From b5a52c701c2fcb5acd7727f6686fae6073ca70de Mon Sep 17 00:00:00 2001
From: Yuki Fujisaki <kitakore@gmail.com>
Date: Tue, 9 Jun 2026 18:14:14 +0900
Subject: [PATCH 1/2] chore(dependabot): add 3-day cooldown for supply-chain
 safety

---
 .github/dependabot.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..60c1721
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,24 @@
+version: 2
+updates:
+  - package-ecosystem: gradle
+    directories:
+      - "/**"
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+    cooldown:
+      default-days: 3
+    groups:
+      minor-and-patch:
+        patterns: ["*"]
+        update-types: ["minor", "patch"]
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+    cooldown:
+      default-days: 3
+    groups:
+      actions:
+        patterns: ["*"]

From 08e98914f677f7313c78976f5f8a900c581de184 Mon Sep 17 00:00:00 2001
From: Yuki Fujisaki <kitakore@gmail.com>
Date: Tue, 9 Jun 2026 18:38:44 +0900
Subject: [PATCH 2/2] chore(dependabot): scope gradle dirs to build roots;
 limit actions group to minor/patch

---
 .github/dependabot.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 60c1721..cfe7838 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,7 +2,8 @@ version: 2
 updates:
   - package-ecosystem: gradle
     directories:
-      - "/**"
+      - "/"
+      - "/plugins"
     schedule:
       interval: weekly
     open-pull-requests-limit: 10
@@ -22,3 +23,4 @@ updates:
     groups:
       actions:
         patterns: ["*"]
+        update-types: ["minor", "patch"]