Skip to content

chore: DH-22173: Use min-release-age flag in npm for extra security#2652

Merged
vbabich merged 4 commits intodeephaven:mainfrom
vbabich:vlad_dh-22173
Apr 7, 2026
Merged

chore: DH-22173: Use min-release-age flag in npm for extra security#2652
vbabich merged 4 commits intodeephaven:mainfrom
vbabich:vlad_dh-22173

Conversation

@vbabich
Copy link
Copy Markdown
Collaborator

@vbabich vbabich commented Apr 7, 2026
edited
Loading

  • Set min-release-age to 3 days

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 7, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.51%. Comparing base (e47ed60) to head (14b466d).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2652      +/-   ##
==========================================
- Coverage   49.76%   49.51%   -0.26%     
==========================================
  Files         774      774              
  Lines       43872    43872              
  Branches    11295    11109     -186     
==========================================
- Hits        21835    21724     -111     
- Misses      22019    22130     +111     
  Partials       18       18
Flag Coverage Δ
unit 49.51% <ø> (-0.26%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@vbabich vbabich self-assigned this Apr 7, 2026
@vbabich vbabich requested a review from Copilot April 7, 2026 01:25
Copilot AI reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates npm install hardening by enforcing a minimum package release age before installation.

Changes:

  • Add min-release-age=3 to the repository .npmrc configuration.
  • Update package-lock.json accordingly.

Reviewed changes

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

File Description
.npmrc Enables npm’s min-release-age setting alongside existing security-related npm config.
package-lock.json Lockfile update to reflect the updated npm install behavior/config.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .npmrc
@vbabich vbabich requested a review from Copilot April 7, 2026 01:31
Copilot AI reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@vbabich vbabich marked this pull request as ready for review April 7, 2026 14:39
@vbabich vbabich requested review from a team and mattrunyon and removed request for a team April 7, 2026 14:39
@vbabich vbabich merged commit 4239d0b into deephaven:main Apr 7, 2026
14 of 15 checks passed
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 7, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@mattrunyon mattrunyon mattrunyon approved these changes

Assignees

@vbabich vbabich

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vbabich @mattrunyon