diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 90f77b8ca1c..87d403f820e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,6 +2,8 @@ version: 2
 updates:
 - package-ecosystem: "github-actions"
   directory: "/"
+  cooldown:
+    default-days: 3
   schedule:
     interval: weekly
     day: thursday
@@ -9,6 +11,8 @@ updates:
     timezone: "America/New_York"
 - package-ecosystem: nuget
   directory: "/"
+  cooldown:
+    default-days: 3
   groups:
     polly:
       patterns:
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 9b5fcef5a9a..c55d11c85e2 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -27,7 +27,7 @@ jobs:
       POWERSHELL_YAML_VERSION: '0.4.12'
       PSSCRIPTANALYZER_VERSION: '1.24.0'
       TERM: xterm
-      ZIZMOR_VERSION: '1.13.0'
+      ZIZMOR_VERSION: '1.19.0'
 
     permissions:
       actions: read
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 2e2630c2bfc..42cdeb637f1 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -7,7 +7,7 @@ on:
     - cron: '0 8 * * MON'
   workflow_dispatch:
 
-permissions: read-all
+permissions: read-all # zizmor: ignore[excessive-permissions] Recommended permissions for OSSF Scorecard
 
 jobs:
   analysis:
diff --git a/.github/zizmor.yml b/.github/zizmor.yml
index ad6d7764821..0b48a089b11 100644
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -1,5 +1,10 @@
 rules:
   anonymous-definition:
     disable: true
+  concurrency-limits:
+    disable: true
+  dependabot-cooldown:
+    config:
+      days: 3
   undocumented-permissions:
     disable: true