« All posts

Dependabot learns to wait: version-update PRs now sit for three days

Dependabot now waits three days before opening version-update PRs, aiding in the detection of malicious releases.

GitHub has introduced a three-day waiting period for Dependabot to open version update pull requests. This change aims to help detect malicious releases and ensure timely security updates. The pause allows developers to review updates more carefully before integrating them into their projects.