diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index bbe27e53..f7caa46c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -27,6 +27,10 @@ updates:
       # Only allow @types/node patch/minor updates (block major version bumps)
       - dependency-name: "@types/node"
         update-types: ["version-update:semver-major"]
+    # Apply a 7-day minimum package age (similar to pnpm's minimumReleaseAge).
+    # Note: Dependabot can't express pnpm's minimumReleaseAgeExclude list; this applies to all updates.
+    cooldown:
+      default-days: 7
     open-pull-requests-limit: 10
 
   # GitHub Actions
@@ -35,4 +39,6 @@ updates:
     schedule:
       interval: "weekly"
       day: "monday"
+    cooldown:
+      default-days: 7
     open-pull-requests-limit: 5
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index fdc75179..dea22981 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -60,6 +60,7 @@ catalog:
   yaml: 2.9.0
   zod: 4.4.3
 
+minimumReleaseAge: 10080 # 7 days, in minutes
 minimumReleaseAgeStrict: true
 
 # unthrown and its companions are first-party (btravstack) packages; exempt them