From 7e357f5b115c52fe1c0709b0922444b9fdaa385e Mon Sep 17 00:00:00 2001
From: Mathieu Pillard <mpillard@mozilla.com>
Date: Mon, 8 Dec 2025 14:20:38 +0100
Subject: [PATCH] Update zizmor, specifying cooldown for all ecosystems

The latest version of zizmor checks for the cooldown parameter
for all ecosystems, and dependabot documentation says that should
work, so let's try that again.

docker-compose ecosystem is added to keep zizmor up to date.
---
 .github/dependabot.yml   | 13 ++++++++++++-
 docker-compose.tools.yml |  2 +-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f2af7c2..9c18c4e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,10 +3,21 @@ updates:
 - package-ecosystem: "github-actions"
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
+  cooldown:
+    default-days: 7
+  open-pull-requests-limit: 99
+- package-ecosystem: "docker-compose"
+  directory: "/"
+  schedule:
+    interval: weekly
+  cooldown:
+    default-days: 7
   open-pull-requests-limit: 99
 - package-ecosystem: pip
   directory: "/requirements"
   schedule:
     interval: daily
+  cooldown:
+    default-days: 7
   open-pull-requests-limit: 99
diff --git a/docker-compose.tools.yml b/docker-compose.tools.yml
index fd2aa79..97659cf 100644
--- a/docker-compose.tools.yml
+++ b/docker-compose.tools.yml
@@ -13,6 +13,6 @@ services:
 
   zizmor:
     extends: base
-    image: ghcr.io/zizmorcore/zizmor:1.11.0@sha256:ecb5e81e47bdb9e61ffa26b3def736ef4a6842d25e106986fd9dc579da0c9a68
+    image: ghcr.io/zizmorcore/zizmor:1.18.0@sha256:c5bbdb28b75702f181695d7a878e562ccb5c0a01847db87edda7476908d73dd6
     environment:
       - GH_TOKEN