From 952f3e84ca97d0997dd6f23d090691347ce64d1d Mon Sep 17 00:00:00 2001
From: Matthew Schile <mschile@cypress.io>
Date: Wed, 27 May 2026 13:46:32 -0600
Subject: [PATCH] chore: add minimum release age and vulnerability alerts to
 renovate config

Add a 7-day minimum release age for all dependencies to avoid
pulling in potentially unstable new releases. Exempt the cypress
package from this cooldown so updates are available immediately.

Enable OSV vulnerability alerts and bypass the cooldown period
for vulnerability fixes so they are addressed without delay.
---
 renovate.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/renovate.json b/renovate.json
index 706dbd919..51d848bbe 100644
--- a/renovate.json
+++ b/renovate.json
@@ -14,6 +14,11 @@
   ],
   "prConcurrentLimit": 5,
   "prHourlyLimit": 1,
+  "minimumReleaseAge": "7 days",
+  "osvVulnerabilityAlerts": true,
+  "vulnerabilityAlerts": {
+    "minimumReleaseAge": "0 days"
+  },
   "rangeStrategy": "bump",
   "lockFileMaintenance": {
     "enabled": true
@@ -71,6 +76,10 @@
       "matchDepTypes": ["uses-with"],
       "matchPackageNames": ["pnpm"],
       "enabled": false
+    },
+    {
+      "matchPackageNames": ["cypress"],
+      "minimumReleaseAge": "0 days"
     }
   ]
 }