Commit 6d5de7b
committed
[CI] Dependabot: add a cooldown period for new releases
Enforces security best practices by requiring a minimum age for new dependency releases before they are automatically updated by Dependabot.
This practice, known as a "cooldown period," helps mitigate supply chain attacks by allowing time for frequently published malicious packages to be identified.
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#cooldown-1 parent ee06bbb commit 6d5de7b
1 file changed
Lines changed: 4 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
| 8 | + | |
| 9 | + | |
8 | 10 | | |
9 | 11 | | |
10 | 12 | | |
11 | 13 | | |
| 14 | + | |
| 15 | + | |
0 commit comments