AI 3d ago 1 min read
Dependabot will now wait until a new package release has been on its registry for at least three days before opening a version-update pull request. Security updates still open immediately, and teams can tune or opt out through cooldown configuration.