From e9f8dd2671332cbce161861cdffadd9a1a6c3168 Mon Sep 17 00:00:00 2001
From: JD Davis <mxjerrett@gmail.com>
Date: Mon, 15 Jun 2026 20:18:34 -0500
Subject: [PATCH 1/3] chore: harden grouped dependency updates

---
 .github/dependabot.yml | 61 +++++++++++++-----------------------------
 1 file changed, 18 insertions(+), 43 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0f52a8ec..a02dc81d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,66 +1,41 @@
+# Keep dependency PRs grouped and delayed for at least 48 hours so newly published packages age before adoption.
 version: 2
-
 updates:
-  # NuGet package updates
-  - package-ecosystem: "nuget"
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "monday"
-      time: "09:00"
-    open-pull-requests-limit: 10
-    reviewers:
-      - "jerrettdavis"
+      time: "06:00"
+      timezone: "America/Chicago"
+    open-pull-requests-limit: 5
     labels:
       - "dependencies"
-      - "nuget"
+      - "ci"
     commit-message:
-      prefix: "chore"
-      include: "scope"
+      prefix: "chore(deps)"
+    cooldown:
+      default-days: 2
     groups:
-      all-nuget:
+      github-actions-dependencies:
         patterns:
           - "*"
-      microsoft:
-        patterns:
-          - "Microsoft.*"
-        update-types:
-          - "minor"
-          - "patch"
-      testing:
-        patterns:
-          - "xunit*"
-          - "Moq"
-          - "FluentAssertions"
-          - "coverlet.*"
-        update-types:
-          - "minor"
-          - "patch"
-      analyzers:
-        patterns:
-          - "*.Analyzers"
-          - "*.CodeAnalysis"
-        update-types:
-          - "minor"
-          - "patch"
 
-  # GitHub Actions updates
-  - package-ecosystem: "github-actions"
+  - package-ecosystem: "nuget"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "monday"
-      time: "09:00"
-    open-pull-requests-limit: 5
-    reviewers:
-      - "jerrettdavis"
+      time: "06:00"
+      timezone: "America/Chicago"
+    open-pull-requests-limit: 10
     labels:
       - "dependencies"
-      - "github-actions"
     commit-message:
-      prefix: "ci"
-      include: "scope"
+      prefix: "chore(deps)"
+    cooldown:
+      default-days: 2
     groups:
-      all-actions:
+      nuget-dependencies:
         patterns:
           - "*"

From cf2c3de1ecd560a5f9ca826b6838f9121451de57 Mon Sep 17 00:00:00 2001
From: JD Davis <mxjerrett@gmail.com>
Date: Mon, 15 Jun 2026 20:19:54 -0500
Subject: [PATCH 2/3] chore: harden grouped dependency updates


From f009019d63952fb290b51c907f5abe949ee4e85a Mon Sep 17 00:00:00 2001
From: JD Davis <mxjerrett@gmail.com>
Date: Mon, 15 Jun 2026 20:21:16 -0500
Subject: [PATCH 3/3] chore: harden grouped dependency updates