diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 6e9a9f8..90d61af 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,6 +8,11 @@ updates:
     assignees:
       - "ezio-melotti"
     open-pull-requests-limit: 10
+    cooldown:
+      # https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
+      # Cooldowns protect against supply chain attacks by avoiding the
+      # highest-risk window immediately after new releases.
+      default-days: 14
 
   # Maintain dependencies for Python
   - package-ecosystem: pip
@@ -17,3 +22,5 @@ updates:
     assignees:
       - "ezio-melotti"
     open-pull-requests-limit: 10
+    cooldown:
+      default-days: 14