Add a cooldown to dependabot

zetter-rpf · zetter-rpf · commit 98b5aa6ad0e4 · 2026-04-13T10:03:04.000+01:00
This has become a recommended way to reduce the risk of supply chain attacks. 10 days is fairly arbitrary and could be shortened or lengthened in the future.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -2,5 +2,7 @@ version: 2
 updates:
 - package-ecosystem: "bundler"
   directory: "/" # Location of package manifests
+  cooldown:
+    default-days: 10
   schedule:
     interval: "daily"
