diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c20ed4ad..71ddf880 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,16 +1,24 @@
+# Dependabot configuration
+# Cooldown delays updating normal npm dependencies by 7 days but allows security updates to be processed immediately.
+# Note: Cooldown is not supported for the github-actions ecosystem.
+# Reference: https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference
 version: 2
 updates:
-  - package-ecosystem: github-actions
-    directory: "/"
+
+  - package-ecosystem: 'github-actions'
+    directory: '/'
     schedule:
-      interval: monthly
-      time: "04:00"
-      timezone: Europe/Berlin
-  - package-ecosystem: npm
-    directory: "/"
+      interval: 'monthly'
+      time: '04:00'
+      timezone: 'Europe/Berlin'
+
+  - package-ecosystem: 'npm'
+    directory: '/'
     schedule:
-      interval: monthly
-      time: "04:00"
-      timezone: Europe/Berlin
+      interval: 'monthly'
+      time: '04:00'
+      timezone: 'Europe/Berlin'
     open-pull-requests-limit: 20
-    versioning-strategy: increase
\ No newline at end of file
+    versioning-strategy: 'increase'
+    cooldown:
+      default-days: 7