Set Dependabot cooldown period to 4 days

oschwald · oschwald · commit c904b67b154d · 2025-10-30T13:45:14.000-07:00
This addresses the zizmor findings by setting a cooldown period of 4 days
for all package ecosystems in dependabot.yml.

Related to: ENG-3236
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,22 +1,24 @@
 version: 2
 updates:
-  - package-ecosystem: npm
-    directory: "/"
-    schedule:
-      interval: daily
-      time: "14:00"
-    open-pull-requests-limit: 20
-    groups:
-      minor-and-patch:
-        patterns:
-          - "*"
-        update-types:
-          - "minor"
-          - "patch"
-    cooldown:
-      default-days: 4
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: daily
-      time: "14:00"
+- package-ecosystem: npm
+  directory: /
+  schedule:
+    interval: daily
+    time: '14:00'
+  open-pull-requests-limit: 20
+  groups:
+    minor-and-patch:
+      patterns:
+      - '*'
+      update-types:
+      - minor
+      - patch
+  cooldown:
+    default-days: 4
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: daily
+    time: '14:00'
+  cooldown:
+    default-days: 4
