mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-02-22 06:43:41 +00:00
dependabot: Add cooldown
It's good practice to get dependabot to wait after a release before bumping to avoid it bumping to a release done seconds before, which could have supply-chain security implications, so add a 7 day cooldown to help with this. See https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
committed by
Steve Horsman
Steve Horsman
parent
50923b6d62
commit
379eecacb0
6
.github/dependabot.yml
vendored
6
.github/dependabot.yml
vendored
@@ -15,6 +15,8 @@ updates:
|
||||
- "/src/tools/trace-forwarder"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
cooldown:
|
||||
default-days: 7
|
||||
ignore:
|
||||
# rust-vmm repos might cause incompatibilities on patch versions, so
|
||||
# lets handle them manually for now.
|
||||
@@ -85,8 +87,12 @@ updates:
|
||||
- "src/tools/csi-kata-directvolume"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
cooldown:
|
||||
default-days: 7
|
||||
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "monthly"
|
||||
cooldown:
|
||||
default-days: 7
|
||||
|
||||
Reference in New Issue
Block a user