diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 7d27ad1a5..9cbf47a3d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -17,6 +17,8 @@ updates:
   - "*"
   allow:
   - dependency-type: all
+  cooldown:
+    default-days: 7
 - package-ecosystem: github-actions
   directory: "/"
   multi-ecosystem-group: all
@@ -24,4 +26,6 @@ updates:
   - "*"
   allow:
   - dependency-type: all
+  cooldown:
+    default-days: 7
 
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
index 6e0eb6e4b..b15c5efe2 100644
--- a/.github/workflows/actionlint.yml
+++ b/.github/workflows/actionlint.yml
@@ -92,7 +92,7 @@ jobs:
           path: results.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4
+        uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
         with:
           sarif_file: results.sarif
           category: zizmor