mirror of
https://github.com/python/cpython.git
synced 2025-12-31 04:23:37 +00:00
2746c698e3
See https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns and the description in the comment.
28 lines
761 B
YAML
28 lines
761 B
YAML
version: 2
|
|
updates:
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "monthly"
|
|
labels:
|
|
- "skip issue"
|
|
- "skip news"
|
|
ignore:
|
|
- dependency-name: "*"
|
|
update-types:
|
|
- "version-update:semver-minor"
|
|
- "version-update:semver-patch"
|
|
cooldown:
|
|
# https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
|
|
# Cooldowns protect against supply chain attacks by avoiding the
|
|
# highest-risk window immediately after new releases.
|
|
default-days: 14
|
|
- package-ecosystem: "pip"
|
|
directory: "/Tools/"
|
|
schedule:
|
|
interval: "monthly"
|
|
labels:
|
|
- "skip issue"
|
|
- "skip news"
|
|
cooldown:
|
|
default-days: 14
|