From 0669839c3429e65ec4a03dd107dfe7cdee270c15 Mon Sep 17 00:00:00 2001
From: Rishika Badamoni <rishika100815@gmail.com>
Date: Thu, 29 Jan 2026 13:25:10 -0600
Subject: [PATCH 1/3] Update dependabot config for pip

---
 .github/dependabot.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index cef2175..9e4c3f1 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -88,3 +88,22 @@ updates:
     target-branch: master # specifying target-branch in one configuration and not the other is a loophole that allows
     # us to have two configurations for "npm".  see open feature request:
     # https://github.com/dependabot/dependabot-core/issues/1778#issuecomment-1988140219
+  - package-ecosystem: "pip"
+    directory: "/python/pip"
+    schedule:
+      interval: "daily"
+      time: "07:00"
+      timezone: "America/New_York"
+    commit-message: # Prefix all commit messages with "pip: "
+      prefix: "pip"
+    labels:
+      - "dependencies"
+      - "dependabot"
+    assignees:
+      - "jeffsays"
+    reviewers:
+      - "jeffsays"
+    groups:
+      pip-deps:
+        patterns:
+          - "*"

From 64c49df18dc710ca50ccce87acdb1f5cd0a24901 Mon Sep 17 00:00:00 2001
From: Rishika Badamoni <rishika100815@gmail.com>
Date: Thu, 29 Jan 2026 13:31:09 -0600
Subject: [PATCH 2/3] holding off on groups

---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 9e4c3f1..e3fc3cf 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -104,6 +104,6 @@ updates:
     reviewers:
       - "jeffsays"
     groups:
-      pip-deps:
+      # Not sure
         patterns:
           - "*"

From 602cd707011cc4f19b73691226670099eead0ced Mon Sep 17 00:00:00 2001
From: Rishika Badamoni <rishika100815@gmail.com>
Date: Wed, 4 Feb 2026 20:01:21 -0600
Subject: [PATCH 3/3] Add groups

---
 .github/dependabot.yml | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e3fc3cf..d00139f 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -104,6 +104,16 @@ updates:
     reviewers:
       - "jeffsays"
     groups:
-      # Not sure
-        patterns:
-          - "*"
+      prod-deps-sec-pip:
+        dependency-type: "production"
+      dev-deps-sec-pip:
+        dependency-type: "development"
+    allow: # Provide security updates, but not version updates, for open-source packages
+      - dependency-name: "*"
+        dependency-type: "all"
+    ignore: # Issue security updates, but not regular updates, for public packages
+      - dependency-name: "*"
+        update-types:
+          - version-update:semver-major
+          - version-update:semver-minor
+          - version-update:semver-patch