Add npm dependency release age cooldown

[cristianrgreco]

Summary

• Configure npm to avoid resolving package versions published within the last 7 days.
• Configure Dependabot's npm cooldown to wait 7 days before opening version update PRs, matching npm's install policy.
• Stabilize the OracleFree default-configuration test by allowing the shared startup hook enough time for cold image pulls and avoiding a misleading cleanup error when startup fails.

Verification

• npm ci
• npm run format
• npm run lint
• git diff --check
• npm run test -- packages/modules/oraclefree/src/oraclefree-container.test.ts -t "default configuration"
• Verified npm 10.9.8 accepts min-release-age config without error.

Test Results

• npm ci passed and installed dependencies from the lockfile.
• npm run format passed with no formatting changes.
• npm run lint passed.
• git diff --check passed.
• Focused OracleFree default-configuration test passed: 3 passed, 3 skipped.
• Full local OracleFree test run was attempted but could not complete because local Docker storage is full while creating the custom pluggable database (ORA-27040: No space left on device).

Semver Impact

Patch. This does not change any published package API or runtime behavior. The diff updates repository npm/Dependabot configuration and a test-only OracleFree timeout/cleanup path, so it is not a breaking change.

[netlify]

✅ Deploy Preview for testcontainers-node ready!

Name	Link
🔨 Latest commit	2eb80d9
🔍 Latest deploy log	https://app.netlify.com/projects/testcontainers-node/deploys/6a15bab8b3b8ad00080e87cd
😎 Deploy Preview	https://deploy-preview-1339--testcontainers-node.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0f8f7f7c13

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Guard min-release-age with supported npm version

min-release-age is currently ignored in environments where npm does not implement that config, so this line can create a false sense of protection while installs still resolve freshly published versions. In this repo, running npm commands already emits Unknown project config "min-release-age", which means the policy is not being enforced in those runtimes; given CI/workflows run across multiple Node versions, this should be gated by an npm-version check or accompanied by an explicit npm minimum to ensure the cooldown is actually active.

Useful? React with 👍 / 👎.

[cristianrgreco]

this should be gated by an npm-version check or accompanied by an explicit npm minimum to ensure the cooldown is actually active.

Cooldown is dependabot specific right, not related to the min-release-age config setting?

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e36441baa8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Remove unsupported min-release-age project setting

This repository-level setting is currently not enforced by npm in this environment, so it creates a false security guarantee: running npm --version or npm config --help in the repo prints Unknown project config "min-release-age", which means installs proceed without the intended 7-day gate. Fresh evidence since prior comments: this warning is reproducible against the current tree at commit 5bdef7d5, so the cooldown policy is silently inactive unless you also require an npm version that supports this key.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2eb80d94e4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Remove unsupported min-release-age config

Fresh evidence on this commit: running npm config --help in the repo prints Unknown project config "min-release-age", which means npm ignores this key in the current toolchain and installs are not actually gated by package publish age. That creates a false safety guarantee (Dependabot cooldown only delays Dependabot PRs, not local/CI npm install resolution), so this setting should be removed or guarded by enforcing an npm version that supports it.

Useful? React with 👍 / 👎.