From 5ec3a8148d7e20ee4dcd038415526600c110eef9 Mon Sep 17 00:00:00 2001 From: MK Date: Tue, 16 Jun 2026 20:56:53 +0800 Subject: [PATCH 1/2] ci: hold Renovate PRs until packages pass sfw minimumReleaseAge CI runs `sfw vp install`, which enforces pnpm's minimumReleaseAge cooldown. Renovate opened update PRs immediately on release, so the lockfile failed the supply-chain policy check with ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION. Add minimumReleaseAge: "3 days" for all npm packages so updates age past the cooldown before a PR opens, and keep "0 days" for the vite-plus group since those are already in minimumReleaseAgeExclude. --- renovate.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index a6963b0b..b25f0256 100644 --- a/renovate.json +++ b/renovate.json @@ -2,6 +2,10 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:recommended"], "packageRules": [ + { + "matchDatasources": ["npm"], + "minimumReleaseAge": "3 days" + }, { "groupName": "vite-plus", "matchPackageNames": [ @@ -9,7 +13,8 @@ "@voidzero-dev/vite-plus-core", "@voidzero-dev/vite-plus-test", "@vitest/coverage-v8" - ] + ], + "minimumReleaseAge": "0 days" } ] } From 778f5588484b67337846177e8b2b78b9cd7add8b Mon Sep 17 00:00:00 2001 From: MK Date: Tue, 16 Jun 2026 20:59:36 +0800 Subject: [PATCH 2/2] ci: use glob patterns for vite-plus group to match pnpm-workspace exclude --- renovate.json | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/renovate.json b/renovate.json index b25f0256..be7c3094 100644 --- a/renovate.json +++ b/renovate.json @@ -8,12 +8,7 @@ }, { "groupName": "vite-plus", - "matchPackageNames": [ - "vite-plus", - "@voidzero-dev/vite-plus-core", - "@voidzero-dev/vite-plus-test", - "@vitest/coverage-v8" - ], + "matchPackageNames": ["vite-plus", "@voidzero-dev/*", "@vitest/*"], "minimumReleaseAge": "0 days" } ]