feat: add support for exact versions in minimumReleaseAgeExclude
#10059
Conversation
ryo-manba
force-pushed
the
feat/minimum-release-age-exclude-exact-version
branch
from
e159099 to
abfb17f
Compare
ryo-manba
force-pushed
the
feat/minimum-release-age-exclude-exact-version
branch
from
ae2749a to
de39ed6
Compare
| }, { | ||
| ...opts, | ||
| patchedDependencies: undefined, | ||
| offline: true, |
There was a problem hiding this comment.
CI tests failed due to store sharing issues between projects using different testDefaults() configs.
See: https://github.com/pnpm/pnpm/actions/runs/18424090647/job/52502860033
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for exact versions in minimumReleaseAgeExclude configuration to bypass minimumReleaseAge filtering for manually verified packages. Users can now specify patterns like [email protected] to exclude specific versions from minimum release age checks, while semver ranges are intentionally rejected for security reasons.
Key changes:
- Introduces
createVersionMatcherfunction to handle exact version patterns with||unions - Replaces string-only matching with version-aware matching that returns exact version arrays
- Updates resolver pipeline to pass version exclusion data through
publishedByExcludeparameter
Reviewed Changes
Copilot reviewed 22 out of 23 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| config/matcher/src/index.ts | Implements new createVersionMatcher function with exact version parsing and validation |
| config/matcher/test/index.ts | Adds comprehensive tests for version matching functionality |
| reviewing/outdated/src/createManifestGetter.ts | Updates to use new version matcher and pass exclusions to resolver |
| resolving/npm-resolver/src/pickPackageFromMeta.ts | Integrates version exclusions into package metadata filtering |
| pkg-manager/resolve-dependencies/src/resolveDependencyTree.ts | Switches from createMatcher to createVersionMatcher |
| registry/pkg-metadata-filter/src/index.ts | Adds support for trusted versions in publish date filtering |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 19 out of 20 changed files in this pull request and generated 1 comment.
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 23 out of 24 changed files in this pull request and generated 1 comment.
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
2 participants
Fixes #9985
Allows specifying exact versions like
[email protected]inminimumReleaseAgeExcludeto bypassminimumReleaseAgefiltering for manually verified packages.Semver ranges (
^,~,>=) are intentionally rejected for security.Users must verify each version individually to prevent unverified versions from being automatically included.