chore: exempt lock file maintenance from minimumReleaseAge check

[escapedcat]

Lock file maintenance updates are package-manager-controlled and have no release timestamp, so the minimumReleaseAge (renovate/stability-days) status check can never pass. These PRs sit pending forever (e.g. #4786, #4775) even though all real CI is green and the check is non-required.

Add a packageRule setting minimumReleaseAge: null for the lockFileMaintenance update type, mirroring Renovate's own security:minimumReleaseAgeNpm preset ("Do not require Minimum Release Age for update types that are controlled by the package manager"). The 3-day gate and internalChecksFilter: strict stay in effect for all regular dependency updates.

[qodo-code-review]

Review Summary by Qodo

Exempt lock file maintenance from minimumReleaseAge check

✨ Enhancement

Walkthroughs

Description

• Exempt lock file maintenance from minimumReleaseAge check
• Add packageRule setting minimumReleaseAge to null
• Prevent lock maintenance PRs from pending indefinitely
• Mirror Renovate's security:minimumReleaseAgeNpm preset behavior

Diagram

flowchart LR
  A["Renovate Config"] -->|packageRule added| B["Lock File Maintenance"]
  B -->|minimumReleaseAge: null| C["Skip stability check"]
  C -->|Regular updates unaffected| D["3-day gate remains"]

Loading

File Changes

1. package.json ⚙️ Configuration changes +10/-1

Add packageRule exempting lock maintenance from stability check

• Added packageRules array to Renovate configuration
• Created rule matching lockFileMaintenance update type
• Set minimumReleaseAge to null for lock maintenance updates
• Included detailed description explaining the exemption rationale

package.json

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Great, no issues found!

Qodo reviewed your code and found no material issues that require review