diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..b84b7d7b
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "uv"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    exclude-paths:
+      - "uv.lock"
diff --git a/pyproject.toml b/pyproject.toml
index 366c0dbe..a5b80be6 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -26,6 +26,8 @@ dependencies = [
     "cryptography>=46.0.7",
     # Security pin: fixes urllib3 vulnerabilities present in versions <2.7.0.
     "urllib3==2.7.0",
+    # Security pin: django-auth-adfs -> requests -> idna.
+    "idna>=3.15",
 ]
 readme = "README.md"
 requires-python = ">= 3.13"
diff --git a/requirements.lock b/requirements.lock
index e3c49e6f..1b8441bb 100644
--- a/requirements.lock
+++ b/requirements.lock
@@ -44,8 +44,10 @@ django-tracking2==0.5.1
     # via variome (pyproject.toml)
 djangorestframework==3.15.2
     # via variome (pyproject.toml)
-idna==3.10
-    # via requests
+idna==3.15
+    # via
+    #   variome (pyproject.toml)
+    #   requests
 natsort==8.4.0
     # via variome (pyproject.toml)
 psycopg==3.3.4