From 7db6051024aea7e38e0c981343a2fcff08a2a781 Mon Sep 17 00:00:00 2001
From: Chris Zetter <253059100+zetter-rpf@users.noreply.github.com>
Date: Mon, 13 Apr 2026 09:01:06 +0100
Subject: [PATCH] Add a cooldown to dependabot

This has become a recommended way to reduce the risk of supply chain attacks. 10 days is fairly arbitrary and could be shortened or lengthened in the future.
---
 .github/dependabot.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0a5672dde..5bd1d2b0d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,5 +2,7 @@ version: 2
 updates:
 - package-ecosystem: "bundler"
   directory: "/" # Location of package manifests
+  cooldown:
+    default-days: 10
   schedule:
     interval: "daily"