Add Dependabot config for Python dependencies

[umago]

Introduces .github/dependabot.yml to enable weekly tracking of pip package updates and automate security vulnerability patching.

Summary by CodeRabbit

• Chores
  • Enabled automated dependency checks at the repository root for specified dependencies, configured to run weekly to keep dependency information current and maintain build reliability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e6139ae8-08c1-4bcb-9ab5-5a295f132b96

📥 Commits

Reviewing files that changed from the base of the PR and between 8b8344f and 4fc0356.

📒 Files selected for processing (1)

• .github/dependabot.yml

✅ Files skipped from review due to trivial changes (1)

• .github/dependabot.yml

---

📝 Walkthrough

Walkthrough

Adds .github/dependabot.yml configuring Dependabot v2 to check the uv package ecosystem at the repository root (/) on a weekly schedule.

Changes

Dependabot Setup

Layer / File(s)	Summary
Dependabot configuration for uv dependencies .github/dependabot.yml	Adds a Dependabot v2 rule that performs weekly checks for uv ecosystem dependencies at the repository root (/).

🎯 1 (Trivial) | ⏱️ ~2 minutes

🐰 I hop through code with glee each week,

I nudge your uv deps so they stay sleek,
A tiny config file,
Keeps updates on file,
Fresh versions found without a peep.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding Dependabot configuration for Python dependencies, which directly matches the .github/dependabot.yml file addition.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/dependabot.yml:
- Line 3: The Dependabot config currently uses package-ecosystem: "pip", which
does not update pdm.lock, so either update the Dependabot strategy to regenerate
and commit pdm.lock or switch to a lockfile your build consumes: modify
.github/dependabot.yml to keep Dependabot updating pyproject.toml (or manifest)
but add a CI workflow that runs pdm lock (and then pdm install
--frozen-lockfile) and commits the updated pdm.lock back to the Dependabot PR,
or alternatively change the workflow to use a Dependabot-supported lock/manifest
(e.g., requirements.txt) that the build uses; key symbols: package-ecosystem:
"pip", pdm.lock, pdm lock, and pdm install --frozen-lockfile.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2c0d811c-7eab-46d2-b4f3-ebf7eb3667bb

📥 Commits

Reviewing files that changed from the base of the PR and between 41e2192 and 8b8344f.

📒 Files selected for processing (1)

• .github/dependabot.yml

[Akrog]

/lgtm
/approved