From 2066b3c74454fa3a1f7bb1d4a50f97f6236706bd Mon Sep 17 00:00:00 2001
From: Gregory Oschwald <goschwald@maxmind.com>
Date: Thu, 30 Oct 2025 14:26:57 -0700
Subject: [PATCH] Set Dependabot cooldown period to 4 days

This addresses the zizmor findings by setting a cooldown period of 4 days
for all package ecosystems in dependabot.yml.

Related to: ENG-3236
---
 .github/dependabot.yml | 34 +++++++++++++++++++---------------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e36432ea..c952aea6 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,17 +1,21 @@
 version: 2
 updates:
-- package-ecosystem: maven
-  directory: "/"
-  schedule:
-    interval: daily
-    time: "14:00"
-  open-pull-requests-limit: 10
-  groups:
-    jackson:
-      patterns:
-        - "com.fasterxml.jackson*"
-- package-ecosystem: "github-actions"
-  directory: "/"
-  schedule:
-    interval: daily
-    time: "14:00"
+  - package-ecosystem: maven
+    directory: /
+    schedule:
+      interval: daily
+      time: '14:00'
+    open-pull-requests-limit: 10
+    groups:
+      jackson:
+        patterns:
+          - com.fasterxml.jackson*
+    cooldown:
+      default-days: 4
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+      time: '14:00'
+    cooldown:
+      default-days: 4