From ca30f6941b5b623d24617235fcd11b761518cf37 Mon Sep 17 00:00:00 2001
From: sj <suresh@vicarasolutions.com>
Date: Mon, 20 Oct 2025 22:30:32 -0400
Subject: [PATCH 1/5] Attempting to get Dependabot looking at the Pants Python
 deps

---
 .github/dependabot.yml | 9 +++++++++
 pants                  | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ac2f14a305d..646ae63d957 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,6 +6,7 @@ updates:
     rebase-strategy: auto
     labels:
       - "category:internal"
+      - "release-notes:not-required"
     schedule:
       interval: "weekly" 
       day: "wednesday"
@@ -18,3 +19,11 @@ updates:
       - sureshjoshi
       - tdyas
       - tgolsson
+  
+  - package-ecosystem: pip
+    directory: "/3rdparty/python"
+    schedule:
+      interval: weekly
+    labels:
+      - "category:internal"
+      - "release-notes:not-required"
diff --git a/pants b/pants
index ba49cc133f2..547d8b2e127 100755
--- a/pants
+++ b/pants
@@ -4,8 +4,8 @@
 
 # This bootstrap script runs pants from the live sources in this repo.
 #
-# The script defaults to running with either Python 3.7 or Python 3.8. To use another Python version,
-# prefix the script with `PY=python3.8`.
+# The script defaults to running with Python 3.11. To use another Python version,
+# prefix the script with `PY=python3.14`.
 
 set -eo pipefail
 

From b448bb69d6b997ee370609b422624104911e7c2d Mon Sep 17 00:00:00 2001
From: SJ <suresh@vicarasolutions.com>
Date: Tue, 21 Oct 2025 21:34:42 -0400
Subject: [PATCH 2/5] Attempting to see if this runs in my fork

---
 .github/dependabot.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 646ae63d957..bbb8912ed10 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -23,7 +23,8 @@ updates:
   - package-ecosystem: pip
     directory: "/3rdparty/python"
     schedule:
-      interval: weekly
+      interval: daily
     labels:
       - "category:internal"
+      - "dependencies"
       - "release-notes:not-required"

From 3b2e4a135c6b77b87aeea1e8a4f11e55ea8b93cf Mon Sep 17 00:00:00 2001
From: SJ <suresh@vicarasolutions.com>
Date: Tue, 21 Oct 2025 22:09:12 -0400
Subject: [PATCH 3/5] Trying to reduce PR noise, while increasing PR value

---
 .github/dependabot.yml | 53 +++++++++++++++++++++++++++++++++++-------
 1 file changed, 44 insertions(+), 9 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index bbb8912ed10..0d0b20d0515 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,17 +1,36 @@
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference
+
 version: 2
 updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      gha-deps:
+        patterns:
+          - "*"
+
   - package-ecosystem: "cargo"
     directory: "/src/rust"
-    open-pull-requests-limit: 5
-    rebase-strategy: auto
+    allow:
+      - dependency-type: "all"
+    groups:
+      rust-version-updates:
+        applies-to: version-updates
+        patterns:
+          - "*"
+      rust-security-updates:
+        applies-to: security-updates
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
     labels:
       - "category:internal"
+      - "dependencies"
       - "release-notes:not-required"
-    schedule:
-      interval: "weekly" 
-      day: "wednesday"
-      time: "03:00"
-      timezone: "US/Pacific"
     reviewers:
       - benjyw
       - cburroughs
@@ -19,12 +38,28 @@ updates:
       - sureshjoshi
       - tdyas
       - tgolsson
+    schedule:
+      interval: "weekly"
   
   - package-ecosystem: pip
     directory: "/3rdparty/python"
-    schedule:
-      interval: daily
+    allow:
+      - dependency-type: "all"    
+    groups:
+      python-version-updates:
+        applies-to: version-updates
+        patterns:
+          - "*"
+      python-security-updates:
+        applies-to: security-updates
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
     labels:
       - "category:internal"
       - "dependencies"
       - "release-notes:not-required"
+    schedule:
+      interval: weekly

From 0bc6e3bff7bb13dd110fee563ee7ec3012427dee Mon Sep 17 00:00:00 2001
From: SJ <suresh@vicarasolutions.com>
Date: Tue, 21 Oct 2025 22:30:21 -0400
Subject: [PATCH 4/5] Adding npm to the mix

---
 .github/dependabot.yml | 39 +++++++++++++++++++++++++++++++++------
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0d0b20d0515..40a13254f1b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,10 +16,6 @@ updates:
     allow:
       - dependency-type: "all"
     groups:
-      rust-version-updates:
-        applies-to: version-updates
-        patterns:
-          - "*"
       rust-security-updates:
         applies-to: security-updates
         patterns:
@@ -27,6 +23,10 @@ updates:
         update-types:
           - "minor"
           - "patch"
+      rust-version-updates:
+        applies-to: version-updates
+        patterns:
+          - "*"
     labels:
       - "category:internal"
       - "dependencies"
@@ -46,20 +46,47 @@ updates:
     allow:
       - dependency-type: "all"    
     groups:
+      python-security-updates:
+        applies-to: security-updates
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
       python-version-updates:
         applies-to: version-updates
         patterns:
           - "*"
-      python-security-updates:
+    labels:
+      - "category:internal"
+      - "dependencies"
+      - "release-notes:not-required"
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: "npm"
+    directories: 
+      - "build-support/**/*"
+      - "src/python/pants/backend/javascript/**/*"
+      - "src/python/pants/backend/typescript/**/*"
+      - "testprojects/src/js/**/*"
+    allow:
+      - dependency-type: "all"
+    groups:
+      js-security-updates:
         applies-to: security-updates
         patterns:
           - "*"
         update-types:
           - "minor"
           - "patch"
+      js-version-updates:
+        applies-to: version-updates
+        patterns:
+          - "*"
     labels:
       - "category:internal"
       - "dependencies"
       - "release-notes:not-required"
     schedule:
-      interval: weekly
+      interval: "weekly"

From 4ae5972e3451e155a62ab943b807c55be123f131 Mon Sep 17 00:00:00 2001
From: SJ <suresh@vicarasolutions.com>
Date: Tue, 21 Oct 2025 22:51:43 -0400
Subject: [PATCH 5/5] Transitive deps might be a bit much

---
 .github/dependabot.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 40a13254f1b..ef1e7273742 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -13,8 +13,6 @@ updates:
 
   - package-ecosystem: "cargo"
     directory: "/src/rust"
-    allow:
-      - dependency-type: "all"
     groups:
       rust-security-updates:
         applies-to: security-updates
@@ -43,8 +41,6 @@ updates:
   
   - package-ecosystem: pip
     directory: "/3rdparty/python"
-    allow:
-      - dependency-type: "all"    
     groups:
       python-security-updates:
         applies-to: security-updates
@@ -70,8 +66,6 @@ updates:
       - "src/python/pants/backend/javascript/**/*"
       - "src/python/pants/backend/typescript/**/*"
       - "testprojects/src/js/**/*"
-    allow:
-      - dependency-type: "all"
     groups:
       js-security-updates:
         applies-to: security-updates