DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Dependabot version updates introduce default package cooldown

Quality: 8/10 Relevance: 9/10

Summary

Dependabot now applies a default three-day cooldown before proposing version updates, helping surface potential supply-chain issues before updates reach users. Security updates are still released immediately, and users can customize the cooldown via dependabot.yml; the change applies across ecosystems and GitHub Enterprise Server.

🚀 Service construit par Johan Denoyer