super-productivity/.github
Corey Newton 441952f0ed
chore(deps): add cooldown for NPM and GH Actions to reduce supply chain attack risk (#7685)
- Monthly/weekly update frequency reduces the window of exposure but the addition of a cooldown should help narrow it further.
- Implemented as suggested in this gist: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e93104
- I've opted to use the more conservative 3-day cooldown as this is the default in some tools.
- Dependabot needs to be adjusted in combination with .npmrc to avoid creating PRs that can't succeed.

Ref.
https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#cooldown-
2026-05-20 11:50:30 +02:00
..
actions/setup-e2e ci(workflows): use node 22 for npm install jobs 2026-02-25 19:14:11 +01:00
annotations docs(wiki): initial revision (v0.1) 2026-01-20 03:04:08 -08:00
ISSUE_TEMPLATE Housekeeping for various docs, templates, and actions (#7451) 2026-05-02 13:58:25 +02:00
workflows chore: limit "resolved" actions to correct categories (#7679) 2026-05-19 15:55:29 +02:00
CODE_OF_CONDUCT.md docs: add code of conduct 2021-09-20 13:04:44 +02:00
CODEOWNERS security: add CODEOWNERS, enhance Dependabot, document manual setup 2026-01-21 14:30:24 +01:00
CONTRIBUTING.md docs/wiki content v0.8 (#7068) 2026-04-01 12:40:28 +02:00
dependabot.yml chore(deps): add cooldown for NPM and GH Actions to reduce supply chain attack risk (#7685) 2026-05-20 11:50:30 +02:00
FUNDING.yml Create FUNDING.yml 2020-05-05 12:34:24 +02:00
PULL_REQUEST_TEMPLATE.md docs/wiki content v0.8 (#7068) 2026-04-01 12:40:28 +02:00
SECURITY-SETUP.md security: add CODEOWNERS, enhance Dependabot, document manual setup 2026-01-21 14:30:24 +01:00