Skip to content

chore: Add Dependabot version-update cooldown#22

Closed
ld-repository-standards[bot] wants to merge 1 commit into
mainfrom
ld-github-standards/add-dependabot-cooldown
Closed

chore: Add Dependabot version-update cooldown#22
ld-repository-standards[bot] wants to merge 1 commit into
mainfrom
ld-github-standards/add-dependabot-cooldown

Conversation

@ld-repository-standards

@ld-repository-standards ld-repository-standards Bot commented Jun 16, 2026

Copy link
Copy Markdown

This pull request was auto generated by the LaunchDarkly Github Standards automation platform.

  • Ensure every entry under updates in .github/dependabot.yml declares a cooldown of at least 7 days (default-days).
  • Add entries for detected package ecosystems that were not yet tracked by Dependabot.

Cooldown applies only to version updates; security updates bypass it, so critical CVE fixes are never delayed.

Ref: SEC-8058.


Note

Low Risk
Automation-only change to dependency update scheduling; no application runtime, auth, or data-path code is modified.

Overview
Introduces .github/dependabot.yml so dependency bumps are automated for GitHub Actions (repo root) and NuGet in /src/LaunchDarkly.Logging and /test/LaunchDarkly.Logging.Tests.

Each updates entry uses a weekly schedule and a cooldown.default-days: 7 gate on version updates (security updates are not delayed by cooldown, per the PR intent).

Reviewed by Cursor Bugbot for commit 926cfb8. Bugbot is set up for automated code reviews on this repo. Configure here.

@ld-repository-standards ld-repository-standards Bot requested a review from a team June 16, 2026 06:14
@ld-repository-standards ld-repository-standards Bot requested a review from a team as a code owner June 16, 2026 06:14
@ld-repository-standards ld-repository-standards Bot requested a review from a team June 16, 2026 06:14
@pkaeding

pkaeding commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Closing -- The automation has been updated to not enable version-updates if it isn't already enabled.

via LD Research 🤖

@pkaeding pkaeding closed this Jul 1, 2026
@pkaeding pkaeding deleted the ld-github-standards/add-dependabot-cooldown branch July 1, 2026 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant