Add 2-day dependabot cooldown to harden against supply chain attacks

ftes · ftes · commit 5403f2bc80c9 · 2025-12-02T07:23:43.000+01:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,7 +9,11 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    cooldown:
+      default-days: 2
   - package-ecosystem: "npm"
     directory: "/priv/static/assets"
     schedule:
       interval: "weekly"
+    cooldown:
+      default-days: 2
