Skip to content

Commit 3cdfcf0

Browse files
chore: Add Dependabot version-update cooldown (#407)
This pull request was auto generated by the LaunchDarkly Github Standards automation platform. * Ensure every entry under `updates` in `.github/dependabot.yml` declares a cooldown of at least 7 days (default-days). * Add entries for detected package ecosystems that were not yet tracked by Dependabot. Cooldown applies only to version updates; security updates bypass it, so critical CVE fixes are never delayed. Ref: SEC-8058. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Automation-only Dependabot policy change with no application runtime or security-logic changes. > > **Overview** > Adds a **7-day cooldown** (`default-days: 7`) under both **github-actions** and **npm** entries in `.github/dependabot.yml`, so Dependabot still checks daily but waits before opening version-update PRs for the same dependency. > > Also normalizes minor YAML formatting on `updates:` and `schedule:` (trailing whitespace). Security updates are unchanged and are not subject to this cooldown. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 3950a63. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: ld-repository-standards[bot] <113625520+ld-repository-standards[bot]@users.noreply.github.com>
1 parent 16a616a commit 3cdfcf0

1 file changed

Lines changed: 7 additions & 3 deletions

File tree

.github/dependabot.yml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,14 @@
11
version: 2
2-
updates:
2+
updates:
33
- package-ecosystem: "github-actions"
44
directory: "/"
5-
schedule:
5+
schedule:
66
interval: "daily"
7+
cooldown:
8+
default-days: 7
79
- package-ecosystem: "npm"
810
directory: "/"
9-
schedule:
11+
schedule:
1012
interval: "daily"
13+
cooldown:
14+
default-days: 7

0 commit comments

Comments
 (0)