From 1aa96ff2af80a766643bd540dbee982255909911 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 1 Apr 2026 08:05:58 +0000 Subject: [PATCH] Update from template: X0000-updateDependabotSettings --- .github/dependabot.yml | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e003072..41ef5f8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,18 +1,25 @@ +# Dependabot configuration +# Cooldown delays updating normal npm dependencies by 7 days but allows security updates to be processed immediately. +# Note: Cooldown is not supported for the github-actions ecosystem. +# Reference: https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference version: 2 updates: - - package-ecosystem: npm - directory: "/" + + - package-ecosystem: 'npm' + directory: '/' schedule: - interval: weekly - time: "04:00" - timezone: Europe/Berlin + interval: 'weekly' + time: '04:00' + timezone: 'Europe/Berlin' open-pull-requests-limit: 15 - versioning-strategy: increase + versioning-strategy: 'increase' + cooldown: + default-days: 7 - - package-ecosystem: github-actions - directory: "/" + - package-ecosystem: 'github-actions' + directory: '/' schedule: - interval: weekly - time: "04:00" - timezone: Europe/Berlin + interval: 'weekly' + time: '04:00' + timezone: 'Europe/Berlin' open-pull-requests-limit: 15