raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-04 22:16:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add 7 day cooldown to Dependabot updates

Browse Source 
This should make us less vulnerable to supply chain attacks:

- https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
This commit is contained in:
Maikel Linke
2026-02-02 14:41:30 +11:00
parent 7b559e2f83
commit f25d51e772
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/dependabot.yml vendored
View File

@@ -31,6 +31,8 @@ updates:
directory: "/"
schedule:
interval: "daily"
cooldown:
default-days: 7
# Only specific requirements are specified in Gemfile, so don't touch it.
versioning-strategy: lockfile-only
@@ -39,6 +41,8 @@ updates:
directory: "/"
schedule:
interval: "daily"
cooldown:
default-days: 7
# Only specific requirements are specified in package.json, so don't touch it.
versioning-strategy: lockfile-only