From 9ab6c3805c9bd285ea80c014e8ea7f860c5e93b4 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 31 Mar 2026 23:32:24 +0000
Subject: [PATCH] Update from template: X0000-updateDependabotSettings

---
 .github/dependabot.yml | 33 +++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c388bed..2e64974 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,24 +1,29 @@
-# Dependabot will run on day 13 of each month at 03:25 (Europe/Berlin timezone)
+# Dependabot configuration
+# Cooldown delays updating normal npm dependencies by 7 days but allows security updates to be processed immediately.
+# Note: Cooldown is not supported for the github-actions ecosystem.
+# Reference: https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference
 version: 2
 updates:
 
-  - package-ecosystem: "npm"
-    directory: "/"
+  - package-ecosystem: 'npm'
+    directory: '/'
     schedule:
-      interval: "daily"
-      time: "04:00"
-      timezone: "Europe/Berlin"
+      interval: 'daily'
+      time: '04:00'
+      timezone: 'Europe/Berlin'
     open-pull-requests-limit: 15
     assignees:
-      - "ThomasPohl"
-    versioning-strategy: "increase"
+      - 'ThomasPohl'
+    versioning-strategy: 'increase'
+    cooldown:
+      default-days: 7
 
-  - package-ecosystem: "github-actions"
-    directory: "/"
+  - package-ecosystem: 'github-actions'
+    directory: '/'
     schedule:
-      interval: "cron"
-      timezone: "Europe/Berlin"
-      cronjob: "25 3 13 * *"
+      interval: 'cron'
+      timezone: 'Europe/Berlin'
+      cronjob: '25 3 13 * *'
     open-pull-requests-limit: 15
     assignees:
-      - "ThomasPohl"
+      - 'ThomasPohl'