From: Jérôme Benoit <jerome.benoit@sap.com>
Date: Tue, 26 May 2026 17:40:45 +0000 (+0200)
Subject: ci(renovate): enforce 3-day minimum release age for npm packages
X-Git-Tag: cli@v4.8.0~16
X-Git-Url: https://git.piment-noir.org/?a=commitdiff_plain;h=191033595c4507db7a06720a44293f84d8e913c8;p=e-mobility-charging-stations-simulator.git

ci(renovate): enforce 3-day minimum release age for npm packages

Extend the Renovate config with the official 'security:minimumReleaseAgeNpm'
preset so that Renovate waits 3 days after publication before creating PRs
for any npm/pnpm dependency. This adds a buffer against unpublished or
freshly-broken releases (e.g. malicious packages, npm unpublish window,
transient registry/lockfile resolution issues).
---

diff --git a/renovate.json b/renovate.json
index 04ee6bf6..5f2d1bb1 100644
--- a/renovate.json
+++ b/renovate.json
@@ -6,7 +6,8 @@
     ":configMigration",
     "group:allNonMajor",
     "schedule:daily",
-    ":maintainLockFilesWeekly"
+    ":maintainLockFilesWeekly",
+    "security:minimumReleaseAgeNpm"
   ],
   "ignorePresets": [":ignoreModulesAndTests"],
   "ignorePaths": [