Skip to content

chore: add dependabot cooldown configuration#149

Merged
Davidonium merged 1 commit into
mainfrom
chore/dependabot-cooldown
Jun 23, 2026
Merged

chore: add dependabot cooldown configuration#149
Davidonium merged 1 commit into
mainfrom
chore/dependabot-cooldown

Conversation

@andres-qd

Copy link
Copy Markdown
Contributor

Summary

  • Adds cooldown: default-days: 7 to all Dependabot update entries
  • Delays version updates by 7 days after release to reduce risk of regressions and supply chain attacks
  • Does not affect security updates (those still come immediately)

Ref: https://docs.zizmor.sh/audits/#dependabot-cooldown

@andres-qd andres-qd requested a review from a team June 22, 2026 20:46
@Davidonium Davidonium merged commit 3cb962b into main Jun 23, 2026
8 checks passed
@Davidonium Davidonium deleted the chore/dependabot-cooldown branch June 23, 2026 07:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants