ci: Add Dependabot version-update cooldown (#553)

ld-repository-standards[bot] · web-flow · commit 277d87c1dfce · 2026-06-15T15:26:01.000Z
This pull request was auto generated by the LaunchDarkly Github Standards automation platform. * Ensure every entry under `updates` in `.github/dependabot.yml` declares a cooldown of at least 7 days (default-days). * Add entries for detected package ecosystems that were not yet tracked by Dependabot. Cooldown applies only to version updates; security updates bypass it, so critical CVE fixes are never delayed. Ref: SEC-8058.  --- > [!NOTE] > **Low Risk** > CI/automation-only change with no runtime code; only affects how and when Dependabot opens dependency PRs. > > **Overview** > Introduces **`.github/dependabot.yml`** to turn on automated dependency updates across the repo. > > Each `updates` entry uses a **weekly** schedule and a **`cooldown.default-days: 7`** so routine version bumps are spaced out. Coverage includes **Docker** (`examples/proxy-validation-test`), **GitHub Actions** (repo root), and **npm** for the listed `libs/*` packages. > > Per the PR intent, cooldown affects version updates only; **security updates are not delayed**. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 2cc7edd. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup>  Co-authored-by: ld-repository-standards[bot] <113625520+ld-repository-standards[bot]@users.noreply.github.com>
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,68 @@
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/examples/proxy-validation-test"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+  - package-ecosystem: "npm"
+    directory: "/libs/client-sdk"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+  - package-ecosystem: "npm"
+    directory: "/libs/common"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+  - package-ecosystem: "npm"
+    directory: "/libs/internal"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+  - package-ecosystem: "npm"
+    directory: "/libs/networking"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+  - package-ecosystem: "npm"
+    directory: "/libs/server-sdk"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+  - package-ecosystem: "npm"
+    directory: "/libs/server-sdk-dynamodb-source"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+  - package-ecosystem: "npm"
+    directory: "/libs/server-sdk-otel"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+  - package-ecosystem: "npm"
+    directory: "/libs/server-sdk-redis-source"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+  - package-ecosystem: "npm"
+    directory: "/libs/server-sent-events"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
