dongjoon-hyun opened a new pull request, #2614:
URL: https://github.com/apache/orc/pull/2614
### What changes were proposed in this pull request?
This PR adds a 7-day `cooldown` to Dependabot for the Maven ecosystem.
```yaml
cooldown:
default-days: 7
```
### Why are the changes needed?
To skip newly released versions until 7 days have passed, reducing the risk
of importing early-release regressions and supply-chain attacks (e.g.,
compromised or malicious releases that are typically yanked or flagged within
days of publication).
### How was this patch tested?
Validated YAML syntax with `python3 -c "import yaml;
yaml.safe_load(open('.github/dependabot.yml'))"`.
### Was this patch authored or co-authored using generative AI tooling?
Generated-by: Claude Opus 4.7 (1M context)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
