# Dependabot version updates introduce default package cooldown

_Tuesday, July 14, 2026 at 8:00 AM EDT · Products · Latest · Tier 2 — Notable_

![Dependabot version updates introduce default package cooldown — Primary](https://github.blog/wp-content/themes/github-2021-child/dist/img/social-v3-improvements.jpg)

GitHub announced that Dependabot version updates now include a default three-day cooldown period before opening pull requests for new package releases. The company said the delay applies automatically to all supported ecosystems on github.com and will take effect in GitHub Enterprise Server 3.23. GitHub said new releases are a common entry point for supply chain attacks and the waiting period allows time for the community to identify compromised or broken versions. The default applies only to version updates while security updates will continue to open immediately. Users can adjust the window or opt out using the cooldown option in the dependabot.yml configuration file.

## Sources

- [github.blog](https://github.blog/changelog/2026-07-14-dependabot-version-updates-introduce-default-package-cooldown/)

---
Canonical: https://techandbusiness.org/newswire/Re13ifrGl4Nvybv6cs0Ko4
Retrieved: 2026-07-15T05:31:56.605Z
Publisher: Tech & Business (techandbusiness.org)
