d7a878e562ccb5c0a01847db87edda7476908d73dd6
     environment:
       - GH_TOKEN