From e4b7451ce3aaf106927de488843b43a5f1fba25a Mon Sep 17 00:00:00 2001 From: Levi Zim Date: Thu, 16 Apr 2026 21:40:46 +0800 Subject: [PATCH] tools: exclude @node-core/doc-kit from dependabot cooldown `@node-core/doc-kit` is an internal package maintained within the nodejs organization, which is unlikely to be a direct source of supply-chain attack. The cooldown only slow down the propagation of new improvements from doc-kit to Node.js repo and causes surprises. The cooldown should be configured in the `doc-kit` repository instead. Currently there is a 3-day cooldown. Maybe we need to increase that to match the 5-day cooldown used in this repository. This patch excludes `@node-core/doc-kit` from the cooldown. Note that `@node-core/doc-kit` is the only dependency in `tools/doc`. But to be future proof, I did't remove the cooldown directly. --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 37b865597e5d25..c63475dc60f5d2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -52,6 +52,8 @@ updates: semver-major-days: 5 semver-minor-days: 5 semver-patch-days: 5 + exclude: + - '@node-core/doc-kit' commit-message: prefix: tools open-pull-requests-limit: 10