codegen: Exclude very recently released version from candidate for

latest and omitted versions
2026-04-21 15:10:27 +00:00 · 2026-04-05 16:14:59 +09:00
parent 11f5a9921c
commit eab6539ed6
6 changed files with 86 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,14 @@ Note: In this file, do not use the hard wrap in the middle of a sentence for com

 ## [Unreleased]

+- Introduce [dependency cooldown](https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns) when installing with `taiki-e/install-action@<tool_name>`, `tool: <tool_name>@latest`, or `tool: <tool_name>@<omitted_version>` to mitigate the risk of supply chain attacks by default. ([#1666](https://github.com/taiki-e/install-action/pull/1666))
+
+  This action without this cooldown already takes a few hours to a few days for new releases to be reflected (as with other common package managers that verify checksums or signatures), so this should not affect most users.
+
+  See the ["Security" section in readme](https://github.com/taiki-e/install-action#security) for more details.
+
+- Documentation improvements.
+
 ## [2.72.0] - 2026-04-04

 - Support `cargo-xwin`. ([#1659](https://github.com/taiki-e/install-action/pull/1659), thanks @daxpedda)