From fcd8bcdcb3c1fef70fc798ce8803555d7bea0104 Mon Sep 17 00:00:00 2001 From: "S.Sandhu" <167903774+sachin-sandhu@users.noreply.github.com> Date: Tue, 1 Jul 2025 22:01:34 +0000 Subject: [PATCH 1/2] Adds notice for nuget ecosystem and other misc corrections --- .../dependabot-options-reference.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md index bf333cd4da53..252a0da4e32a 100644 --- a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md +++ b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md @@ -750,27 +750,29 @@ The `url` parameter defines where to access a registry. When the optional `repla ## `cooldown` {% octicon "versions" aria-label="cooldown" height="24" %} -Defines a **cooldown period** for dependency updates to delay updates for a configurable number of days. This feature enables dependabot users to customize how often they receive new version updates, offering greater control over update frequency. +Defines a **cooldown period** for dependency updates to delay updates for a configurable number of days. This feature enables {% data variables.product.prodname_dependabot %} users to customize how often they receive new version updates, offering greater control over update frequency. > [!NOTE] > Cooldown is not applicable for security updates. +> +> Cooldown is not available for **Nuget** ecosystem ### **How Cooldown Works** -* When Dependabot runs updates as per defined schedule, it checks the **cooldown settings** to determine if new release for dependency is still within its cooldown period. +* When {% data variables.product.prodname_dependabot %} runs updates as per defined schedule, it checks the **cooldown settings** to determine if new release for dependency is still within its cooldown period. * If new version release date is within the cooldown period, dependency version update is **filtered out** and will not be updated until the cooldown period expires. * Once the cooldown period ends for new version, the dependency update proceeds based on the standard update strategy defined in `dependabot.yml`. -Without **`cooldown`** (default behaviour): {% data variables.product.prodname_dependabot %} +Without **`cooldown`** (default behaviour): * Dependabot checks for updates according to the scheduled defined via `schedule.interval`. * All new versions are considered for updates **immediately**. With **`cooldown`** enabled: -* Dependabot checks for updates based on the defined `schedule.interval` settings. +* {% data variables.product.prodname_dependabot %} checks for updates based on the defined `schedule.interval` settings. * **Releases within the cooldown period are ignored.** -* Dependabot updates the dependency to the latest available version **that are no longer in cooldown period** following the configured `versioning-strategy`. +* {% data variables.product.prodname_dependabot %} updates the dependency to the latest available version **that are no longer in cooldown period** following the configured `versioning-strategy`. ### **Cooldown Configuration** @@ -824,7 +826,6 @@ With **`cooldown`** enabled: ### **Example `dependabot.yml` with cooldown** ```yaml copy - version: 2 updates: - package-ecosystem: "pip" From 170563f15e5b08c7dde79e9b1ca430d7ddeee433 Mon Sep 17 00:00:00 2001 From: "S.Sandhu" <167903774+sachin-sandhu@users.noreply.github.com> Date: Tue, 1 Jul 2025 18:04:36 -0400 Subject: [PATCH 2/2] Update content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../working-with-dependabot/dependabot-options-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md index 252a0da4e32a..92e780da1f3c 100644 --- a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md +++ b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md @@ -755,7 +755,7 @@ Defines a **cooldown period** for dependency updates to delay updates for a conf > [!NOTE] > Cooldown is not applicable for security updates. > -> Cooldown is not available for **Nuget** ecosystem +> Cooldown is not available for the **NuGet** ecosystem ### **How Cooldown Works**