This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch coheigea/dependabot-cooldown in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 44d8c2056c84da7cbc12797e620f18764adcbe31 Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Fri Nov 28 14:51:28 2025 +0000 Add a cooldown of 5 days to mitigate the risk of updating to a compromised package --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c122f32fd5..24008165aa 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -18,9 +18,13 @@ updates: directory: "/" schedule: interval: "daily" + cooldown: + default-days: 5 - package-ecosystem: github-actions directory: / schedule: interval: weekly + cooldown: + default-days: 5
