Dependabot version updates introduce default package cooldown
Summary
Dependabot now applies a default three-day cooldown before proposing version updates, helping surface potential supply-chain issues before updates reach users. Security updates are still released immediately, and users can customize the cooldown via dependabot.yml; the change applies across ecosystems and GitHub Enterprise Server.