diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 51f1220..2404072 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,4 +1,7 @@
-# Dependabot will run on day 13 of each month at 03:25 (Europe/Berlin timezone)
+# Dependabot configuration
+# Cooldown delays updating normal npm dependencies by 7 days but allows security updates to be processed immediately.
+# Note: Cooldown is not supported for the github-actions ecosystem.
+# Reference: https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference
 version: 2
 updates:
 
@@ -12,6 +15,8 @@ updates:
     assignees:
       - 'ThomasPohl'
     versioning-strategy: 'increase'
+    cooldown:
+      default-days: 7
     ignore:
       - dependency-name: '@types/node'
         update-types: