Skip to content

Infra: Implement dependabot dependency cooldown #1521

New issue
New issue
Open
Open
Infra: Implement dependabot dependency cooldown#1521
Labels
scope/infraCI, CD, dev. env, etc.status/triage/completedAutomatic triage completedtype/dependenciesA pull request/issue dedicated to updating the dependency(-ies)
@Haarolean

Description

@Haarolean
Haarolean
opened on Nov 24, 2025

Docs: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#cooldown-

  • For all types of dependencies. Maybe longer for frontend ones, as NPM is more susceptible to supply chain attacks
  • Security patches will be raise as a separate PR by dependabot anyway, so no need to worry about it

Metadata

Metadata

Assignees

No one assigned

    Labels

    scope/infraCI, CD, dev. env, etc.status/triage/completedAutomatic triage completedtype/dependenciesA pull request/issue dedicated to updating the dependency(-ies)

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions