From d32e5b4ff2fce5eeab56e4a0261278655400161d Mon Sep 17 00:00:00 2001
From: "neurobagel-bot[bot]"
 <176077434+neurobagel-bot[bot]@users.noreply.github.com>
Date: Fri, 27 Mar 2026 18:54:02 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/depend?=
 =?UTF-8?q?abot.yml'=20with=20remote=20'template=5Fworkflows/dependabot.ym?=
 =?UTF-8?q?l'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/dependabot.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 54bdf822..91154de2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -57,8 +57,13 @@ updates:
       - "_bot"
       - "dependencies"
 
-# This is a temporary fix until we update the global sync workflow
-  - package-ecosystem: "uv"
+  # In repo settings we have configured dependabot to open PRs for security updates.
+  # Here we configure custom labels to be applied to security update PRs,
+  # while still preventing regular version update PRs.
+  # See https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file
+  # Note: this configuration only has an effect in repositories that have
+  # a requirements.txt file / use python / pip.
+  - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "weekly"