minor #3083 Prevent pnpm to install new packages published the same day (Kocal)

Kocal · Kocal · commit e755af17f340 · 2025-09-16T21:08:44.000+02:00
This PR was merged into the 2.x branch. Discussion ---------- Prevent pnpm to install new packages published the same day | Q | A | ------------- | --- | Bug fix? | no | New feature? | no  | Docs? | no  | Issues | Fix #...  | License | MIT  It should not affect us since we are using a lockfile, but just in case of, we prevent the installation of new packages published in the last 1440 minutes (1 day), which could be malicious packages. See https://pnpm.io/fr/settings#minimumreleaseage Commits ------- 7264fe7 Prevent pnpm to install new packages published the same day
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
     "private": true,
-    "packageManager": "pnpm@10.14.0+sha512.ad27a79641b49c3e481a16a805baa71817a04bbe06a38d17e60e2eaee83f6a146c6a688125f5792e48dd5ba30e7da52a5cda4c3992b9ccf333f9ce223af84748",
+    "packageManager": "pnpm@10.16.1+sha512.0e155aa2629db8672b49e8475da6226aa4bdea85fdcdfdc15350874946d4f3c91faaf64cbdc4a5d1ab8002f473d5c3fcedcd197989cf0390f9badd3c04678706",
     "type": "module",
     "workspaces": [
         "src/*/assets",
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
@@ -20,3 +20,5 @@ packageExtensions:
     '@symfony/ux-leaflet-map':
       dependencies:
         '@symfony/ux-map': 'workspace:*'
+
+minimumReleaseAge: 1440

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"private": true,`
`3`		`- "packageManager": "pnpm@10.14.0+sha512.ad27a79641b49c3e481a16a805baa71817a04bbe06a38d17e60e2eaee83f6a146c6a688125f5792e48dd5ba30e7da52a5cda4c3992b9ccf333f9ce223af84748",`
	`3`	`+ "packageManager": "pnpm@10.16.1+sha512.0e155aa2629db8672b49e8475da6226aa4bdea85fdcdfdc15350874946d4f3c91faaf64cbdc4a5d1ab8002f473d5c3fcedcd197989cf0390f9badd3c04678706",`
`4`	`4`	`"type": "module",`
`5`	`5`	`"workspaces": [`
`6`	`6`	`"src/*/assets",`