From e942467fc4585631d166ad6ab9f91d7aba6baa2b Mon Sep 17 00:00:00 2001 From: pinecone-founding-eng Date: Sat, 11 Jul 2026 15:45:22 -0400 Subject: [PATCH] Enable Dependabot version updates Adds .github/dependabot.yml with weekly, grouped dependency updates so we stay close to patched releases and can fast-patch security advisories. Part of PIN-4 (security fast-patch process). --- .github/dependabot.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..26033c37 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,30 @@ +version: 2 +updates: + - package-ecosystem: "uv" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 + groups: + python-minor-and-patch: + update-types: + - "minor" + - "patch" + - package-ecosystem: "cargo" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 + groups: + cargo-minor-and-patch: + update-types: + - "minor" + - "patch" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + groups: + github-actions: + patterns: + - "*"