Dependabot: Expanded cooldown and package manager support

We’re investing in keeping Dependabot relevant for modern development teams, whether you’re experimenting with a new language or relying on the latest version of your favorite package manager.

We’ve expanded Dependabot’s cooldown feature to now support Nuget and Helm, letting you configure a minimum age requirement before Dependabot creates a pull request for a newly released dependency. This is perfect for folks using version updates with mature projects, high-frequency packages, or teams looking to reduce patch-level noise.
Dependabot now supports newer versions of package managers across multiple ecosystems, so you can confidently use the latest tools in your workflow.

With these improvements, teams get more flexibility and reliability when managing dependencies. Check out our documentation for the full list of supported ecosystems and their versions, and join the discussion within GitHub Community.

JUN.9Release
Dependabot version updates now support the Deno ecosystem
- Supply Chain Security
JUN.9Retired
Upcoming breaking changes for npm v12
- Supply Chain Security
MAY.26Release
Dependabot version updates now support the sbt ecosystem
- Supply Chain Security
MAY.22Release
Staged publishing and new install-time controls for npm
- Supply Chain Security
MAY.19Retired
Upcoming deprecation of Python 3.9 for Dependabot
- Supply Chain Security
MAY.12Retired
Synchronous SBOM API deprecated
- Supply Chain Security
MAY.11Improvement
Cross-org Dependabot access for internal repositories
- Supply Chain Security
MAY.6Release
Search and filter bar for repository security advisories
- Supply Chain Security
MAY.5Release
Dependency scanning with GitHub MCP Server is in public preview
- Supply Chain Security

Dependabot: Expanded cooldown and package manager support

Related Posts

Subscribe to our developer newsletter