Skip to content

Add minimumReleaseAge to pnpm config#2943

Merged
RobinTail merged 2 commits intomasterfrom
pnpm-minimumReleaseAge
Sep 17, 2025
Merged

Add minimumReleaseAge to pnpm config#2943
RobinTail merged 2 commits intomasterfrom
pnpm-minimumReleaseAge

Conversation

@RobinTail
Copy link
Copy Markdown
Owner

@RobinTail RobinTail commented Sep 16, 2025
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated dependency update policy to require a 2-day minimum before adopting new releases, with an exclusions list for select tooling libraries (e.g., types, linters, test/run tooling). No functional or UI changes for end users; this improves build stability and reduces risk from immediate upstream updates.

@RobinTail RobinTail added dependencies Pull requests that update a dependency file prevention labels Sep 16, 2025
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Sep 16, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

Adds minimumReleaseAge: 2880 and a minimumReleaseAgeExclude list including @types/node, eslint, express, http-errors, typescript, tsx, vitest, and zod to pnpm-workspace.yaml. No other files or settings changed.

Changes

Cohort / File(s) Summary of Changes
Workspace policy config
pnpm-workspace.yaml		 Adds minimumReleaseAge: 2880 and a minimumReleaseAgeExclude list for packages: @types/node, eslint, express, http-errors, typescript, tsx, vitest, zod.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

  • Add minimumReleaseAge to pnpm config #2943 — Modifies pnpm-workspace.yaml to add the same minimumReleaseAge setting and an overlapping minimumReleaseAgeExclude list (includes @types/node), indicating a direct code-level relation.

Poem

I nibble at lines of YAML bright, 🐇
A timer set to guard the night.
Some packages sprint, exempted, free,
While others wait—patient as me.
Hop, tweak, commit — the workspace hums with glee.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title "Add minimumReleaseAge to pnpm config" accurately and concisely summarizes the primary change in pnpm-workspace.yaml (adding minimumReleaseAge and an exclude list) and is directly relevant to the changeset, so a reviewer scanning history will understand the main intent of the PR.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4a3018f and ddf2ba8.

📒 Files selected for processing (1)
  • pnpm-workspace.yaml (1 hunks)

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coveralls-official
Copy link
Copy Markdown

coveralls-official Bot commented Sep 16, 2025

Coverage Status

coverage: 100.0%. remained the same
when pulling 4a3018f on pnpm-minimumReleaseAge
into 52a6be5 on master.

coderabbitai[bot]
coderabbitai Bot reviewed Sep 16, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
pnpm-workspace.yaml (2)

15-15: Clarify the quarantine window inline.

Add a brief inline comment to make the 2‑day window obvious to future maintainers.

-minimumReleaseAge: 2880
+minimumReleaseAge: 2880 # 2 days

16-23: Add '@types/node' to minimumReleaseAgeExclude

package.json contains "@types/node" (^24.0.0); add it so type-only bumps aren't blocked.

 minimumReleaseAgeExclude:
   - eslint
   - express
   - http-errors
   - typescript
   - tsx
   - vitest
   - zod
+  - '@types/node'
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 52a6be5 and 4a3018f.

📒 Files selected for processing (1)
  • pnpm-workspace.yaml (1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings 
Learnt from: RobinTail
PR: RobinTail/express-zod-api#2697
File: CHANGELOG.md:5-5
Timestamp: 2025-06-02T21:11:20.768Z
Learning: In the express-zod-api repository, RobinTail follows a release workflow where package.json version is only updated on the master branch after merging all planned release changes. Changelog entries may show future version numbers while package.json remains at the previous version during feature development, and this is intentional workflow, not a version inconsistency that needs to be flagged.

Learnt from: RobinTail
PR: RobinTail/express-zod-api#0
File: :0-0
Timestamp: 2025-05-28T19:19:27.727Z
Learning: In pnpm workspaces, most configuration can now be done directly in pnpm-workspace.yaml using the `settings` section instead of requiring .npmrc files. This includes workspace linking, dependency resolution, and performance settings.
📚 Learning: 2025-05-28T19:19:27.727Z 
Learnt from: RobinTail
PR: RobinTail/express-zod-api#0
File: :0-0
Timestamp: 2025-05-28T19:19:27.727Z
Learning: In pnpm workspaces, most configuration can now be done directly in pnpm-workspace.yaml using the `settings` section instead of requiring .npmrc files. This includes workspace linking, dependency resolution, and performance settings.

Applied to files:

  • pnpm-workspace.yaml
🔇 Additional comments (2)
pnpm-workspace.yaml (2)

15-23: Good defense-in-depth addition.

Time-delaying new releases with targeted exclusions reduces supply‑chain risk without blocking common dev‑tool updates.

15-23: minimumReleaseAge belongs in Renovate config, not pnpm-workspace.yaml

  • minimumReleaseAge (formerly stabilityDays) is a Renovate configuration option — put it in renovate.json or .github/renovate.json; it is not a pnpm workspace key. (docs.renovatebot.com)
  • Repo check: root package.json pins [email protected] and there is a root renovate.json that currently doesn’t set minimumReleaseAge — the entries in pnpm-workspace.yaml (lines 15–23) will be ignored.
  • minimumReleaseAgeExclude is not a documented Renovate field; use packageRules.matchPackageNames to exempt or override packages instead. (docs.renovatebot.com)
  • Note: Dependabot also offers a cooldown/minimum-age feature — if you run Dependabot too, avoid configuring both tools to wait (you’ll double-delay updates). (github.blog)

Likely an incorrect or invalid review comment.

@RobinTail RobinTail merged commit 27bf754 into master Sep 17, 2025
10 of 11 checks passed
@RobinTail RobinTail deleted the pnpm-minimumReleaseAge branch September 17, 2025 09:21
@coderabbitai coderabbitai Bot mentioned this pull request Oct 21, 2025
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Oct 29, 2025
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Nov 29, 2025
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Mar 25, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file prevention

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RobinTail