Update pnpm to 11.1.1, security settings and fix CI (#10831)

* Set minimumReleaseAge: 1440

* Use standalone mode to update to pnpm@11.1.1

* Correct case for pnpm

* Fix overrides when matching graphql version, revert new package

Author: eddeee888

.github/workflows/main.yml

@@ -30,14 +30,23 @@ jobs:
     name: 🧹 Prettier Check
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout Master
+      - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - name: Setup env
-        uses: the-guild-org/shared-config/setup@f4eea983237a44bb0ca19c3348dacbfdfcdbec23 # main
+      - name: Install pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+        with:
+          standalone: true
+          cache: true
+      - name: Install Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          packageManager: pnpm
+          node-version: 24
+      - name: Install packages
+        run: pnpm install
+
       - name: Prettier Check
         run: pnpm prettier:check
+
   dev-tests-old:
     name: Validating dev-tests
     runs-on: ubuntu-latest
@@ -49,10 +58,18 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - name: Setup env
-        uses: the-guild-org/shared-config/setup@f4eea983237a44bb0ca19c3348dacbfdfcdbec23 # main
+      - name: Install pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
         with:
-          packageManager: pnpm
+          standalone: true
+          cache: true
+      - name: Install Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version: 24
+      - name: Install packages
+        run: pnpm install
+
       - name: Build
         run: pnpm build
         env:
@@ -61,22 +78,28 @@ jobs:
         run: |
           pnpm run generate:examples:${{matrix.method}}
           git diff --exit-code -- dev-test/
+
   dev-tests:
     name: Examples - Normal
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - name: Setup env
-        uses: the-guild-org/shared-config/setup@f4eea983237a44bb0ca19c3348dacbfdfcdbec23 # main
+      - name: Install pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+        with:
+          standalone: true
+          cache: true
+      - name: Install Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          packageManager: pnpm
-      - name: Prepare Cypress
+          node-version: 24
+      - name: Install packages
+        # `side-effects-cache false` is set to avoid using pnpm cache for binary cache like Cypress'
         run: |
-          pnpm store prune
           pnpm config set side-effects-cache false --location project
-          pnpm rm -rf node_modules
           pnpm i
+
       - name: Build
         run: pnpm build
         env:
@@ -131,16 +154,25 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - name: Setup env
-        uses: the-guild-org/shared-config/setup@f4eea983237a44bb0ca19c3348dacbfdfcdbec23 # main
+      - name: Install pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+        with:
+          standalone: true
+          cache: true
+      - name: Install Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          packageManager: pnpm
+          node-version: 24
+      - name: Install packages
+        run: pnpm i
+
       - name: Build
         run: pnpm build
         env:
           CI: true
       - name: Test ESM & CJS integrity
         run: pnpm bob check
+
   test:
     name:
       Unit Test on Node ${{matrix.node_version}} (${{matrix.os}}) and GraphQL
@@ -162,15 +194,22 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - name: Setup env
-        uses: the-guild-org/shared-config/setup@f4eea983237a44bb0ca19c3348dacbfdfcdbec23 # main
+      - name: Install pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
         with:
-          nodeVersion: ${{matrix.node_version}}
-          packageManager: pnpm
+          standalone: true
+          cache: true
+      - name: Install Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version: ${{matrix.node_version}}
+      - name: Install Dependencies to match graphql version
+        run: pnpm i
       - name: Use GraphQL v${{matrix.graphql_version}}
         run: node ./scripts/match-graphql.js ${{matrix.graphql_version}}
       - name: Install Dependencies
-        run: pnpm i --no-frozen-lockfile
+        run: pnpm i --no-frozen-lockfile # no frozen-lockfile because `graphql` version is changed
+
       - name: Build
         run: pnpm build
       - name: Test
@@ -200,15 +239,22 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - name: Setup env
-        uses: the-guild-org/shared-config/setup@f4eea983237a44bb0ca19c3348dacbfdfcdbec23 # main
+      - name: Install pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
         with:
-          nodeVersion: ${{matrix.node_version}}
-          packageManager: pnpm
+          standalone: true
+          cache: true
+      - name: Install Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version: ${{matrix.node_version}}
+      - name: Install Dependencies to match graphql version
+        run: pnpm i
       - name: Use GraphQL v${{matrix.graphql_version}}
         run: node ./scripts/match-graphql.js ${{matrix.graphql_version}}
       - name: Install Dependencies
-        run: pnpm i --no-frozen-lockfile
+        run: pnpm i --no-frozen-lockfile # no frozen-lockfile because `graphql` version is changed
+
       - name: Build
         run: pnpm build
       - name: Test

.github/workflows/release.yml

@@ -13,6 +13,7 @@ jobs:
     uses: the-guild-org/shared-config/.github/workflows/release-stable.yml@f4eea983237a44bb0ca19c3348dacbfdfcdbec23 # main
     with:
       releaseScript: release
+      packageManager: pnpm
     secrets:
       githubToken: ${{ secrets.GITHUB_TOKEN }}
       npmToken: ${{ secrets.NPM_TOKEN }}

.github/workflows/website-integrity.yml

@@ -18,10 +18,17 @@ jobs:
       - name: Fetch
         run: git fetch origin master
 
-      - name: Setup env
-        uses: the-guild-org/shared-config/setup@f4eea983237a44bb0ca19c3348dacbfdfcdbec23 # main
+      - name: Install pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
         with:
-          packageManager: pnpm
+          standalone: true
+          cache: true
+      - name: Install Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version: 24
+      - name: Install packages
+        run: pnpm install
 
       - name: Build Packages
         run: pnpm build

.github/workflows/website.yml

@@ -19,15 +19,21 @@ jobs:
       github.event.pull_request.head.repo.full_name == github.repository || github.event_name ==
       'push'
     steps:
-      - name: checkout
+      - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
-
-      - uses: the-guild-org/shared-config/setup@f4eea983237a44bb0ca19c3348dacbfdfcdbec23 # main
-        name: setup env
+      - name: Install pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+        with:
+          standalone: true
+          cache: true
+      - name: Install Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          packageManager: pnpm
+          node-version: 24
+      - name: Install packages
+        run: pnpm install
 
       - uses: the-guild-org/shared-config/website-cf@f4eea983237a44bb0ca19c3348dacbfdfcdbec23 # main
         name: build and deploy website

package.json

@@ -2,7 +2,7 @@
   "name": "graphql-code-generator",
   "version": "0.0.0",
   "private": true,
-  "packageManager": "pnpm@10.33.4",
+  "packageManager": "pnpm@11.1.1+sha512.d1fdf5f73c617b64fa1a56a81c3c8dfe0e966e33a6010aa256b517ae77be21d93e05affc0de1a83b0e4f29d569f68b446ae8f068cd7247c0bb3df0fb4d7bdf9a",
   "engines": {
     "node": ">= 16.0.0"
   },
@@ -67,7 +67,8 @@
     "graphql": "16.14.0",
     "husky": "9.1.7",
     "jest-diff": "30.4.1",
-    "lint-staged": "17.0.5",
+    "js-yaml": "4.1.1",
+    "lint-staged": "17.0.4",
     "memfs": "4.57.2",
     "patch-package": "8.0.1",
     "prettier": "3.8.3",

pnpm-lock.yaml

@@ -1,3 +1,5 @@
+minimumReleaseAge: 1440 # in minutes. 1440 minutes === 1 day
+
 packages:
   - packages/*
   - packages/plugins/typescript/*