From a84e18bef42339172ae45e16a9eb00877f993aa9 Mon Sep 17 00:00:00 2001
From: Szymon Konefal <szymon@dune.com>
Date: Fri, 12 Jun 2026 01:23:13 +0200
Subject: [PATCH 1/3] chore: add Dependabot config with cooldown

Towards PLA-2146
---
 .github/dependabot.yml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..5fca284
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,36 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    cooldown:
+      default-days: 7
+    open-pull-requests-limit: 10
+    groups:
+      security-updates:
+        applies-to: "security-updates"
+        patterns: ["*"]
+      minor-and-patch:
+        patterns: ["*"]
+        update-types: ["minor", "patch"]
+      major-updates:
+        patterns: ["*"]
+        update-types: ["major"]
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    cooldown:
+      default-days: 7
+    open-pull-requests-limit: 10
+    groups:
+      security-updates:
+        applies-to: "security-updates"
+        patterns: ["*"]
+      minor-and-patch:
+        patterns: ["*"]
+        update-types: ["minor", "patch"]
+      major-updates:
+        patterns: ["*"]
+        update-types: ["major"]

From 5263b0f43a2cc36bc180aff2d6a0a4c067615a76 Mon Sep 17 00:00:00 2001
From: Szymon Konefal <szymon@dune.com>
Date: Fri, 12 Jun 2026 14:26:39 +0200
Subject: [PATCH 2/3] Remove open-pull-requests-limit override

Drop the open-pull-requests-limit: 10 override so Dependabot reverts to its
default open PR limit of 5.

Towards PLA-2146
---
 .github/dependabot.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 5fca284..a8000bd 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,7 +6,6 @@ updates:
       interval: "monthly"
     cooldown:
       default-days: 7
-    open-pull-requests-limit: 10
     groups:
       security-updates:
         applies-to: "security-updates"
@@ -23,7 +22,6 @@ updates:
       interval: "monthly"
     cooldown:
       default-days: 7
-    open-pull-requests-limit: 10
     groups:
       security-updates:
         applies-to: "security-updates"

From c401d848fa08aebd578d07fcc5e318c69630a623 Mon Sep 17 00:00:00 2001
From: Szymon Konefal <szymon@dune.com>
Date: Fri, 12 Jun 2026 15:00:40 +0200
Subject: [PATCH 3/3] chore(dependabot): stop grouping major version updates
 into one PR

Towards PLA-2146
---
 .github/dependabot.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a8000bd..ceb9dae 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -13,9 +13,6 @@ updates:
       minor-and-patch:
         patterns: ["*"]
         update-types: ["minor", "patch"]
-      major-updates:
-        patterns: ["*"]
-        update-types: ["major"]
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
@@ -29,6 +26,3 @@ updates:
       minor-and-patch:
         patterns: ["*"]
         update-types: ["minor", "patch"]
-      major-updates:
-        patterns: ["*"]
-        update-types: ["major"]