Skip to content

Commit 2066b3c

Browse files
oschwaldoschwald
committed
Set Dependabot cooldown period to 4 days
This addresses the zizmor findings by setting a cooldown period of 4 days for all package ecosystems in dependabot.yml. Related to: ENG-3236
1 parent cf7ee94 commit 2066b3c

File tree

1 file changed

+19
-15
lines changed

1 file changed

+19
-15
lines changed

.github/dependabot.yml

Lines changed: 19 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,21 @@
11
version: 2
22
updates:
3-
- package-ecosystem: maven
4-
directory: "/"
5-
schedule:
6-
interval: daily
7-
time: "14:00"
8-
open-pull-requests-limit: 10
9-
groups:
10-
jackson:
11-
patterns:
12-
- "com.fasterxml.jackson*"
13-
- package-ecosystem: "github-actions"
14-
directory: "/"
15-
schedule:
16-
interval: daily
17-
time: "14:00"
3+
- package-ecosystem: maven
4+
directory: /
5+
schedule:
6+
interval: daily
7+
time: '14:00'
8+
open-pull-requests-limit: 10
9+
groups:
10+
jackson:
11+
patterns:
12+
- com.fasterxml.jackson*
13+
cooldown:
14+
default-days: 4
15+
- package-ecosystem: github-actions
16+
directory: /
17+
schedule:
18+
interval: daily
19+
time: '14:00'
20+
cooldown:
21+
default-days: 4

0 commit comments

Comments
 (0)