Dependabot supports configuration of a minimum package age before creating a PR [GA] #1105

glider-bot · 2025-02-20T20:43:41Z

Value Prop

This feature allows Dependabot users to optionally configure a delay for opening a Dependabot PR for a newly updated dependency until a certain amount of time has passed.

Expected Outcome

The cooldown feature helps teams improve security and reduce noise from frequent dependency updates by delaying Dependabot PRs for a configurable period, allowing time for patch releases and stabilizing updates without disrupting project workflows.

glider-bot added ga Feature phase: Generally available GHES 3.18 GHES 3.18 GitHub Advanced Security (GHAS) Product SKU: GitHub Advanced Security labels Feb 20, 2025

glider-bot added this to GitHub Public Roadmap Feb 20, 2025

glider-bot moved this to Q1 2025 – Jan-Mar in GitHub Public Roadmap Feb 20, 2025

github locked and limited conversation to collaborators Feb 20, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot supports configuration of a minimum package age before creating a PR [GA] #1105

Dependabot supports configuration of a minimum package age before creating a PR [GA] #1105

glider-bot commented Feb 20, 2025

Dependabot supports configuration of a minimum package age before creating a PR [GA] #1105

Dependabot supports configuration of a minimum package age before creating a PR [GA] #1105

Comments

glider-bot commented Feb 20, 2025

Value Prop

Expected Outcome