From ee6b7371612506eb0313692a81692c12efd25b44 Mon Sep 17 00:00:00 2001
From: Lucas Alvares Gomes <lucasagomes@gmail.com>
Date: Thu, 28 May 2026 10:45:16 +0100
Subject: [PATCH] Add Dependabot config for Python dependencies

Introduces .github/dependabot.yml to enable weekly tracking of pip
package updates and automate security vulnerability patching.

This change pinned the version of existing packages in the
requirements.txt. Now Dependabot will be able to detect and propose
version bumps for these.

Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
---
 .github/dependabot.yml | 7 +++++++
 requirements.txt       | 8 ++++----
 2 files changed, 11 insertions(+), 4 deletions(-)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..296615c
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
diff --git a/requirements.txt b/requirements.txt
index 494c1e3..cfecf66 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
 lightspeed-rag-content @ git+https://github.com/lightspeed-core/rag-content@main
-defusedxml
-packaging
-lxml
-html2text
+defusedxml==0.7.1
+packaging==26.2
+lxml==6.1.1
+html2text==2025.4.15