[FEATURE REQUEST] Only update packages that are at least X days old to improve security and mitigate supply chain risk

[SublimePeace]

Please confirm these before moving forward.

• I have searched for my feature proposal and have not found a work-in-progress/duplicate/resolved/discarded issue.
• This proposal is a completely new feature. If you want to suggest an improvement or an enhancement, please use this template.

Describe the new feature

With supply chain attacks increasing in both frequency and severity, I think it makes sense to implement a feature that would allow users to only update packages to their latest version only if that latest version is at least X amount of days old. This is in line with security best practices.

While loosely related, the currently available options are not fit for this purpose, neither the "pause updates for package for X duration" or the global package update preference "Check for updates every:".

Describe how this new feature could help users

mitigates supply chain risk

[GabrielDuf]

Good idea
this aligns well with improving update safety, especially given the rise in supply chain attacks. The existing options don’t really cover this use case, so having a configurable delay based on package age makes sense. We’ll look into adding this.