This repo has a .github/dependabot.yml. Add a cooldown block with default-days: 3 to each updates entry so version bumps wait a few days after release before Dependabot opens a PR (avoids getting hit by a bad/yanked release the same day it ships).
Example:
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
cooldown:
default-days: 3
Add the cooldown key (indented the same as schedule) under each package-ecosystem entry in this repo's dependabot.yml.
Reference: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#cooldown
This repo has a
.github/dependabot.yml. Add acooldownblock withdefault-days: 3to eachupdatesentry so version bumps wait a few days after release before Dependabot opens a PR (avoids getting hit by a bad/yanked release the same day it ships).Example:
Add the
cooldownkey (indented the same asschedule) under eachpackage-ecosystementry in this repo'sdependabot.yml.Reference: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#cooldown