Release Notes / Version 12.2406.3
Table Of ContentsPNPM: minimumReleaseAge is now set to one day by default
To reduce the risk of installing compromised packages, we now utilize the new minimumReleaseAge setting (introduced with 10.20.x) to delay the installation of newly published versions for 1 day. As in most cases, malicious releases are discovered and removed from the registry within an hour this is meant to protect us sufficiently while still being able to install fixes for other security issues in time.
Follow Section, “PNPM: minimumReleaseAge is now set to one day by default” for upgrade information.
(CMS-28594)
Node.js 24 and PNPM 10.24.0 Upgrade
Node was upgraded to the latest LTS version 24.11.1
PNPM has received a minor upgrade to 10.24.0
Introduced the "devEngines" field in the studio-client and frontend workspace to avoid that the wrong Node.js version is used. This basically also makes sure that the correct package manager version is used, however not all package managers support this flag equally. This is why we also keep the "engines" and "packageManager" entries for now.
(CMS-28547)
