Mitigate supply-chain attacks with bundle cooldown

[tagliala]

Introduces the new time-based 'cooldown' filter shipped in Bundler 4.0.13. Most supply-chain attacks exploit a tiny window immediately after a gem version is published. This feature prevents Bundler from resolving to any gem version until it has been public for a minimum number of days, allowing time for community vetting.

Ref: https://blog.rubygems.org/2026/06/03/cooldown-let-new-gems-be-vetted.html

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (deb72ff) to head (f333109).

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #975   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           14        14           
  Lines          106       106           
=========================================
  Hits           106       106           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.