security folks recommend a cooldown period for dependabot.yml

paulk-asert · paulk-asert · commit a9997c0d2cc9 · 2026-04-18T05:41:25.000+10:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -20,8 +20,12 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    cooldown:
+      default-days: 7
   # Maintain dependencies for Gradle
   - package-ecosystem: "gradle"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+    cooldown:
+      default-days: 7
