🚀 Feature: Increase Renovate minimumReleaseAge to 7 days

[JoshuaKGoldberg]

Bug Report Checklist

• I have pulled the latest main branch of the repository.
• I have searched for related issues and found none that matched my issue.

Overview

For a while now, this template has set Renovate's minimumReleaseAge to 3 days. That's the time threshold for an npm package to be unable to be unpublished. It also has the nice benefit of giving some time for the community to catch & patch a malicious version of a previously ok package.

But, 3 days isn't a super long amount of time. If something releases on a Friday then folks might not have fully caught+patched it by Monday. I've been thinking for a while of increasing it to a full week.

Request: every place in this repo that says "3 days" should instead say "7 days". That includes .github/renovate.json and createDotGitHubFiles.ts.

Additional Info

See docs on: https://docs.renovatebot.com/configuration-options/#minimumreleaseage

[rubiesonthesky]

I don't think setting minimumReleaseAge to 7 days will help with the case you are thinking. If library publishes version X on Friday, but then patches it on Monday then using 7 minimum 7 days will mean: Your project will update to broken version on next Friday and it will get the fixed version on next Monday. So you are in any case lagging behind and you can get some broken version.

Better ways to handle this would be to disable automerge or disabling automerge for major versions, so you could be more sure that there is no breaking changes. But neither is really what you are hoping here. :/