From 4d352b25482f00b3145623eb49f13544aa3859e9 Mon Sep 17 00:00:00 2001 From: Mark Dumay <61946753+markdumay@users.noreply.github.com> Date: Mon, 13 Jul 2026 15:34:36 +0200 Subject: [PATCH] build(deps): add Dependabot cooldown to clear the pnpm age gate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Dependabot writes new versions into the lockfile without honoring .npmrc, so CI failed on `pnpm install --frozen-lockfile` with ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION whenever a release was less than 24h old. Add a 2-day cooldown to the npm ecosystem. Cooldown is day-granular, so it must be strictly greater than minimum-release-age (1440 min = 1 day). Uses the build type deliberately: this is CI config with no user-facing change, so it must not cut a release. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0cf39c3..9a24791 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -13,3 +13,10 @@ updates: prefix: fix include: scope versioning-strategy: increase + # Must stay strictly greater than .npmrc#minimum-release-age (1440 min = 1 day). + # Cooldown is day-granular, so 2 is the smallest value that clears the gate; + # below it pnpm fails CI with ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION. + cooldown: + default-days: 2 + exclude: + - "@gethinode/*" # mirrors pnpm-workspace.yaml#minimumReleaseAgeExclude