Quoting GitHub Changelog
Simon Willison · Simon Willison · 2026-07-14
GitHub's Dependabot now enforces a three-day cooldown period before opening version update pull requests for newly released dependencies, enabled by default with no configuration required.
Extraction
Topics: dependency-managementgithub-dependabotsoftware-securitypackaging
Claims
- Dependabot now waits at least three days after a new release appears on its registry before opening a version update pull request.
- The three-day cooldown is the new default behavior and requires no user configuration.
Key quotes
Dependabot now waits until a new release has been available on its registry for at least three days before opening a version update pull request. This cooldown is now the default and requires no configuration.