Skip to content

Commit 4866644

Browse files
chore: Add Dependabot version-update cooldown (#226)
This pull request was auto generated by the LaunchDarkly Github Standards automation platform. * Ensure every entry under `updates` in `.github/dependabot.yml` declares a cooldown of at least 7 days (default-days). * Add entries for detected package ecosystems that were not yet tracked by Dependabot. Cooldown applies only to version updates; security updates bypass it, so critical CVE fixes are never delayed. Ref: SEC-8058. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > CI-only dependency automation; security updates bypass the cooldown, so critical action CVEs are not intentionally delayed. > > **Overview** > Introduces **`.github/dependabot.yml`** to enable automated **GitHub Actions** dependency updates on a **weekly** schedule. > > Adds a **7-day cooldown** (`default-days: 7`) on version bumps so Dependabot does not flood the repo with rapid action upgrades. Per the PR intent, **security updates are not subject to this cooldown**, so urgent fixes can still land immediately. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit e38a911. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: ld-repository-standards[bot] <113625520+ld-repository-standards[bot]@users.noreply.github.com> Co-authored-by: Andrey Belonogov <abelonogov@launchdarkly.com>
1 parent e8ab4eb commit 4866644

1 file changed

Lines changed: 8 additions & 0 deletions

File tree

.github/dependabot.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: "github-actions"
4+
directory: "/"
5+
schedule:
6+
interval: "weekly"
7+
cooldown:
8+
default-days: 7

0 commit comments

Comments
 (0)