diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c036580..71c4feb 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,7 +4,13 @@ updates:
     directory: '/'
     schedule:
       interval: daily
+    cooldown:
+      semver-major-days: 30
+      semver-minor-days: 14
+      semver-patch-days: 7
   - package-ecosystem: github-actions
     directory: '/'
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 14
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 91d2b3c..831cc63 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@
 ### Fixed
 
 ### Security
+- Fixed a bunch of CI security issues such as dependency cooldowns and SHA targets for actions
 
 ## [0.8] - 2026-03-10
 ### Breaking Changes