From c0f1e0d29cdc308a5eb5537725f037034a0a7d63 Mon Sep 17 00:00:00 2001 From: Dave Fisher Date: Sat, 18 Apr 2026 10:14:15 -0700 Subject: [PATCH] Update README with current 0 day cooldown Updated Dependabot cooldown period from 4 days to 0 days for quicker PR reviews. Signed-off-by: Dave Fisher --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3beb251a6..c44daef9f 100644 --- a/README.md +++ b/README.md @@ -267,10 +267,10 @@ Additional flags: #### Dependabot Cooldown Period -This repository uses a [Dependabot cooldown period](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#cooldown) of 4 days. After a Dependabot PR is merged or closed, Dependabot will wait 4 days before opening the next PR for the same ecosystem. This helps keep the volume of update PRs manageable and gives reviewers time to catch up. +This repository uses a [Dependabot cooldown period](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#cooldown) of 0 days so that maintainers can review before Dependabot opens a PR on project repositories. > [!TIP] -> We recommend that ASF projects configure a similar cooldown in their own `dependabot.yml` to avoid being overwhelmed by update PRs and to catch up with approved actions here: +> We recommend that ASF projects configure a cooldown in their own `dependabot.yml` to avoid being overwhelmed by update PRs and to catch up with approved actions here: > ```yaml > updates: > - package-ecosystem: "github-actions"