Let's add a cooldown to dependabot as a way to mitigate supply chain attacks. - https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns - https://github.blog/changelog/2025-07-01-dependabot-supports-configuration-of-a-minimum-package-age/ - https://docs.github.com/en/code-security/tutorials/secure-your-dependencies/optimizing-pr-creation-version-updates#setting-up-a-cooldown-period-for-dependency-updates
Let's add a cooldown to dependabot as a way to mitigate supply chain attacks.