How to prevent pushing old library package to linked collection (match auto-download/deployment cleanup)?

I have a number of linked deployments set up with packages that nest library packages. For example, I would prefer the VLC package only install VLC If it's not running, instead of killing the program, so I do below as step 1, and install it as step 2 (along with some post-install steps).

%WINDIR%\System32\tasklist.exe | %WINDIR%\System32\findstr.exe /i vlc.exe
if %errorlevel% == 0 exit /B 1

That package has a schedule linked to a PDQ Inventory collection for out-of-date VLC. However I recently noticed that the majority of clients were still running an old version with a few vulnerabilities. That appears to be due to the update being recent and the package history for the package not having cleared yet. I was able to fix this by unchecking

Stop deployment to targets once they succeed

My concern with that is that the PDQ inventory VLC latest version variable will update almost immediately once a new version is released. But if I do not manually approve the VLC package for 7 days, it will keep trying to push the old version (even to computers that have it) on each trigger during that 7 day window. Is there a way to prevent that from happening? The only thing I can think is to set deployment cleanup to a smaller number (<= 7 days) and keeping the "stop deployment" setting checked, but those settings are global, so I'm not sure if that's the best way to handle it.

Has anyone run into the same thing and found a better way to handle it?