From 3d3f8fc8ab83d3b8f1d22eef37d55f53b57d746b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Meira?= <andre.meira@codacy.com>
Date: Thu, 30 Apr 2026 16:14:50 +0100
Subject: [PATCH] security: Delay dependabot updates

7 days should be enough when most malicious packages are patched within 24 hours.
---
 .github/dependabot.yml | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e75876a9..2d0c3718 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,11 +1,13 @@
 version: 2
 updates:
-- package-ecosystem: composer
-  directory: "/"
-  schedule:
-    interval: daily
-    timezone: Europe/Lisbon
-  open-pull-requests-limit: 10
-  allow:
-  - dependency-type: direct
-  - dependency-type: indirect
+  - package-ecosystem: composer
+    directory: "/"
+    schedule:
+      interval: daily
+      timezone: Europe/Lisbon
+    open-pull-requests-limit: 10
+    allow:
+      - dependency-type: direct
+      - dependency-type: indirect
+    cooldown:
+      default-days: 7