Skip to content

Commit 05d06eb

Browse files
Merge pull request #690 from headmin/dev_2.0
Add python cooldown
2 parents f733456 + 9957410 commit 05d06eb

1 file changed

Lines changed: 12 additions & 0 deletions

File tree

pyproject.toml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,18 @@ Source = "https://github.com/usnistgov/macos_security"
5454
[project.scripts]
5555
mscp = "mscp.__main__:main"
5656

57+
[tool.uv]
58+
# Dependency cooldown: the resolver ignores any release published less than a
59+
# week ago, so `uv lock` / `uv add` / `uv sync` won't adopt a brand-new (and
60+
# possibly compromised) version. Mirrors the 7-day cooldown in .renovaterc.json5.
61+
# Accepts a friendly duration ("1 week"), ISO 8601 ("P7D"), or an RFC 3339 date.
62+
# NOTE: this also delays security fixes — pair with an independent scanner.
63+
exclude-newer = "1 week"
64+
# Escape hatch: opt a single package OUT of the cooldown when you need a fix
65+
# immediately, e.g. exclude-newer-package = { some-package = false }
66+
# Remove the override once the cooldown is acceptable for that package again.
67+
# exclude-newer-package = {}
68+
5769
[tool.hatch.version]
5870
path = "src/mscp/__init__.py"
5971

0 commit comments

Comments
 (0)