chore(dependabot): set cooldown to 5 days (#139)

Schnouki · web-flow · commit 96a95745d6ed · 2025-10-09T11:58:11.000+02:00
Wait 5 days after an update is live before Dependabot pushes a PR with the update. This is done to mitigate supply chain attacks.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -7,6 +7,8 @@ updates:
       interval: weekly
       day: "monday"
       time: "00:00"
+    cooldown:
+      default-days: 5
     reviewers:
       - 'Doist/backend'
     commit-message:
@@ -18,6 +20,8 @@ updates:
       interval: weekly
       day: "monday"
       time: "00:00"
+    cooldown:
+      default-days: 5
     reviewers:
       - 'Doist/backend'
     commit-message:
