From 528365597745d55a9530ba63e9f7be10798bc9ff Mon Sep 17 00:00:00 2001 From: Alhoussein <84826294+alhss@users.noreply.github.com> Date: Fri, 14 Nov 2025 02:39:35 -0500 Subject: [PATCH] Update note on cooldown option and security updates (#58426) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../working-with-dependabot/dependabot-options-reference.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md index 4464b597eff0..19e314dd68df 100644 --- a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md +++ b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md @@ -171,7 +171,7 @@ Supported by: `bundler`, `composer`, `mix`, `maven`, `npm`, and `pip`. ## `cooldown` {% octicon "versions" aria-label="Version updates" height="24" %} -Defines a **cooldown period** for dependency updates, allowing updates to be delayed for a configurable number of days. +Defines a **cooldown period** for dependency updates, allowing updates to be delayed for a configurable number of days. The `coooldown` option is only available for _version_ updates, not _security_ updates. This feature enables users to customize how often {% data variables.product.prodname_dependabot %} generates new version updates, offering greater control over update frequency. For examples, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates#setting-up-a-cooldown-period-for-dependency-updates). @@ -188,8 +188,6 @@ When **`cooldown`** is defined: 1. Dependencies without a cooldown period, or those past their cooldown period, are updated to the latest version as per the configured `versioning-strategy` setting. 1. After a cooldown ends for a dependency, {% data variables.product.prodname_dependabot %} resumes updating the dependency following the standard update strategy defined in `dependabot.yml`. -{% data reusables.dependabot.option-affects-security-updates %} - ### **Configuration of `cooldown`** You can specify the duration of the cooldown using the options below.