From a910a9468c457e09f089171079fb8965041884d1 Mon Sep 17 00:00:00 2001 From: Szymon Konefal Date: Fri, 12 Jun 2026 01:22:28 +0200 Subject: [PATCH 1/3] chore: add Dependabot config with cooldown Towards PLA-2146 --- .github/dependabot.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..af5a1e2 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,36 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "monthly" + cooldown: + default-days: 7 + open-pull-requests-limit: 10 + groups: + security-updates: + applies-to: "security-updates" + patterns: ["*"] + minor-and-patch: + patterns: ["*"] + update-types: ["minor", "patch"] + major-updates: + patterns: ["*"] + update-types: ["major"] + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + cooldown: + default-days: 7 + open-pull-requests-limit: 10 + groups: + security-updates: + applies-to: "security-updates" + patterns: ["*"] + minor-and-patch: + patterns: ["*"] + update-types: ["minor", "patch"] + major-updates: + patterns: ["*"] + update-types: ["major"] From fe7c4189447b35e4c9635be95bf4f37f6bf0fbe4 Mon Sep 17 00:00:00 2001 From: Szymon Konefal Date: Fri, 12 Jun 2026 14:27:42 +0200 Subject: [PATCH 2/3] Switch dependabot to uv and remove open-pull-requests-limit override Align the package-ecosystem with the in-flight pip-to-uv migration and drop the open-pull-requests-limit: 10 override so Dependabot reverts to its default. Towards PLA-2146 --- .github/dependabot.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index af5a1e2..70c3920 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,12 +1,11 @@ version: 2 updates: - - package-ecosystem: "pip" + - package-ecosystem: "uv" directory: "/" schedule: interval: "monthly" cooldown: default-days: 7 - open-pull-requests-limit: 10 groups: security-updates: applies-to: "security-updates" @@ -23,7 +22,6 @@ updates: interval: "monthly" cooldown: default-days: 7 - open-pull-requests-limit: 10 groups: security-updates: applies-to: "security-updates" From 1f7c4a7fc959937d885dedc709e3c1ab4509542a Mon Sep 17 00:00:00 2001 From: Szymon Konefal Date: Fri, 12 Jun 2026 15:00:14 +0200 Subject: [PATCH 3/3] chore(dependabot): stop grouping major version updates into one PR Towards PLA-2146 --- .github/dependabot.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 70c3920..68d5139 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -13,9 +13,6 @@ updates: minor-and-patch: patterns: ["*"] update-types: ["minor", "patch"] - major-updates: - patterns: ["*"] - update-types: ["major"] - package-ecosystem: "github-actions" directory: "/" schedule: @@ -29,6 +26,3 @@ updates: minor-and-patch: patterns: ["*"] update-types: ["minor", "patch"] - major-updates: - patterns: ["*"] - update-types: ["major"]