From 9f55430bed38e9d0fd808a2d376e142db1fbb8d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Meira?=
 <6381457+afsmeira@users.noreply.github.com>
Date: Thu, 30 Apr 2026 15:31:12 +0100
Subject: [PATCH] security: Delay dependabot updates

7 days should be enough when most malicious packages are patched within 24 hours.
---
 .github/dependabot.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index d6ea8ca941..b8d031b433 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,9 +6,13 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    cooldown:
+      default-days: 7
 
   # Maintain dependencies for pip
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "weekly"
+    cooldown:
+      default-days: 7