Skip to content

Commit 41d76c7

Browse files
acerathereinspirative-nhs-nviracerathereinspirative-nhs-nvir
committed
CHORE SB Add dependency cooldown to mitigate supply chain attacks.
See https://simonwillison.net/2025/Nov/21/dependency-cooldowns/
1 parent f84ed81 commit 41d76c7

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

.github/dependabot.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ updates:
66
directory: "/"
77
schedule:
88
interval: "daily"
9+
cooldown:
10+
- default-days: 4
911

1012
- package-ecosystem: "github-actions"
1113
directory: "/"
@@ -14,6 +16,8 @@ updates:
1416
groups:
1517
artifact:
1618
patterns: [ "actions/*artifact" ]
19+
cooldown:
20+
- default-days: 4
1721

1822
- package-ecosystem: "npm"
1923
directory: "/"
@@ -39,13 +43,19 @@ updates:
3943
versions: [ ">=16.0.0" ]
4044
- dependency-name: "eslint-config-next"
4145
versions: [ ">=16.0.0" ]
46+
cooldown:
47+
- default-days: 4
4248

4349
- package-ecosystem: "pip"
4450
directory: "/"
4551
schedule:
4652
interval: "daily"
53+
cooldown:
54+
- default-days: 4
4755

4856
- package-ecosystem: "terraform"
4957
directory: "/"
5058
schedule:
5159
interval: "daily"
60+
cooldown:
61+
- default-days: 4

0 commit comments

Comments
 (0)