This is an automated email from the ASF dual-hosted git repository. johnbam pushed a commit to branch dependabot-cooldown in repository https://gitbox.apache.org/repos/asf/sedona.git
commit 636501bd74c67e741ce773d084700c87476b93f3 Author: John Bampton <[email protected]> AuthorDate: Thu Jan 8 00:43:09 2026 +1000 [CI] Dependabot: add a cooldown period for new releases Enforces security best practices by requiring a minimum age for new dependency releases before they are automatically updated by Dependabot. This practice, known as a "cooldown period," helps mitigate supply chain attacks by allowing time for frequently published malicious packages to be identified. --- .github/dependabot.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5f9cb3ae60..da011c2781 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -26,7 +26,9 @@ updates: github-dependencies: patterns: - '*' - + cooldown: + default-days: 7 + - package-ecosystem: pip directory: /docker open-pull-requests-limit: 2 @@ -36,3 +38,5 @@ updates: github-dependencies: patterns: - '*' + cooldown: + default-days: 7
