ci: set 7 days cooldown on Dependabot updates

This fixes the warning <https://docs.zizmor.sh/audits/#dependabot-cooldown> and avoids updating to freshly published dependencies that are more likely to be unpublished.
2026-04-17 13:36:30 +03:00 · 2025-10-15 16:52:05 +00:00
parent 187d913f84
commit 9ceceebdc3
1 changed files with 4 additions and 0 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,6 +7,8 @@ updates:
    commit-message:
      prefix: "chore(cargo)"
    open-pull-requests-limit: 50
+    cooldown:
+      default-days: 7

  # Keep GitHub Actions up to date.
  # <https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot>
@@ -14,3 +16,5 @@ updates:
    directory: "/"
    schedule:
      interval: "weekly"
+    cooldown:
+      default-days: 7