Skip to content

fix: 5d minimumReleaseAge for npm updates#94

Merged
r0binary-sap merged 1 commit into
mainfrom
feature/DEVX-750-renove-minimum-release-age-not-considered
May 11, 2026
Merged

fix: 5d minimumReleaseAge for npm updates#94
r0binary-sap merged 1 commit into
mainfrom
feature/DEVX-750-renove-minimum-release-age-not-considered

Conversation

@r0binary-sap
Copy link
Copy Markdown
Contributor

@r0binary-sap r0binary-sap commented May 11, 2026

WHY The definition for minimumReleaseAge in the security:minimumReleaseAgeNpm preset overrode the global definition leading to unexpected behavior.

WHAT Define a packageRule overriding definitions in security:minimumReleaseAgeNpm preset

@r0binary-sap
fix: 5d minimumReleaseAge for npm updates
a83d173 
**WHY**
The definition for minimumReleaseAge in the security:minimumReleaseAgeNpm preset overrode the global definition leading to unexpected behavior.

**WHAT**
Define a packageRule overriding definitions in security:minimumReleaseAgeNpm preset
@r0binary-sap r0binary-sap requested a review from a team as a code owner May 11, 2026 15:18
@internal-ai-adoption-analytics
Copy link
Copy Markdown

internal-ai-adoption-analytics Bot commented May 11, 2026
edited by r0binary-sap
Loading

📊 Survey: Please help us track internal AI adoption. This is not for evaluation, only for metrics. You can update this anytime before merge.
🤖 Which AI developer tool(s), if any, were used to assist with this PR? Please tick one or more boxes below:

  • None
  • Cline
  • Claude Code
  • Cursor
  • GitHub Copilot
  • Other

🧑‍💻 If AI was used, what was it mainly used for?

  • Coding / Implementation
  • Testing (unit, integration, e2e)
  • Documentation
  • Research / Investigation
  • Refactoring / Cleanup
  • Configuration / DevOps
  • Other

Thank you in advance for your feedback.💙🙏🎉
Here's a joke to brighten your day: Crystal ball says: One day, AI will write better commit messages than humans! 💎

@hyperspace-insights
Copy link
Copy Markdown

hyperspace-insights Bot commented May 11, 2026

Summary

The following content is AI-generated and provides a summary of the pull request:

Fix: Enforce 5-Day minimumReleaseAge for npm Updates

Bug Fix

🐛 The minimumReleaseAge global setting was being overridden by a more specific packageRule in the security:minimumReleaseAgeNpm preset, causing npm packages to bypass the intended 5-day release age check. This fix ensures the 5-day minimum release age is consistently applied to npm packages.

Changes

  • default.json: Removed the global internalChecksFilter, minimumReleaseAge, and minimumReleaseAgeBehaviour definitions, as these are now managed centrally in the security preset.
  • renovate-presets/security.json5: Moved the internalChecksFilter, minimumReleaseAge, and minimumReleaseAgeBehaviour settings into the security preset. Added an explicit packageRule targeting the npm datasource to override the more specific rule from security:minimumReleaseAgeNpm, ensuring the 5-day release age is enforced for npm packages.
  • 🔄 Regenerate and Update Summary
  • ✏️ Insert as PR Description (deletes this comment)
  • 🗑️ Delete comment
PR Bot Information

Version: 1.20.46

  • Summary Prompt: Default Prompt
  • LLM: anthropic--claude-4.6-sonnet
  • Event Trigger: pull_request.opened
  • File Content Strategy: Full file content
  • Correlation ID: 14ad358c-c35f-40ad-a725-88580d1c7158
  • Output Template: Default Template

hyperspace-insights[bot]
hyperspace-insights Bot reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown

@hyperspace-insights hyperspace-insights Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR correctly moves the minimumReleaseAge/internalChecksFilter settings from default.json into security.json5 so they apply wherever the security preset is extended. However, there are two issues flagged: a misspelled config key (minimumReleaseAgeBehaviourminimumReleaseAgeBehavior) that would cause silent misconfiguration, and a concern about whether the packageRules override for npm actually achieves its stated goal given Renovate's rule-ordering precedence.

PR Bot Information

Version: 1.20.46

  • File Content Strategy: Full file content
  • Event Trigger: pull_request.opened
  • Correlation ID: 14ad358c-c35f-40ad-a725-88580d1c7158
  • LLM: anthropic--claude-4.6-sonnet

Comment thread renovate-presets/security.json5
Comment thread renovate-presets/security.json5
r0binary-sap
r0binary-sap commented May 11, 2026
View reviewed changes
Comment thread default.json
@r0binary-sap r0binary-sap merged commit a5c6749 into main May 11, 2026
4 checks passed
@r0binary-sap r0binary-sap deleted the feature/DEVX-750-renove-minimum-release-age-not-considered branch May 11, 2026 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hyperspace-insights hyperspace-insights[bot] hyperspace-insights[bot] left review comments

@KryptonBD KryptonBD KryptonBD approved these changes

@StefanKuerten1234 StefanKuerten1234 StefanKuerten1234 approved these changes

@kostas-petrakis kostas-petrakis Awaiting requested review from kostas-petrakis kostas-petrakis is a code owner automatically assigned from leanix/team-butterfly

@liudmyla-b liudmyla-b Awaiting requested review from liudmyla-b liudmyla-b is a code owner automatically assigned from leanix/team-butterfly

@timovankissing-leanix timovankissing-leanix Awaiting requested review from timovankissing-leanix timovankissing-leanix is a code owner automatically assigned from leanix/team-butterfly

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@r0binary-sap @KryptonBD @StefanKuerten1234