From 7a8637e30f79f986699e58eb0a62e05fcb61b422 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Meira?= <andre.meira@codacy.com>
Date: Thu, 30 Apr 2026 16:12:36 +0100
Subject: [PATCH] security: Delay dependabot updates

7 days should be enough when most malicious packages are patched within 24 hours.
---
 .github/dependabot.yml | 36 +++++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 11606bc..9557f74 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,19 +1,21 @@
 version: 2
 updates:
-- package-ecosystem: pip
-  directory: "/"
-  schedule:
-    interval: daily
-    timezone: Europe/Lisbon
-  open-pull-requests-limit: 10
-  allow:
-  - dependency-type: direct
-  - dependency-type: indirect
-  ignore:
-  - dependency-name: pylint
-    versions:
-    - 2.8.1
-  - dependency-name: pylint-django
-    versions:
-    - 2.4.2
-    - 2.4.3
+  - package-ecosystem: pip
+    directory: "/"
+    schedule:
+      interval: daily
+      timezone: Europe/Lisbon
+    open-pull-requests-limit: 10
+    allow:
+      - dependency-type: direct
+      - dependency-type: indirect
+    ignore:
+      - dependency-name: pylint
+        versions:
+          - 2.8.1
+      - dependency-name: pylint-django
+        versions:
+          - 2.4.2
+          - 2.4.3
+    cooldown:
+      default-days: 7