From 9f7b0a3fe591365ea4c517184d116a6adaa4a258 Mon Sep 17 00:00:00 2001
From: Catalina Garcia <catalina.garcia@digital.cabinet-office.gov.uk>
Date: Wed, 15 Oct 2025 15:21:03 +0100
Subject: [PATCH] Add Cooldown period for dependabot

We're adding a cooldown period to help protect againts supply chain attacks

We also want PRs to be raise on a day when we're likely to be around
---
 .github/dependabot.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e79a0f66..7b65abdc 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -10,7 +10,9 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-      day: "sunday"
+      day: "tuesday"
+    cooldown:
+      default-days: 7
     open-pull-requests-limit: 10
 
   # Maintain dependencies for Ruby/Rails bundler
@@ -18,5 +20,7 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-      day: "sunday"
+      day: "tuesday"
+    cooldown:
+      default-days: 7
     open-pull-requests-limit: 10