github: dependabot: configure cooldown time for updates
This will delay non security dependabot updates to packages, giving automated tools and researchers more time to catch updates with malicious intent, thus reducing the supply chain security risks. Signed-off-by: Thomas Stranger <thomas.stranger@outlook.com>
This commit is contained in:
Thomas Stranger
committed by
Henrik Brix Andersen
Henrik Brix Andersen
parent
f18be66783
commit
7eb623c035
4
.github/dependabot.yml
vendored
4
.github/dependabot.yml
vendored
@@ -5,6 +5,8 @@ updates:
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
cooldown:
|
||||
default-days: 7
|
||||
commit-message:
|
||||
prefix: "ci: github: "
|
||||
labels: []
|
||||
@@ -17,6 +19,8 @@ updates:
|
||||
directory: "/doc"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
cooldown:
|
||||
default-days: 7
|
||||
commit-message:
|
||||
prefix: "ci: doc: "
|
||||
labels: []
|
||||
|
||||
Reference in New Issue
Block a user