chore: configure dependency minimum release age / cooldown

[Piccirello]

Adds a minimum release age ("cooldown") to this repo's package-manager
configuration so newly published dependency versions wait ~7 days before they
can be adopted. This reduces exposure to compromised or unstable packages that
are caught and unpublished shortly after release.

Applied per package manager found in the repo:

• Dependabot (.github/dependabot.yml): cooldown.default-days: 7 per ecosystem
• pnpm (pnpm-workspace.yaml): minimumReleaseAge: 10080 (minutes)
• npm (.npmrc): min-release-age=7 (days)
• yarn (.yarnrc.yml): npmMinimalAgeGate: "7d"
• bun (bunfig.toml): minimumReleaseAge = 604800 (seconds)
• uv (pyproject.toml): exclude-newer = "7 days"

Generated and verified with semgrep (package_managers.* rules); the check passes
after this change.

[github-actions]

posthog-dotnet Compliance Report

Date: 2026-05-28 22:41:01 UTC
Duration: 447ms

⚠️ Some Tests Failed

2/16 tests passed, 14 failed

---

Feature_Flags Tests

⚠️ 2/16 tests passed, 14 failed

View Details

Test	Status	Duration
Request Payload.Request With Person Properties Device Id	❌	35ms
Request Payload.Flags Request Uses V2 Query Param	❌	18ms
Request Payload.Flags Request Hits Flags Path Not Decide	❌	4ms
Request Payload.Flags Request Omits Authorization Header	❌	4ms
Request Payload.Token In Flags Body Matches Init	❌	3ms
Request Payload.Groups Round Trip	❌	4ms
Request Payload.Groups Default To Empty Object	❌	4ms
Request Payload.Person Properties Distinct Id Auto Populated When Caller Omits It	❌	3ms
Request Payload.Disable Geoip False Propagates As Geoip Disable False	❌	4ms
Request Payload.Disable Geoip Omitted Defaults To False	❌	4ms
Request Payload.Flag Keys To Evaluate Contains Only Requested Key	❌	3ms
Request Lifecycle.No Flags Request On Init Alone	✅	3ms
Request Lifecycle.No Flags Request On Normal Capture	✅	164ms
Request Lifecycle.Two Flag Calls Produce Two Remote Requests	❌	5ms
Request Lifecycle.Mock Response Value Is Returned To Caller	❌	3ms
Side Effect Events.Get Feature Flag Captures Feature Flag Called Event	❌	4ms

Failures

request_payload.request_with_person_properties_device_id

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_payload.flags_request_uses_v2_query_param

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_payload.flags_request_hits_flags_path_not_decide

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_payload.flags_request_omits_authorization_header

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_payload.token_in_flags_body_matches_init

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_payload.groups_round_trip

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_payload.groups_default_to_empty_object

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_payload.person_properties_distinct_id_auto_populated_when_caller_omits_it

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_payload.disable_geoip_false_propagates_as_geoip_disable_false

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_payload.disable_geoip_omitted_defaults_to_false

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_payload.flag_keys_to_evaluate_contains_only_requested_key

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_lifecycle.two_flag_calls_produce_two_remote_requests

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

request_lifecycle.mock_response_value_is_returned_to_caller

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

side_effect_events.get_feature_flag_captures_feature_flag_called_event

404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'

[greptile-apps]

_{Reviews (1): Last reviewed commit: "chore: configure dependency minimum rele..." | Re-trigger Greptile}