Skip to content

Commit 443f631

Browse files
authored
Update pnpm version and use frozen lockfile (#181)
Update pnpm to v10.33.0 and enable `--frozen-lockfile` for dependency installations in CI workflows and local commands. This ensures reproducible builds and faster installs by skipping integrity checks. Also update npm to v11.11.1 and adjust workspace settings for pnpm.
1 parent 110e252 commit 443f631

7 files changed

Lines changed: 25 additions & 10 deletions

File tree

.github/workflows/eval.yaml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,11 +28,14 @@ jobs:
2828
with:
2929
node-version: 22
3030

31-
- uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
31+
- name: Setup pnpm
32+
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
33+
with:
34+
version: 10.33.0
3235

3336
- name: Install Dependencies
3437
id: install
35-
run: pnpm install
38+
run: pnpm install --frozen-lockfile
3639

3740
- name: Build packages
3841
id: build

.github/workflows/js.yaml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,11 @@ jobs:
2929
uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1
3030
with:
3131
node-version: ${{ matrix.node-version }}
32-
- uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
33-
- run: pnpm install
32+
- name: Setup pnpm
33+
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
34+
with:
35+
version: 10.33.0
36+
- run: pnpm install --frozen-lockfile
3437
- run: pnpm run test
3538
env:
3639
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

CLAUDE.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,9 @@ Autoevals is a dual-language library (TypeScript + Python) for evaluating AI mod
1111
### TypeScript (in root directory)
1212

1313
```bash
14-
pnpm install # Install dependencies
15-
pnpm run build # Build JS (outputs to jsdist/)
16-
pnpm run test # Run all JS tests with vitest
14+
pnpm install --frozen-lockfile # Install dependencies
15+
pnpm run build # Build JS (outputs to jsdist/)
16+
pnpm run test # Run all JS tests with vitest
1717
pnpm run test -- js/llm.test.ts # Run single test file
1818
pnpm run test -- -t "test name" # Run specific test by name
1919
```

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,4 +41,4 @@ test-py:
4141
source env.sh && python3 -m pytest
4242

4343
test-js:
44-
pnpm install && pnpm run test
44+
pnpm install --frozen-lockfile && pnpm run test

mise.toml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,5 @@ _.python.venv = { path = "venv", create = true, uv_create_args = ['--seed']}
99
_.file = ".env"
1010

1111
[tools]
12-
pnpm = "10.26.2"
12+
pnpm = "10.33.0"
13+
npm = "11.11.1"

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,5 +55,5 @@
5555
"zod": "^3.25.76",
5656
"zod-to-json-schema": "^3.24.6"
5757
},
58-
"packageManager": "pnpm@10.26.2"
58+
"packageManager": "pnpm@10.33.0"
5959
}

pnpm-workspace.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,11 @@ ignoredBuiltDependencies:
66
- duckdb
77
- esbuild
88
- msw
9+
10+
strictDepBuilds: true
11+
blockExoticSubdeps: true
12+
trustPolicy: no-downgrade
13+
# Ignore the check for packages published more than 30 days ago (pnpm 10.27+)
14+
# Useful for older packages that pre-date provenance support
15+
trustPolicyIgnoreAfter: 43200 # minutes (30 days)
16+
minimumReleaseAge: 20160 # 2 weeks (in minutes)

0 commit comments

Comments
 (0)