Skip to content

chore(renovate): add minimumReleaseAge of 3 days#1881

Merged
peppescg merged 4 commits intomainfrom
chore/renovate-minimum-release-age
Mar 31, 2026
Merged

chore(renovate): add minimumReleaseAge of 3 days#1881
peppescg merged 4 commits intomainfrom
chore/renovate-minimum-release-age

Conversation

@peppescg
Copy link
Copy Markdown
Collaborator

@peppescg peppescg commented Mar 31, 2026
edited
Loading

Summary

  • Adds minimumReleaseAge: "3 days" to Renovate config, aligning with the existing min-release-age in .npmrc
  • Renovate will now wait 3 days before proposing new dependency versions, providing defense-in-depth against supply chain attacks

Test plan

  • Verify Renovate validates the config (check Dependency Dashboard issue)
  • Confirm next Renovate PRs respect the 3-day delay

🤖 Generated with Claude Code

@peppescg @claude
chore(renovate): add minimumReleaseAge of 7 days
4005a0c 
Aligns Renovate with the existing min-release-age=7 in .npmrc to provide
defense-in-depth against supply chain attacks. Renovate will now wait
7 days before proposing new dependency versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 31, 2026 08:19
@peppescg peppescg self-assigned this Mar 31, 2026
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates Renovate configuration to delay dependency update proposals until a release has aged for 7 days, intended to reduce risk from newly published (potentially compromised) versions.

Changes:

  • Add minimumReleaseAge: "7 days" to renovate.json Renovate config.

peppescg and others added 3 commits March 31, 2026 10:22
@peppescg @claude
chore: add min-release-age=7 to .npmrc
177acf2 
Blocks installation of npm packages published less than 7 days ago,
reducing exposure to supply chain attacks at install time.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@peppescg @claude
fix: correct min-release-age unit from days to minutes
adf997f 
The .npmrc min-release-age setting uses minutes, not days.
7 days = 10080 minutes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@peppescg @claude
chore: change minimum release age from 7 to 3 days
d95f5bc 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@peppescg peppescg changed the title chore(renovate): add minimumReleaseAge of 7 days chore(renovate): add minimumReleaseAge of 3 days Mar 31, 2026
@peppescg peppescg merged commit 3a17d51 into main Mar 31, 2026
19 checks passed
@peppescg peppescg deleted the chore/renovate-minimum-release-age branch March 31, 2026 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kantord kantord kantord approved these changes

@samuv samuv samuv approved these changes

Assignees

@peppescg peppescg

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@peppescg @kantord @samuv