Add minReleaseAge to pnpm settings to reduce likelihood of supply chain compromises

bjester · bjester · commit a3e678bd606f · 2026-03-31T10:01:09.000-07:00
diff --git a/package.json b/package.json
@@ -183,7 +183,7 @@
     "> 1%",
     "Firefox ESR"
   ],
-  "packageManager": "pnpm@10.12.4+sha512.5ea8b0deed94ed68691c9bad4c955492705c5eeb8a87ef86bc62c74a26b037b08ff9570f108b2e4dbd1dd1a9186fea925e527f141c648e85af45631074680184",
+  "packageManager": "pnpm@10.33.0+sha512.10568bb4a6afb58c9eb3630da90cc9516417abebd3fabbe6739f0ae795728da1491e9db5a544c76ad8eb7570f5c4bb3d6c637b2cb41bfdcdb47fa823c8649319",
   "volta": {
     "node": "20.19.3",
     "pnpm": "10.12.4"
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
@@ -0,0 +1,8 @@
+# minimum number of minutes
+minimumReleaseAge: 10080
+minimumReleaseAgeExclude:
+  - kolibri-constants
+  - kolibri-design-system
+  - kolibri-logging
+  - kolibri-format
+  - kolibri-tools
