From 8a1a50317d3294140e58d62202a445305aec6bd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Meira?= <andre.meira@codacy.com>
Date: Thu, 30 Apr 2026 16:12:01 +0100
Subject: [PATCH] security: Delay dependabot updates

7 days should be enough when most malicious packages are patched within 24 hours.
---
 .github/dependabot.yml | 42 ++++++++++++++++++++++--------------------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 6df178fa..b3e68d35 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,22 +1,24 @@
 version: 2
 updates:
-- package-ecosystem: nuget
-  directory: "/"
-  schedule:
-    interval: daily
-    timezone: Europe/Lisbon
-  open-pull-requests-limit: 10
-  ignore:
-  - dependency-name: SonarAnalyzer.CSharp
-    versions:
-    - 8.17.0.26580
-    - 8.18.0.27296
-    - 8.19.0.28253
-    - 8.20.0.28934
-    - 8.21.0.30542
-  - dependency-name: Microsoft.CodeAnalysis.CSharp.Workspaces
-    versions:
-    - 3.9.0
-  - dependency-name: ReverseMarkdown
-    versions:
-    - 3.18.0
+  - package-ecosystem: nuget
+    directory: "/"
+    schedule:
+      interval: daily
+      timezone: Europe/Lisbon
+    open-pull-requests-limit: 10
+    ignore:
+      - dependency-name: SonarAnalyzer.CSharp
+        versions:
+          - 8.17.0.26580
+          - 8.18.0.27296
+          - 8.19.0.28253
+          - 8.20.0.28934
+          - 8.21.0.30542
+      - dependency-name: Microsoft.CodeAnalysis.CSharp.Workspaces
+        versions:
+          - 3.9.0
+      - dependency-name: ReverseMarkdown
+        versions:
+          - 3.18.0
+    cooldown:
+      default-days: 7