Skip to content

feat(renovate): Update renovate only weekly #13611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mtesauro merged 1 commit into from
Nov 5, 2025

feat(renovate): Update renovate only weekly

5a1d7ba
Select commit
Loading
Failed to load commit list.
Merged

feat(renovate): Update renovate only weekly #13611

feat(renovate): Update renovate only weekly
5a1d7ba
Select commit
Loading
Failed to load commit list.
DryRunSecurity / General Security Analyzer succeeded Nov 4, 2025 in 30s

DryRun Security

Details

General Security Analyzer Findings: 1 detected

⚠️ Delayed Security Updates for Dependency Management Tool .github/renovate.json (click for details)
Type Delayed Security Updates for Dependency Management Tool
Description The change delays updates for the Renovate dependency management tool to a weekly schedule. Historical data shows that Renovate has had critical vulnerabilities, including token leakage and arbitrary command injection. Delaying updates creates a window of exposure where known and patched vulnerabilities could be exploited, potentially leading to a supply chain attack or repository compromise, especially given the likely elevated privileges of such a tool.
Filename .github/renovate.json
CodeLink

django-DefectDojo/.github/renovate.json

Lines 29 to 32 in 5a1d7ba

"schedule": ["* * * * 0"]
}],
"customManagers": [
{
View more details on DryRunSecurity