From 3bd79b51ff910e8d70780ba421a5afafe30bcd38 Mon Sep 17 00:00:00 2001 From: Hiroshi Muraoka Date: Wed, 20 May 2026 16:29:55 +0900 Subject: [PATCH 1/3] chore: gate package install with minimumReleaseAge (#116122) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit milo audit で cooldown 未設定として検出されたため、 Renovate config に `minimumReleaseAge: "7 days"` を追加する。 Refs: knowledge-work/knowledgework#116122 Co-Authored-By: Claude Opus 4.7 (1M context) --- renovate.json | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json b/renovate.json index dd383a5..894fa97 100644 --- a/renovate.json +++ b/renovate.json @@ -1,6 +1,7 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:base"], + "minimumReleaseAge": "7 days", "packageRules": [ { "depTypeList": ["dependencies"], "groupName": "dependencies" }, { "depTypeList": ["devDependencies"], "groupName": "devDependencies" } From 9e0b8eb854715cc277061b70633a01e8b097d295 Mon Sep 17 00:00:00 2001 From: Hiroshi Muraoka Date: Wed, 20 May 2026 23:29:37 +0900 Subject: [PATCH 2/3] chore: deny lifecycle scripts via .npmrc (#116124) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit milo policy MUST: 全 JS / TS repo に .npmrc#ignore-scripts=true。 cross-PM (npm 経路 等) で lifecycle script を一律 block する kill switch を 追加し、 save-exact=true も併設する。 Refs: knowledge-work/knowledgework#116124 Co-Authored-By: Claude Opus 4.7 (1M context) --- .npmrc | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .npmrc diff --git a/.npmrc b/.npmrc new file mode 100644 index 0000000..7c6e338 --- /dev/null +++ b/.npmrc @@ -0,0 +1,2 @@ +ignore-scripts=true +save-exact=true From 5efa50ce7624d3cd262e92fb9ae23f91d7dfea05 Mon Sep 17 00:00:00 2001 From: Hiroshi Muraoka Date: Thu, 21 May 2026 16:05:42 +0900 Subject: [PATCH 3/3] chore: pin node + pnpm via mise MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit cooldown (pnpm v11+ minimumReleaseAge / npm v11.10+ min-release-age) を 有効化するため node + pnpm を mise.toml で固定。 --- mise.lock | 10 ++++++++++ mise.toml | 2 ++ 2 files changed, 12 insertions(+) create mode 100644 mise.lock create mode 100644 mise.toml diff --git a/mise.lock b/mise.lock new file mode 100644 index 0000000..c15e586 --- /dev/null +++ b/mise.lock @@ -0,0 +1,10 @@ +[[tools.node]] +version = "24.15.0" +backend = "core:node" +"platforms.linux-arm64" = { checksum = "sha256:73afc234d558c24919875f51c2d1ea002a2ada4ea6f83601a383869fefa64eed", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-arm64.tar.gz"} +"platforms.linux-arm64-musl" = { checksum = "sha256:73afc234d558c24919875f51c2d1ea002a2ada4ea6f83601a383869fefa64eed", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-arm64.tar.gz"} +"platforms.linux-x64" = { checksum = "sha256:44836872d9aec49f1e6b52a9a922872db9a2b02d235a616a5681b6a85fec8d89", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-x64.tar.gz"} +"platforms.linux-x64-musl" = { checksum = "sha256:44836872d9aec49f1e6b52a9a922872db9a2b02d235a616a5681b6a85fec8d89", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-x64.tar.gz"} +"platforms.macos-arm64" = { checksum = "sha256:372331b969779ab5d15b949884fc6eaf88d5afe87bde8ba881d6400b9100ffc4", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-darwin-arm64.tar.gz"} +"platforms.macos-x64" = { checksum = "sha256:ffd5ee293467927f3ee731a553eb88fd1f48cf74eebc2d74a6babe4af228673b", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-darwin-x64.tar.gz"} +"platforms.windows-x64" = { checksum = "sha256:cc5149eabd53779ce1e7bdc5401643622d0c7e6800ade18928a767e940bb0e62", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-win-x64.zip"} diff --git a/mise.toml b/mise.toml new file mode 100644 index 0000000..4581550 --- /dev/null +++ b/mise.toml @@ -0,0 +1,2 @@ +[tools] +node = "24.15.0"