Skip to content

Set default package cooldowns for dependabot#385

Merged
freekmurze merged 2 commits into
spatie:mainfrom
ace-of-aces:dependabot-package-cooldown
May 13, 2026
Merged

Set default package cooldowns for dependabot#385
freekmurze merged 2 commits into
spatie:mainfrom
ace-of-aces:dependabot-package-cooldown

Conversation

@ace-of-aces

Copy link
Copy Markdown
Contributor

Given the recent surge of supply chain attacks, I think adding a small delay to package updates through dependabot could minimize this risk a little (even tho this issue is not as bad in the composer ecosystem as in npm).

Added default package cooldown settings for github-actions and composer dependencies, set to 1 day (following the default in pnpm).

@freekmurze freekmurze merged commit afc3f0a into spatie:main May 13, 2026
1 check passed
@freekmurze

Copy link
Copy Markdown
Member

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants