From cce079f7ba6279392f44ea5b46d4c32e02b2b277 Mon Sep 17 00:00:00 2001
From: Chris Reddington <791642+chrisreddington@users.noreply.github.com>
Date: Fri, 24 Apr 2026 05:59:23 +0100
Subject: [PATCH 1/3] chore: align Dependabot config with trend-radar pattern

- Rename actions-minor group to actions-all and include major updates
- Replace npm default-days cooldown with semver-specific days (major: 14, minor: 3, patch: 3)
- Add major updates to npm-development group
- Add minor updates to npm-production group
- Remove open-pull-requests-limit (not needed with grouping)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/dependabot.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a041efa..904689d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,12 +4,12 @@ updates:
     directory: /
     schedule:
       interval: weekly
-    open-pull-requests-limit: 10
     cooldown:
       default-days: 7
     groups:
-      actions-minor:
+      actions-all:
         update-types:
+          - major
           - minor
           - patch
 
@@ -17,16 +17,19 @@ updates:
     directory: /
     schedule:
       interval: weekly
-    open-pull-requests-limit: 10
     cooldown:
-      default-days: 7
+      semver-major-days: 14
+      semver-minor-days: 3
+      semver-patch-days: 3
     groups:
       npm-development:
         dependency-type: development
         update-types:
+          - major
           - minor
           - patch
       npm-production:
         dependency-type: production
         update-types:
+          - minor
           - patch

From 0ff6ed7a7000bb4b2707871f06cd1397f34ae2df Mon Sep 17 00:00:00 2001
From: Chris Reddington <791642+chrisreddington@users.noreply.github.com>
Date: Fri, 24 Apr 2026 06:06:40 +0100
Subject: [PATCH 2/3] fix: add default-days to npm cooldown to satisfy zizmor

zizmor requires a default-days fallback when semver-specific cooldown
days are configured. Setting it to 3 to match the minor/patch value.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/dependabot.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 904689d..12225e5 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -18,6 +18,7 @@ updates:
     schedule:
       interval: weekly
     cooldown:
+      default-days: 3
       semver-major-days: 14
       semver-minor-days: 3
       semver-patch-days: 3

From 945c64c890de630390fb03b282ef02ee30d2f25a Mon Sep 17 00:00:00 2001
From: Chris Reddington <791642+chrisreddington@users.noreply.github.com>
Date: Fri, 24 Apr 2026 06:12:22 +0100
Subject: [PATCH 3/3] fix: increase npm cooldown default-days to 7 for zizmor
 compliance

zizmor requires default-days >= 7. Semver-specific days still apply
for major (14d), minor (3d), and patch (3d).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 12225e5..56d2a88 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -18,7 +18,7 @@ updates:
     schedule:
       interval: weekly
     cooldown:
-      default-days: 3
+      default-days: 7
       semver-major-days: 14
       semver-minor-days: 3
       semver-patch-days: 3