The Information Machine

Quoting GitHub Changelog

Simon Willison · Simon Willison · 2026-07-14

GitHub's Dependabot now enforces a three-day cooldown period before opening version update pull requests for newly released dependencies, enabled by default with no configuration required.

Open original ↗

Extraction

Topics: dependency-managementgithub-dependabotsoftware-securitypackaging

Claims

  • Dependabot now waits at least three days after a new release appears on its registry before opening a version update pull request.
  • The three-day cooldown is the new default behavior and requires no user configuration.

Key quotes

Dependabot now waits until a new release has been available on its registry for at least three days before opening a version update pull request. This cooldown is now the default and requires no configuration.