ci: add 7-day dependabot cooldown

[wochinge]

Summary

• add a 7-day Dependabot cooldown for the uv update config
• add the same 7-day cooldown for the github-actions update config

Why

This repository's Dependabot configuration opened update PRs daily without any cooldown window. Adding a 7-day cooldown reduces churn from rapid successive version bumps across both configured ecosystems.

Validation

• ruby -e 'require "yaml"; YAML.load_file(".github/dependabot.yml"); puts "yaml ok"'
• git diff --check

Disclaimer: Experimental PR review

Greptile Summary

Adds a 7-day cooldown (default-days: 7) to both the uv and github-actions Dependabot update configurations to reduce noisy daily PRs for rapid successive version bumps. The cooldown key and its default-days parameter are officially supported by Dependabot and the YAML is well-formed.

Confidence Score: 5/5

Safe to merge — valid Dependabot configuration with no functional risks.

The change is a minimal, well-scoped CI configuration update using a documented Dependabot feature. No code logic, security, or data concerns are present.

No files require special attention.

Important Files Changed

Filename	Overview
.github/dependabot.yml	Adds cooldown: default-days: 7 to both uv and github-actions update configs; syntax is valid and the option is officially documented.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Dependabot scheduled run - daily] --> B{New version available?}
    B -- No --> C[Skip]
    B -- Yes --> D{Within 7-day cooldown window?}
    D -- Yes --> E[Skip - wait for cooldown to expire]
    D -- No --> F[Open PR for update]
    F --> G[uv ecosystem PR]
    F --> H[github-actions ecosystem PR]

Loading

_{Reviews (1): Last reviewed commit: "chore(dependabot): add 7-day cooldown" | Re-trigger Greptile}

[github-actions]

@claude review

[claude]

LGTM — simple config change adding a 7-day cooldown to both Dependabot ecosystems.

Extended reasoning...

Overview

This PR modifies only .github/dependabot.yml, adding a cooldown: default-days: 7 block to both the uv and github-actions update configurations. No production code is touched.

Security risks

None. This is a CI/CD configuration change that reduces the frequency of dependency update PRs. It does not affect authentication, data handling, or any runtime behavior.

Level of scrutiny

Minimal scrutiny required. The change is mechanical, consistent across both ecosystems, and follows the documented Dependabot configuration schema. The commit that preceded this PR (35f78ed) already added a similar cooldown to the dependabot config (chore), indicating this is an established pattern.

Other factors

No bugs were found. The change is self-contained, touches no code paths, and the intent (reducing PR churn) is clearly explained. The YAML structure is valid and symmetric.