diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ac2f14a305d..ef1e7273742 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,16 +1,34 @@
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference
+
 version: 2
 updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      gha-deps:
+        patterns:
+          - "*"
+
   - package-ecosystem: "cargo"
     directory: "/src/rust"
-    open-pull-requests-limit: 5
-    rebase-strategy: auto
+    groups:
+      rust-security-updates:
+        applies-to: security-updates
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+      rust-version-updates:
+        applies-to: version-updates
+        patterns:
+          - "*"
     labels:
       - "category:internal"
-    schedule:
-      interval: "weekly" 
-      day: "wednesday"
-      time: "03:00"
-      timezone: "US/Pacific"
+      - "dependencies"
+      - "release-notes:not-required"
     reviewers:
       - benjyw
       - cburroughs
@@ -18,3 +36,51 @@ updates:
       - sureshjoshi
       - tdyas
       - tgolsson
+    schedule:
+      interval: "weekly"
+  
+  - package-ecosystem: pip
+    directory: "/3rdparty/python"
+    groups:
+      python-security-updates:
+        applies-to: security-updates
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+      python-version-updates:
+        applies-to: version-updates
+        patterns:
+          - "*"
+    labels:
+      - "category:internal"
+      - "dependencies"
+      - "release-notes:not-required"
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: "npm"
+    directories: 
+      - "build-support/**/*"
+      - "src/python/pants/backend/javascript/**/*"
+      - "src/python/pants/backend/typescript/**/*"
+      - "testprojects/src/js/**/*"
+    groups:
+      js-security-updates:
+        applies-to: security-updates
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+      js-version-updates:
+        applies-to: version-updates
+        patterns:
+          - "*"
+    labels:
+      - "category:internal"
+      - "dependencies"
+      - "release-notes:not-required"
+    schedule:
+      interval: "weekly"
diff --git a/pants b/pants
index ba49cc133f2..547d8b2e127 100755
--- a/pants
+++ b/pants
@@ -4,8 +4,8 @@
 
 # This bootstrap script runs pants from the live sources in this repo.
 #
-# The script defaults to running with either Python 3.7 or Python 3.8. To use another Python version,
-# prefix the script with `PY=python3.8`.
+# The script defaults to running with Python 3.11. To use another Python version,
+# prefix the script with `PY=python3.14`.
 
 set -eo pipefail