Dependabot config (#176)

* Wait 7 days after release before showing dependabot updates

This slightly reduces our vunerability to supply chain attacks.

* Add dependabot udpates for frontend packages

Author: jgraham

.github/dependabot.yml

@@ -6,6 +6,15 @@
 version: 2
 updates:
   - package-ecosystem: "uv" # See documentation for possible values
-    directory: "/" # Location of package manifests
+    directory: "/"
     schedule:
       interval: "daily"
+    cooldown:
+      default-days: 7
+updates:
+  - package-ecosystem: "npm"
+    directory: "server/frontend/" # Location of package manifests
+    schedule:
+      interval: "daily"
+    cooldown:
+      default-days: 7