We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 862d705 commit 27322b3Copy full SHA for 27322b3
1 file changed
.github/dependabot.yml
@@ -1,4 +1,7 @@
1
-# Dependabot will run on day 7 of each month at 02:21 (Europe/Berlin timezone)
+# Dependabot configuration
2
+# Cooldown delays updating normal npm dependencies by 7 days but allows security updates to be processed immediately.
3
+# Note: Cooldown is not supported for the github-actions ecosystem.
4
+# Reference: https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference
5
version: 2
6
updates:
7
@@ -24,3 +27,5 @@ updates:
24
27
- dependency-name: '@types/node'
25
28
update-types:
26
29
- 'version-update:semver-major'
30
+ cooldown:
31
+ default-days: 7
0 commit comments