feat: Upgrade pnpm to 11.5 and Node to use 24.16#896
Conversation
🦋 Changeset detectedLatest commit: cda26eb The changes in this PR will be included in the next version bump. This PR includes changesets to release 24 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
📝 WalkthroughWalkthroughNode.js, pnpm, and tsx are upgraded across all project configurations and generated examples. Environment variables in command execution and e2e test runners disable pnpm's ChangesToolchain Upgrades and Build Configuration
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
Deploying baseplate-storybook with
|
| Latest commit: |
d55cb5f
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://694446aa.baseplate-storybook.pages.dev |
| Branch Preview URL: | https://kingston-eng-1163-upgrade-pn.baseplate-storybook.pages.dev |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.changeset/disable-strict-dep-builds-install.md:
- Around line 6-8: Update the release-note sentence in the changelog
description: change the phrase "so generation and e2e `pnpm install` do not
fail" to use singular agreement (e.g., "so generation and e2e `pnpm install`
does not fail" or rephrase to "so generation and e2e installs do not fail") in
the line beginning with "Disable pnpm strictDepBuilds for Baseplate-run
installs..." to correct grammar.
In `@pnpm-workspace.yaml`:
- Around line 57-63: Remove the legacy ignoredBuiltDependencies block from
pnpm-workspace.yaml since pnpm v11 uses allowBuilds; locate the existing
ignoredBuiltDependencies key and its entries (the legacy block referenced
alongside the new allowBuilds) and delete that entire block so only the
allowBuilds configuration remains, ensuring there are no duplicate or stale
build-dependency settings left.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 36379221-9f18-442b-a5be-137096b76923
⛔ Files ignored due to path filters (12)
examples/blog-with-auth/apps/admin/baseplate/generated/package.jsonis excluded by!**/generated/**,!**/generated/**examples/blog-with-auth/apps/backend/baseplate/generated/package.jsonis excluded by!**/generated/**,!**/generated/**examples/blog-with-auth/baseplate/generated/package.jsonis excluded by!**/generated/**,!**/generated/**examples/blog-with-auth/libs/transactional/baseplate/generated/package.jsonis excluded by!**/generated/**,!**/generated/**examples/blog-with-auth/pnpm-lock.yamlis excluded by!**/pnpm-lock.yamlexamples/todo-with-better-auth/apps/admin/baseplate/generated/package.jsonis excluded by!**/generated/**,!**/generated/**examples/todo-with-better-auth/apps/backend/baseplate/generated/package.jsonis excluded by!**/generated/**,!**/generated/**examples/todo-with-better-auth/apps/web/baseplate/generated/package.jsonis excluded by!**/generated/**,!**/generated/**examples/todo-with-better-auth/baseplate/generated/package.jsonis excluded by!**/generated/**,!**/generated/**examples/todo-with-better-auth/libs/transactional/baseplate/generated/package.jsonis excluded by!**/generated/**,!**/generated/**examples/todo-with-better-auth/pnpm-lock.yamlis excluded by!**/pnpm-lock.yamlpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (25)
.changeset/disable-strict-dep-builds-install.md.changeset/upgrade-pnpm-node.md.changeset/upgrade-tsx.md.node-version.nvmrcexamples/blog-with-auth/Dockerfileexamples/blog-with-auth/apps/admin/package.jsonexamples/blog-with-auth/apps/backend/package.jsonexamples/blog-with-auth/libs/transactional/package.jsonexamples/blog-with-auth/package.jsonexamples/todo-with-better-auth/CLAUDE.mdexamples/todo-with-better-auth/Dockerfileexamples/todo-with-better-auth/apps/admin/package.jsonexamples/todo-with-better-auth/apps/backend/package.jsonexamples/todo-with-better-auth/apps/web/package.jsonexamples/todo-with-better-auth/libs/transactional/package.jsonexamples/todo-with-better-auth/package.jsonmise.tomlpackage.jsonpackages/core-generators/src/constants/node.tspackages/fastify-generators/src/constants/fastify-packages.tspackages/project-builder-dev/src/e2e-runner/environment.tspackages/project-builder-web/src/routes/data/models/edit.$key/-components/authorizer/authorizer-expression-autocomplete.unit.test.tspackages/sync/src/utils/exec.tspnpm-workspace.yaml
| Disable pnpm strictDepBuilds for Baseplate-run installs so generation and e2e | ||
| `pnpm install` do not fail on unreviewed dependency build scripts in freshly | ||
| generated projects |
There was a problem hiding this comment.
Fix release-note grammar in the description.
Line 7 should use singular agreement: "pnpm install does not fail" (or "installs do not fail") for clarity in published changelog text.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.changeset/disable-strict-dep-builds-install.md around lines 6 - 8, Update
the release-note sentence in the changelog description: change the phrase "so
generation and e2e `pnpm install` do not fail" to use singular agreement (e.g.,
"so generation and e2e `pnpm install` does not fail" or rephrase to "so
generation and e2e installs do not fail") in the line beginning with "Disable
pnpm strictDepBuilds for Baseplate-run installs..." to correct grammar.
| allowBuilds: | ||
| '@prisma/engines': false | ||
| cpu-features: false | ||
| esbuild: false | ||
| protobufjs: false | ||
| ssh2: false | ||
| unrs-resolver: false |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
In pnpm 11.x settings docs, is ignoredBuiltDependenciesremoved and replaced byallowBuilds? Please cite the exact migration note.
💡 Result:
Yes, in pnpm 11.x, the ignoredBuiltDependencies setting has been removed and replaced by the allowBuilds setting [1][2][3]. The pnpm 11.0 release notes explicitly state the following regarding this migration: "allowBuilds replaces the legacy build-dependency settings. onlyBuiltDependencies, onlyBuiltDependenciesFile, neverBuiltDependencies, ignoredBuiltDependencies, and ignoreDepScripts are gone." [3] Further, the official migration documentation provides this note: "Consolidates build-dependency settings into allowBuilds. onlyBuiltDependencies, neverBuiltDependencies, ignoredBuiltDependencies, and onlyBuiltDependenciesFile are merged into a single allowBuilds map ({ name: true | false })." [1] The new allowBuilds setting uses a map where the key is the package name (or pattern) and the value is a boolean (true to allow, false to disallow) [2][3]. To assist with this transition, pnpm provides a codemod command, which can be run via pnpx codemod run pnpm-v10-to-v11 [2].
Citations:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Show the relevant section of pnpm-workspace.yaml around the referenced lines
if [ -f pnpm-workspace.yaml ]; then
echo "=== pnpm-workspace.yaml (lines 20-80) ==="
nl -ba pnpm-workspace.yaml | sed -n '20,80p'
else
echo "pnpm-workspace.yaml not found in repo root"
ls -la
fiRepository: halfdomelabs/baseplate
Length of output: 169
🏁 Script executed:
#!/bin/bash
set -euo pipefail
if [ -f pnpm-workspace.yaml ]; then
echo "=== pnpm-workspace.yaml (lines 20-80) ==="
awk 'NR>=20 && NR<=80 {printf "%5d %s\n", NR, $0}' pnpm-workspace.yaml
else
echo "pnpm-workspace.yaml not found in repo root"
ls -la
fi
echo "=== Search for ignoredBuiltDependencies and allowBuilds ==="
rg -n "ignoredBuiltDependencies|allowBuilds" pnpm-workspace.yaml || trueRepository: halfdomelabs/baseplate
Length of output: 1230
Remove legacy ignoredBuiltDependencies when migrating to pnpm v11 allowBuilds.
pnpm-workspace.yaml still contains ignoredBuiltDependencies (lines 31-38) alongside the new allowBuilds (lines 57-63). In pnpm 11.x, allowBuilds replaces the legacy build-dependency settings—“ignoredBuiltDependencies … are gone”—so keeping the old key leaves stale/invalid configuration.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@pnpm-workspace.yaml` around lines 57 - 63, Remove the legacy
ignoredBuiltDependencies block from pnpm-workspace.yaml since pnpm v11 uses
allowBuilds; locate the existing ignoredBuiltDependencies key and its entries
(the legacy block referenced alongside the new allowBuilds) and delete that
entire block so only the allowBuilds configuration remains, ensuring there are
no duplicate or stale build-dependency settings left.
Summary by CodeRabbit