From c41d2bfd6b3749e52b177d7b87f6f25f9b67da66 Mon Sep 17 00:00:00 2001
From: Luke Hill <lukehill_uk@hotmail.com>
Date: Tue, 28 Apr 2026 11:54:24 +0100
Subject: [PATCH 1/2] Add dep cooldowns

---
 .github/dependabot.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c036580..71c4feb 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,7 +4,13 @@ updates:
     directory: '/'
     schedule:
       interval: daily
+    cooldown:
+      semver-major-days: 30
+      semver-minor-days: 14
+      semver-patch-days: 7
   - package-ecosystem: github-actions
     directory: '/'
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 14

From cc3bb0b2f74c2f9ce9133d8b7e9a3ee7670724dd Mon Sep 17 00:00:00 2001
From: Luke Hill <lukehill_uk@hotmail.com>
Date: Tue, 28 Apr 2026 11:54:54 +0100
Subject: [PATCH 2/2] Add changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 91d2b3c..831cc63 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@
 ### Fixed
 
 ### Security
+- Fixed a bunch of CI security issues such as dependency cooldowns and SHA targets for actions
 
 ## [0.8] - 2026-03-10
 ### Breaking Changes