fix(dependabot): adds required schedule to uv updates

[rusackas]

SUMMARY

Seems dependabot got more picky somewhere along the line:

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[korbit-ai]

Based on your review schedule, I'll hold off on reviewing this PR until it's marked as ready for review. If you'd like me to take a look now, comment /korbit-review.

Your admin can change your review schedule in the Korbit Console

[korbit-ai]

I've completed my review and didn't find any issues.

Check out our docs on how you can make Korbit work best for you and your team.

Loving Korbit!? Share us on LinkedIn Reddit and X

[mistercrunch]

Oh good catch. Related -> dependabot/dependabot-core#10040 (comment)

[mistercrunch]

should we do weekly? My intent was to monitor progress and report back on dependabot/dependabot-core#10040 (comment) , so far I don't think dependabot is doing anything or what's required to allow for the magic to happen.

I found out looking at some of the code / PR that dependabot seems to be trying to be magical, finding your reqs files and triggering script based on their headers (I think), so if you requirements.txt has a comment saying # generated using this command, it'll try to run that.

In our case, dependabot should run scripts/uv-pip-compile.sh that runs atomically for all requirements/*.in and I don't think there's anyway to control/configure that in .github/dependabot.yml.

[rusackas]

Weekly it is! Was just conforming to the rest of 'em. We can switch it back to monthly if it gets too noisy and we want to get hit by the wave less often.