security: Delay dependabot updates [TAROT-3707] (#282)

afsmeira · web-flow · commit 5277030e9c3b · 2026-05-04T14:24:49.000+01:00
7 days should be enough when most malicious packages are patched within 24 hours.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -11,3 +11,5 @@ updates:
       day: monday
       time: "10:45"
     open-pull-requests-limit: 10
+    cooldown:
+      default-days: 7
