From 3ea821422b1b3f814de2e49bccf62d1f7673cb83 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 20 May 2026 20:19:30 +0000
Subject: [PATCH] chore(security): add Dependabot cooldown, grouped updates,
 and pin Python deps

---
 .github/dependabot.yml                  | 10 ++++++----
 .github/workflows/python-build-test.yml |  4 ++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 26f4cee..2cac7ab 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,6 +11,8 @@ updates:
       interval: "weekly"
     reviewers:
       - "advanced-security/oss-maintainers"
+    cooldown:
+      default-days: 3
     groups:
       production-dependencies:
         dependency-type: "production"
@@ -23,9 +25,9 @@ updates:
       interval: "weekly"
     reviewers:
       - "advanced-security/oss-maintainers"
+    cooldown:
+      default-days: 3
     groups:
-      production-dependencies:
-        dependency-type: "production"
-      development-dependencies:
-        dependency-type: "development"
+      actions:
+        patterns: ["*"]
       
diff --git a/.github/workflows/python-build-test.yml b/.github/workflows/python-build-test.yml
index ff5fea5..493e8a2 100644
--- a/.github/workflows/python-build-test.yml
+++ b/.github/workflows/python-build-test.yml
@@ -23,8 +23,8 @@ jobs:
 
       - name: Install dependencies
         run: |
-          pip install pipenv
-          pipenv install --dev
+          pip install 'pipenv==2026.6.1'
+          pipenv sync --dev
 
       - name: Run Tests
         run: |