From a3e678bd606f8c2cdca13e6f9275d02d77fe91c3 Mon Sep 17 00:00:00 2001 From: Blaine Jester Date: Tue, 31 Mar 2026 08:02:25 -0700 Subject: [PATCH 1/2] Add minReleaseAge to pnpm settings to reduce likelihood of supply chain compromises --- package.json | 2 +- pnpm-workspace.yaml | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 pnpm-workspace.yaml diff --git a/package.json b/package.json index d8000e1e1c..9a91c8008b 100644 --- a/package.json +++ b/package.json @@ -183,7 +183,7 @@ "> 1%", "Firefox ESR" ], - "packageManager": "pnpm@10.12.4+sha512.5ea8b0deed94ed68691c9bad4c955492705c5eeb8a87ef86bc62c74a26b037b08ff9570f108b2e4dbd1dd1a9186fea925e527f141c648e85af45631074680184", + "packageManager": "pnpm@10.33.0+sha512.10568bb4a6afb58c9eb3630da90cc9516417abebd3fabbe6739f0ae795728da1491e9db5a544c76ad8eb7570f5c4bb3d6c637b2cb41bfdcdb47fa823c8649319", "volta": { "node": "20.19.3", "pnpm": "10.12.4" diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml new file mode 100644 index 0000000000..6f2592daf3 --- /dev/null +++ b/pnpm-workspace.yaml @@ -0,0 +1,8 @@ +# minimum number of minutes +minimumReleaseAge: 10080 +minimumReleaseAgeExclude: + - kolibri-constants + - kolibri-design-system + - kolibri-logging + - kolibri-format + - kolibri-tools From 642cc260af4b8d56283dacce4569d64740aac6f4 Mon Sep 17 00:00:00 2001 From: Blaine Jester Date: Tue, 31 Mar 2026 10:00:04 -0700 Subject: [PATCH 2/2] Add excludes for dependency cool downs --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fda197ed70..e26f73f449 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -20,6 +20,12 @@ updates: time: "00:00" cooldown: default-days: 7 + exclude: + - kolibri-constants + - kolibri-design-system + - kolibri-logging + - kolibri-format + - kolibri-tools groups: babel: patterns: