Skip to content

ci(renovate): enforce 3-day minimum release age for npm packages#405

Merged
jerome-benoit merged 2 commits into
mainfrom
ci/renovate-min-release-age-npm
May 26, 2026
Merged

ci(renovate): enforce 3-day minimum release age for npm packages#405
jerome-benoit merged 2 commits into
mainfrom
ci/renovate-min-release-age-npm

Conversation

@jerome-benoit
Copy link
Copy Markdown
Contributor

@jerome-benoit jerome-benoit commented May 26, 2026

Extend the Renovate config with the official security:minimumReleaseAgeNpm
preset so that Renovate waits 3 days after publication before creating PRs
for any npm/pnpm dependency.

This adds a buffer against unpublished or freshly-broken releases (e.g.
malicious packages, npm unpublish window, transient registry/lockfile
resolution issues).

Mirrors SAP/e-mobility-charging-stations-simulator@1910335.

@jerome-benoit
ci(renovate): enforce 3-day minimum release age for npm packages
08bbe4d 
Extend the Renovate config with the official 'security:minimumReleaseAgeNpm'
preset so that Renovate waits 3 days after publication before creating PRs
for any npm/pnpm dependency. This adds a buffer against unpublished or
freshly-broken releases (e.g. malicious packages, npm unpublish window,
transient registry/lockfile resolution issues).
Copilot AI review requested due to automatic review settings May 26, 2026 18:25
@jerome-benoit jerome-benoit merged commit a942030 into main May 26, 2026
6 checks passed
@jerome-benoit jerome-benoit review requested due to automatic review settings May 26, 2026 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jerome-benoit