The cooldown feature is now generally available for Dependabot version updates! This feature gives you control over when version update pull requests are created to bump your dependencies.

What’s new

The cooldown feature allows you to configure a minimum age requirement before Dependabot creates a pull request for a newly released dependency. This is perfect for folks using version updates with:

  • Mature or stable projects that prefer conservative dependency updates.
  • High-frequency packages that frequently release updates.
  • Teams that want to avoid patch-level noise while staying current.

How it works

You can configure cooldown settings in your .github/dependabot.yml file. Check our documentation to see a configuration example. Editor’s note (July 3, 2025): Removed an inaccurate sample file and added a link to the documentation in its place.

Read more about cooldown and configuration options in our documentation.

Key benefits

  • Reduce noise from frequent dependency updates.
  • Stay responsive to critical security patches.
  • Granular control with different cooldowns per semver type.
  • Flexible scheduling that works with your existing update intervals.

Getting started

Update your .github/dependabot.yml configuration file to include the new cooldown setting. The feature is available for all supported package ecosystems today except for NuGet; you can expect NuGet support in the coming weeks.

To learn more about version updates and other advanced configuration options, visit our Dependabot documentation. To learn more and engage with the community about minimum package age configurations, join the conversation.