And when you actually need a super hot fix for a 0-day, you will need to revert this and keep it that way for some time to then go back to minimum age.

While this works, we stillneed a permanent solution which requires a sort of vetting process, rather than blindly letting everything through.

▲

matijs 3 hours ago | parent | next [-]

pnpm since v10.19.0 allows excluding specific dependencies from minReleaseAge by version.

▲

cortesoft 4 hours ago | parent | prev [-]

Who will do the vetting process?

	▲	password4321 3 hours ago \| parent \| next [-]
		I think my vetting would settle for a repo diff against the previous version, confirming the only difference was the security fix (though that doesn't cover all the bases).
	▲	pvillano 3 hours ago \| parent \| prev [-]
		Jia Tan