Skip to content

Dependabot supports configuration of a minimum package age before creating a PR [GA] #1105

New issue
New issue
Open
Open
Dependabot supports configuration of a minimum package age before creating a PR [GA]#1105
Labels
GHES 3.18GHES 3.18GitHub Advanced Security (GHAS)Product SKU: GitHub Advanced SecuritygaFeature phase: Generally available
@glider-bot

Description

@glider-bot
glider-bot
opened on Feb 20, 2025

Value Prop

This feature allows Dependabot users to optionally configure a delay for opening a Dependabot PR for a newly updated dependency until a certain amount of time has passed.

Expected Outcome

The cooldown feature helps teams improve security and reduce noise from frequent dependency updates by delaying Dependabot PRs for a configurable period, allowing time for patch releases and stabilizing updates without disrupting project workflows.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    GHES 3.18GHES 3.18GitHub Advanced Security (GHAS)Product SKU: GitHub Advanced SecuritygaFeature phase: Generally available

    Type

    No type

    Projects

    GitHub Public Roadmap

    • Status

      Q1 2025 – Jan-Mar

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions