Dependabot stops updating frequently released GitHub Actions when a cooldown is configured #13691
Description
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
GitHub Actions
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
https://github.com/frozenbonito/dependabot-cooldown/blob/main/.github/workflows/renovate.yaml
name: Renovate
on:
schedule:
- cron: "0/15 * * * *"
jobs:
renovate:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Self-hosted Renovate
uses: renovatebot/github-action@v42.0.0dependabot.yml content
https://github.com/frozenbonito/dependabot-cooldown/blob/main/.github/dependabot.yaml
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: daily
cooldown:
default-days: 7Updated dependency
No updates
What you expected to see, versus what you actually saw
I expected that since the cooldown period was set to 7 days, Dependabot would update to the latest version among the releases that are at least 7 days old.
However, Dependabot appears to check only the publish date of the latest release, and if that latest version does not satisfy the cooldown period, it performs no update at all.
As a result, for GitHub Actions that publish releases very frequently — such as renovatebot/github-action — Dependabot never updates them, effectively leaving them stuck forever.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
Here is an excerpt of the relevant logs:
updater | 2025/12/02 14:56:20 INFO <job_1171933668> Checking if renovatebot/github-action 42.0.0 needs updating
proxy | 2025/12/02 14:56:20 [032] GET https://github.com/renovatebot/github-action.git/info/refs?service=git-upload-pack
2025/12/02 14:56:20 [032] 200 https://github.com/renovatebot/github-action.git/info/refs?service=git-upload-pack (cached)
updater | 2025/12/02 14:56:20 INFO <job_1171933668> Available release version/ref is 44.0.5
2025/12/02 14:56:20 INFO <job_1171933668> Initializing cooldown filter
updater | 2025/12/02 14:56:20 INFO <job_1171933668> Started process PID: 1437 with command: {} git clone --bare --no-recurse-submodules https://github.com/renovatebot/github-action /home/dependabot/dependabot-updater/tmp/20251202-1084-wblqmb/dependabot_20251202-1084-z7umpk/renovatebot/github-action {}
proxy | 2025/12/02 14:56:20 [036] GET [https://github.com:443/renovatebot/github-action/info/refs?service=git-upload-pack](https://github.com/renovatebot/github-action/info/refs?service=git-upload-pack)
2025/12/02 14:56:20 [036] * authenticating git server request (host: github.com)
proxy | 2025/12/02 14:56:20 [036] 200 [https://github.com:443/renovatebot/github-action/info/refs?service=git-upload-pack](https://github.com/renovatebot/github-action/info/refs?service=git-upload-pack)
proxy | 2025/12/02 14:56:20 [038] POST [https://github.com:443/renovatebot/github-action/git-upload-pack](https://github.com/renovatebot/github-action/git-upload-pack)
2025/12/02 14:56:20 [038] * authenticating git server request (host: github.com)
proxy | 2025/12/02 14:56:20 [038] 200 [https://github.com:443/renovatebot/github-action/git-upload-pack](https://github.com/renovatebot/github-action/git-upload-pack)
proxy | 2025/12/02 14:56:21 [040] POST [https://github.com:443/renovatebot/github-action/git-upload-pack](https://github.com/renovatebot/github-action/git-upload-pack)
proxy | 2025/12/02 14:56:21 [040] * authenticating git server request (host: github.com)
proxy | 2025/12/02 14:56:21 [040] 200 [https://github.com:443/renovatebot/github-action/git-upload-pack](https://github.com/renovatebot/github-action/git-upload-pack)
updater | 2025/12/02 14:56:23 INFO <job_1171933668> Process PID: 1437 completed with status: pid 1437 exit 0
2025/12/02 14:56:23 INFO <job_1171933668> Total execution time: 2.58 seconds
proxy | 2025/12/02 14:56:23 [042] GET https://github.com/renovatebot/github-action.git/info/refs?service=git-upload-pack
2025/12/02 14:56:23 [042] 200 https://github.com/renovatebot/github-action.git/info/refs?service=git-upload-pack (cached)
updater | 2025/12/02 14:56:23 INFO <job_1171933668> Started process PID: 1454 with command: {} git show --no-patch --format\=\"\%cd\" --date\=iso 5712c6a41dea6cdf32c72d92a763bd417e6606aa {}
updater | 2025/12/02 14:56:23 INFO <job_1171933668> Process PID: 1454 completed with status: pid 1454 exit 0
updater | 2025/12/02 14:56:23 INFO <job_1171933668> Total execution time: 0.01 seconds
2025/12/02 14:56:23 INFO <job_1171933668> Found release date : 2025-12-01 09:32:11 +0000
updater | 2025/12/02 14:56:23 INFO <job_1171933668> Days since release : 1 (cooldown days 7)
2025/12/02 14:56:23 INFO <job_1171933668> Filtered out (cooldown) renovatebot/github-action, 44.0.5
proxy | 2025/12/02 14:56:23 [044] GET https://github.com/renovatebot/github-action.git/info/refs?service=git-upload-pack
2025/12/02 14:56:23 [044] 200 https://github.com/renovatebot/github-action.git/info/refs?service=git-upload-pack (cached)
updater | 2025/12/02 14:56:23 INFO <job_1171933668> Returning current version/ref (no viable filtered release) 42.0.0
proxy | 2025/12/02 14:56:24 [046] GET https://github.com/renovatebot/github-action.git/info/refs?service=git-upload-pack
2025/12/02 14:56:24 [046] 200 https://github.com/renovatebot/github-action.git/info/refs?service=git-upload-pack (cached)
updater | 2025/12/02 14:56:24 INFO <job_1171933668> Latest version is 42.0.0
updater | 2025/12/02 14:56:24 INFO <job_1171933668> No update needed for renovatebot/github-action 42.0.0
Smallest manifest that reproduces the issue
Here is a minimal repository that reproduces the issue:
https://github.com/frozenbonito/dependabot-cooldown
Metadata
Metadata
Assignees
Type
Projects
Status