jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Update note on cooldown option and security updates (#58426)

Browse Source 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
This commit is contained in:
Alhoussein
2025-11-14 02:39:35 -05:00
committed by GitHub
parent 8d51b74345
commit 5283655977
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md
View File

@@ -171,7 +171,7 @@ Supported by: `bundler`, `composer`, `mix`, `maven`, `npm`, and `pip`.
## `cooldown` {% octicon "versions" aria-label="Version updates" height="24" %} ## `cooldown` {% octicon "versions" aria-label="Version updates" height="24" %}
Defines a **cooldown period** for dependency updates, allowing updates to be delayed for a configurable number of days. Defines a **cooldown period** for dependency updates, allowing updates to be delayed for a configurable number of days. The `coooldown` option is only available for _version_ updates, not _security_ updates.
This feature enables users to customize how often {% data variables.product.prodname_dependabot %} generates new version updates, offering greater control over update frequency. For examples, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates#setting-up-a-cooldown-period-for-dependency-updates). This feature enables users to customize how often {% data variables.product.prodname_dependabot %} generates new version updates, offering greater control over update frequency. For examples, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates#setting-up-a-cooldown-period-for-dependency-updates).
@@ -188,8 +188,6 @@ When **`cooldown`** is defined:
1. Dependencies without a cooldown period, or those past their cooldown period, are updated to the latest version as per the configured `versioning-strategy` setting. 1. Dependencies without a cooldown period, or those past their cooldown period, are updated to the latest version as per the configured `versioning-strategy` setting.
1. After a cooldown ends for a dependency, {% data variables.product.prodname_dependabot %} resumes updating the dependency following the standard update strategy defined in `dependabot.yml`. 1. After a cooldown ends for a dependency, {% data variables.product.prodname_dependabot %} resumes updating the dependency following the standard update strategy defined in `dependabot.yml`.
{% data reusables.dependabot.option-affects-security-updates %}
### **Configuration of `cooldown`** ### **Configuration of `cooldown`**
You can specify the duration of the cooldown using the options below. You can specify the duration of the cooldown using the options below.