From 1e86eaeba66ede793d6c049080c1c5cf46bfc388 Mon Sep 17 00:00:00 2001
From: Marcelo Trylesinski <marcelotryle@gmail.com>
Date: Sat, 20 Jun 2026 16:09:38 +0200
Subject: [PATCH 1/2] Add uv ecosystem to dependabot and drop weekly lockfile
 workflow

---
 .github/dependabot.yml                       | 12 ++++++
 .github/workflows/weekly-lockfile-update.yml | 43 --------------------
 2 files changed, 12 insertions(+), 43 deletions(-)
 delete mode 100644 .github/workflows/weekly-lockfile-update.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 00dc69828b..a1fc3f59b9 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,9 +1,21 @@
 version: 2
 updates:
+  - package-ecosystem: "uv"
+    directory: "/"
+    schedule:
+      interval: monthly
+    cooldown:
+      default-days: 7
+    groups:
+      python-packages:
+        patterns:
+          - "*"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: monthly
+    cooldown:
+      default-days: 7
     groups:
       github-actions:
         patterns:
diff --git a/.github/workflows/weekly-lockfile-update.yml b/.github/workflows/weekly-lockfile-update.yml
deleted file mode 100644
index ae17795bb9..0000000000
--- a/.github/workflows/weekly-lockfile-update.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: Weekly Lockfile Update
-
-on:
-  workflow_dispatch:
-  schedule:
-    # Every Thursday at 8:00 UTC
-    - cron: "0 8 * * 4"
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  update-lockfile:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-
-      - uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
-        with:
-          version: 0.9.5
-
-      - name: Update lockfile
-        run: |
-          echo '## Updated Dependencies' > pr_body.md
-          echo '' >> pr_body.md
-          echo '```' >> pr_body.md
-          uv lock --upgrade 2>&1 | tee -a pr_body.md
-          echo '```' >> pr_body.md
-
-      - name: Create pull request
-        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
-        with:
-          commit-message: "chore: update uv.lock with latest dependencies"
-          sign-commits: true
-          title: "chore: weekly dependency update"
-          body-path: pr_body.md
-          branch: weekly-lockfile-update
-          delete-branch: true
-          add-paths: uv.lock
-          labels: dependencies

From 583760fefc415faaf95683cd19cac4bfc7176add Mon Sep 17 00:00:00 2001
From: Marcelo Trylesinski <marcelotryle@gmail.com>
Date: Sat, 20 Jun 2026 16:13:07 +0200
Subject: [PATCH 2/2] Apply suggestions from code review

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
---
 .github/dependabot.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a1fc3f59b9..ffe967e99c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,7 +5,7 @@ updates:
     schedule:
       interval: monthly
     cooldown:
-      default-days: 7
+      default-days: 14
     groups:
       python-packages:
         patterns:
@@ -15,7 +15,7 @@ updates:
     schedule:
       interval: monthly
     cooldown:
-      default-days: 7
+      default-days: 14
     groups:
       github-actions:
         patterns: