chore: bump bun to v1.3 and add minimumReleaseAge

[HugoRCD]

Summary

Two related changes to harden the supply chain.

1. Bump bun to v1.3

packageManager: bun@1.2.4 → bun@1.3.14. Required to use the minimumReleaseAge setting added in bun 1.3.

2. Add minimumReleaseAge to harden supply chain

New bunfig.toml:

[install]
minimumReleaseAge = 172800
minimumReleaseAgeExcludes = ["@nuxt/*", "@nuxtjs/*", "nuxt", "nuxt-*", "@vercel/*", "@ai-sdk/*", "ai"]

Sets a 2-day minimum age (172800 seconds) before any newly published dependency can resolve. Trusted-source allowlist exempts the Nuxt and Vercel ecosystems.

Test plan

• bun install resolves cleanly with v1.3.14

Summary by CodeRabbit

• Chores
  • Updated package manager to the latest version (1.3.14).
  • Adjusted installation configuration for improved dependency management.

[github-actions]

Thank you for following the naming conventions! 🙏

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates the Bun package manager version from 1.2.4 to 1.3.14 and introduces installation policies that enforce a 2-day minimum release age for packages while excluding specific framework and service namespaces from that constraint.

Changes

Bun tooling configuration

Layer / File(s)	Summary
Package manager version bump package.json	Bun package manager pinned to version 1.3.14 instead of 1.2.4.
Package installation filters bunfig.toml	Install configuration adds minimumReleaseAge constraint (172800 seconds) and excludes Nuxt, Vercel, and @ai-sdk packages from that age check.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides detailed context explaining the changes, rationale, and test plan, but the required PR template sections (checklist items) are incomplete.	Complete the checklist by checking whether an issue was linked and whether documentation was updated, as these are standard requirements in the template.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title accurately summarizes both main changes: bumping Bun to v1.3 and adding minimumReleaseAge configuration.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/min-release-age

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}