Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

uv

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

https://github.com/bbc/ttml-validator/blob/main/uv.lock
https://github.com/bbc/ttml-validator/blob/main/poetry.lock

dependabot.yml content

https://github.com/bbc/ttml-validator/blob/main/.github/dependabot.yml

Updated dependency

requests, from release 2.32.5 to 2.33.0, which was published 1 day ago

What you expected to see, versus what you actually saw

I expected Dependabot to wait until the release is the cooldown period age, i.e. 7 days, before opening the pull request, and at that point to open 1 or 2 pull requests to update each of uv.lock and poetry.lock to take the new version.

What actually happened is that Dependabot opened one pull request to update uv.lock when the dependency being updated was 1 day old, i.e. less than the cooldown period.

One other point, that may be irrelevant: in this case the config has the pip ecosystem checked daily and uv checked weekly (I don't know why, that's probably a mistake and they should both be daily) - I speculate without knowledge that this could be related to the bug.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

bbc/ttml-validator#17

Smallest manifest that reproduces the issue

No response