From 71c55d4e12cf0f05d473bd7b5fb3943f3e1ed112 Mon Sep 17 00:00:00 2001
From: Jiro Matsuzawa <j.matsuzawa@newnormal-resource.com>
Date: Mon, 15 Jun 2026 09:56:29 +0900
Subject: [PATCH] Fix uv ecosystem value in dependabot skill (#1990)

* Fix uv ecosystem value in dependabot skill

Dependabot supports `uv` ecosystem. It should be used rather than `pip`.

https://docs.github.com/en/code-security/reference/supply-chain-security/supported-ecosystems-and-repositories

* Add note to choose uv or pip for dependabot skill
---
 skills/dependabot/SKILL.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/skills/dependabot/SKILL.md b/skills/dependabot/SKILL.md
index 1c3a5939..710ccb6c 100644
--- a/skills/dependabot/SKILL.md
+++ b/skills/dependabot/SKILL.md
@@ -34,7 +34,8 @@ Scan the repository for dependency manifests. Look for:
 | Ecosystem | YAML Value | Manifest Files |
 |---|---|---|
 | npm/pnpm/yarn | `npm` | `package.json`, `package-lock.json`, `pnpm-lock.yaml`, `yarn.lock` |
-| pip/pipenv/poetry/uv | `pip` | `requirements.txt`, `Pipfile`, `pyproject.toml`, `setup.py` |
+| pip/pipenv/poetry | `pip` | `requirements.txt`, `Pipfile`, `pyproject.toml`, `setup.py` |
+| uv | `uv` | `pyproject.toml`, `uv.lock` |
 | Docker | `docker` | `Dockerfile` |
 | Docker Compose | `docker-compose` | `docker-compose.yml` |
 | GitHub Actions | `github-actions` | `.github/workflows/*.yml` |
@@ -57,7 +58,9 @@ Scan the repository for dependency manifests. Look for:
 | Git Submodules | `gitsubmodule` | `.gitmodules` |
 | Pre-commit | `pre-commit` | `.pre-commit-config.yaml` |
 
-Note: pnpm and yarn both use the `npm` ecosystem value.
+Notes:
+- pnpm and yarn both use the `npm` ecosystem value.
+- Prefer `uv` ecosystem value when `uv.lock` is present; otherwise use `pip`.
 
 ### Step 2: Map Directory Locations