chore(bun): update bunfig.toml

[waleedlatif1]

Summary

• update bunfig.toml

Type of Change

• Security

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview, Comment	Apr 2, 2026 0:21am

[cursor]

PR Summary

Low Risk
Low risk config-only change that may slightly slow dependency upgrades by delaying very new package releases during bun install. No application logic is modified.

Overview
Adds minimumReleaseAge = 259200 to bunfig.toml under [install], instructing Bun to avoid installing package versions released within the last 3 days.

This is a dependency-install policy change only; runtime configuration and application code are unchanged.

^{Written by Cursor Bugbot for commit 7b0f4ae. Configure here.}

[greptile-apps]

Greptile Summary

This PR adds a single line to bunfig.toml that configures Bun's minimumReleaseAge setting to 259200 seconds (72 hours / 3 days). This is a supply-chain security hardening measure that instructs Bun's package manager to refuse to install any package version that was published less than 3 days ago, reducing exposure to fast-moving dependency-confusion or typosquatting attacks.

• minimumReleaseAge = 259200: Enforces a 3-day minimum age for any installed package version — a recognised best-practice defense against supply-chain attacks targeting newly-published malicious packages.
• No application logic, tests, or other configuration files are affected.

Confidence Score: 5/5

• This PR is safe to merge — it adds a well-understood, low-risk security hardening option with no functional side-effects beyond install-time package age validation.
• The change is a single-line addition of a recognised Bun security setting. The value (259200 s = 3 days) is correct and intentional. No logic, tests, or APIs are altered, and no issues were found.
• No files require special attention.

Important Files Changed

Filename	Overview
bunfig.toml	Adds minimumReleaseAge = 259200 (72 hours / 3 days) to the [install] section as a supply-chain security guard — requires any package version to have been published for at least 3 days before Bun will install it.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[bun install] --> B{Check package version age}
    B -->|age >= 259200s / 3 days| C[✅ Install package]
    B -->|age < 259200s / 3 days| D[❌ Reject — too new]
    D --> E[Supply-chain attack risk mitigated]
    C --> F[Dependency installed normally]

Loading

_{Reviews (1): Last reviewed commit: "chore(bun): update bunfig.toml" | Re-trigger Greptile}