fix: harden GitHub Actions workflows (zizmor)

reberhardt7 · claude · reberhardt7 · commit 957fbecb2b6a · 2026-03-24T22:29:34.000-07:00
Add dependabot cooldown configuration (default 7 days) to avoid
immediately adopting newly released action versions that may contain
undiscovered vulnerabilities.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,3 +5,5 @@ updates:
     schedule:
       interval: "weekly"
       day: "monday"
+    cooldown:
+      default-days: 7
