Skip to content

Commit b3f5aa1

Browse files
oschwaldoschwald
committed
Set Dependabot cooldown period to 4 days
This addresses the zizmor findings by setting a cooldown period of 4 days for all package ecosystems in dependabot.yml. Related to: ENG-3236
1 parent adb9778 commit b3f5aa1

File tree

1 file changed

+20
-16
lines changed

1 file changed

+20
-16
lines changed

.github/dependabot.yml

Lines changed: 20 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,23 @@
11
version: 2
22
updates:
33
- package-ecosystem: npm
4-
directory: "/"
5-
schedule:
6-
interval: daily
7-
time: "14:00"
8-
groups:
9-
minor-and-patch:
10-
patterns:
11-
- "*"
12-
update-types:
13-
- "minor"
14-
- "patch"
15-
- package-ecosystem: "github-actions"
16-
directory: "/"
17-
schedule:
18-
interval: daily
19-
time: "14:00"
4+
directory: /
5+
schedule:
6+
interval: daily
7+
time: '14:00'
8+
groups:
9+
minor-and-patch:
10+
patterns:
11+
- '*'
12+
update-types:
13+
- minor
14+
- patch
15+
cooldown:
16+
default-days: 4
17+
- package-ecosystem: github-actions
18+
directory: /
19+
schedule:
20+
interval: daily
21+
time: '14:00'
22+
cooldown:
23+
default-days: 4

0 commit comments

Comments
 (0)