tools: exclude @node-core/doc-kit from dependabot cooldown

kxxt · kxxt · commit 269f14083a0a · 2026-04-16T21:50:59.000+08:00
`@node-core/doc-kit` is an internal package maintained within the nodejs
organization, which is unlikely to be a direct source of supply-chain
attack. The cooldown only slow down the propagation of new improvements
from doc-kit to Node.js repo and causes surprises.

The cooldown should be configured in the `doc-kit` repository instead.
Currently there is a 3-day cooldown. Maybe we need to increase that to
match the 5-day cooldown used in this repository.

This patch excludes `@node-core/doc-kit` from the cooldown.
Note that `@node-core/doc-kit` is the only dependency in `tools/doc`.
But to be future proof, I did't remove the cooldown directly.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -18,6 +18,8 @@ updates:
       semver-major-days: 5
       semver-minor-days: 5
       semver-patch-days: 5
+      exclude:
+        - "@node-core/doc-kit"
     commit-message:
       prefix: tools
     open-pull-requests-limit: 10
