minimumReleaseAge: doesn't fall back to eligible intermediate version when latest is too young

[baraknaveh]

Verify latest release

• I verified that the issue exists in the latest pnpm release

pnpm version

10.33.0

Which area(s) of pnpm are affected? (leave empty if unsure)

Dependencies resolver

Link to the code that reproduces this issue or a replay of the bug

No response

Reproduction steps

mkdir /tmp/repro && cd /tmp/repro

cat > package.json << 'EOF'
{"name":"repro","packageManager":"pnpm@10.33.0","dependencies":{"lodash":"^4.17.21"}}
EOF

# Set minimumReleaseAge so lodash 4.18.0 (2026-03-31T18:18:42Z) is 60 min past the cutoff,
# but 4.18.1 (2026-04-01T21:01:20Z, ~27h newer) is still too young.
AGE=$(node -e "console.log(Math.ceil((Date.now() - new Date('2026-03-31T18:18:42.717Z').getTime()) / 60000) - 60)")
echo "minimumReleaseAge: $AGE" > pnpm-workspace.yaml

pnpm install
# Actual:   lodash 4.17.23
# Expected: lodash 4.18.0

Describe the Bug

When minimumReleaseAge is set and the latest version matching a range (4.18.1) is too young, pnpm does not fall back to an intermediate version (4.18.0) that is old enough. Instead it stays on the older 4.17.23. This is the same-major variant of #10100, which was fixed for cross-major fallback in v10.20.0.

Expected Behavior

pnpm should install 4.18.0, which satisfies ^4.17.21 and is older than minimumReleaseAge.

Which Node.js version are you using?

24.14.0

Which operating systems have you used?

• macOS
• Windows
• Linux

If your OS is a Linux based, which one it is? (Include the version if relevant)

No response

[nickloeper]

I posted a comment on a similar issue here: #11068