From e4d638303cb76aaf2803cfcfdd5baa4e02d5bbef Mon Sep 17 00:00:00 2001
From: Dan Harrin <git@danharrin.com>
Date: Tue, 12 May 2026 11:37:42 +0100
Subject: [PATCH] Update Zizmor config

---
 .github/dependabot.yml       | 2 ++
 .github/workflows/zizmor.yml | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index adf1f75..de6cf05 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,6 +9,8 @@ updates:
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
+    cooldown:
+      default-days: 7
     labels:
       - "dependencies"
       - "github_actions"
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index d76af41..fb10097 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -18,11 +18,11 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      security-events: write
-      actions: read
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
       - uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+        with:
+          advanced-security: false