Supply chain securityDependabot learns to wait: version-update PRs now sit for three days by default
GitHub is flipping Dependabot version updates to a default three-day package cooldown. A new release has to sit on its registry for at least three days before Dependabot will open a version-update PR; security updates are exempt and still open immediately.