Set dependabot cooldown by ShaharNaveh · Pull Request #7490 · RustPython/RustPython · GitHub
Skip to content

Set dependabot cooldown#7490

Merged
youknowone merged 2 commits into
RustPython:mainfrom
ShaharNaveh:dependabot-cooldown
Mar 24, 2026
Merged

Set dependabot cooldown#7490
youknowone merged 2 commits into
RustPython:mainfrom
ShaharNaveh:dependabot-cooldown

Conversation

@ShaharNaveh

@ShaharNaveh ShaharNaveh commented Mar 23, 2026

Copy link
Copy Markdown
Contributor

Suggested by zizmor and https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates#setting-up-a-cooldown-period-for-dependency-updates

Summary by CodeRabbit

  • Chores
    • Adjusted automated dependency update cooldowns for multiple package ecosystems (changes affect cargo, npm, and GitHub Actions).
    • This alters the cadence of background dependency update checks and notifications; no user-facing features or public APIs were changed.

@coderabbitai

coderabbitai Bot commented Mar 23, 2026

Copy link
Copy Markdown
Contributor

Comment thread .github/dependabot.yml Fixed
Comment thread .github/dependabot.yml Fixed
Comment thread .github/dependabot.yml Fixed

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/dependabot.yml:
- Line 9: Update every occurrence of the dependabot configuration key
"default-days" in .github/dependabot.yml from 5 to at least 7 (e.g., 7 or 30) to
satisfy the cooldown policy; specifically locate the three "default-days: 5"
entries and change their values to 7 or higher so all occurrences use the
minimum required cooldown.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 272b6a82-2c06-4b6c-a02d-3571ff1326a5

📥 Commits

Reviewing files that changed from the base of the PR and between 8c01615 and 96f53c3.

📒 Files selected for processing (1)
  • .github/dependabot.yml

Comment thread .github/dependabot.yml Outdated
@ShaharNaveh ShaharNaveh added the skip:ci Skip running the ci label Mar 23, 2026

@youknowone youknowone left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is good idea.

@youknowone youknowone merged commit 20ae3cc into RustPython:main Mar 24, 2026
18 checks passed
Copilot AI pushed a commit that referenced this pull request Mar 25, 2026
* Set dependabot cooldown

* Increase default to 7 days
@ShaharNaveh ShaharNaveh mentioned this pull request Jun 22, 2026
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

skip:ci Skip running the ci

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants