Skip to content

🔧 chore(deps): update pnpm pin#8

Merged
xdanger merged 1 commit intomainfrom
codex/dependency-sweep-20260507
May 7, 2026
Merged

🔧 chore(deps): update pnpm pin#8
xdanger merged 1 commit intomainfrom
codex/dependency-sweep-20260507

Conversation

@xdanger
Copy link
Copy Markdown
Member

@xdanger xdanger commented May 7, 2026

Summary

  • update the packageManager pin from pnpm 10.33.3 to pnpm 11.0.8
  • keep devDependencies unchanged because @eslint/js 10.0.1, autocorrect-node 2.14.0, eslint 10.3.0, globals 17.6.0, husky 9.1.7, lint-staged 17.0.2, prettier 3.8.3, and typescript-eslint 8.59.2 are already at latest
  • leave pnpm-lock.yaml unchanged after corepack use/install verification

Breaking-change risk

  • pnpm 10 -> 11 is a package-manager major bump; the repo engine already requires Node >=22.22.1, which satisfies pnpm 11.0.8's Node >=22.13 requirement
  • no migration was required locally: frozen install, outdated scan, and lint passed with pnpm 11.0.8

Verification

  • pnpm install --frozen-lockfile
  • pnpm outdated --format json
  • pnpm run lint

@xdanger
🔧 chore(deps): update pnpm pin
52d12e9 
- 🔧 move the package manager pin to the current registry release

- ✅ verify install and lint with the new pnpm version
@xdanger xdanger added the dependencies Pull requests that update a dependency file label May 7, 2026
@github-actions github-actions Bot requested a review from Copilot May 7, 2026 13:04
@xdanger xdanger review requested due to automatic review settings May 7, 2026 13:04
claude[bot]
claude Bot reviewed May 7, 2026
View reviewed changes
Comment thread package.json
@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented May 7, 2026
edited
Loading

Greptile Summary

此 PR 将 packageManagerpnpm@10.33.3 升级至 pnpm@11.0.8,Node.js 引擎要求(>=22.22.1)已满足 pnpm 11 的最低 Node.js 22 要求。

  • package.json 中的 packageManager 字段更新,SHA-512 hash(128 hex 字符)格式正确,devDependencies 保持不变。
  • pnpm-workspace.yaml 中的 onlyBuiltDependencies 设置未同步迁移:pnpm 11 已完全移除该字段并以 allowBuilds 替代,同时默认启用 strictDepBuilds: true,若不迁移可能导致 esbuild 安装脚本在 CI 中报错或被静默跳过。

Confidence Score: 3/5

package.json 的变更本身正确,但 pnpm-workspace.yaml 中使用的 onlyBuiltDependencies 在 pnpm 11 中已被移除,可能导致 esbuild 安装脚本在 CI 中报错或被跳过。

pnpm 11 完全移除了 onlyBuiltDependencies,而 pnpm-workspace.yaml 尚未迁移至 allowBuilds。在默认 strictDepBuilds: true 模式下,esbuild 的 postinstall 脚本未被声明时将报错,影响所有依赖 esbuild 原生二进制的子包构建。

pnpm-workspace.yaml 需要将 onlyBuiltDependencies 迁移为 allowBuilds,否则与 pnpm 11 不兼容。

Important Files Changed
Filename Overview
package.json 将 packageManager 从 pnpm@10.33.3 升级至 pnpm@11.0.8,SHA-512 hash 长度正确(128 hex 字符),Node.js >=22.22.1 满足 pnpm 11 的 >=22 要求
pnpm-workspace.yaml 未随 pnpm 11 升级同步迁移:onlyBuiltDependencies 已在 pnpm 11 中移除,需替换为 allowBuilds: esbuild: true

Flowchart

 
%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["corepack use pnpm@11.0.8"] --> B["读取 package.json\npackageManager 字段"]
    B --> C{"SHA-512 hash 验证"}
    C -- 通过 --> D["pnpm install --frozen-lockfile"]
    C -- 失败 --> E["❌ 安装中止"]
    D --> F{"读取 pnpm-workspace.yaml\nonlyBuiltDependencies"}
    F -- "pnpm 11: 字段已移除" --> G{"strictDepBuilds\n默认 true"}
    G -- "esbuild 不在 allowBuilds" --> H["❌ esbuild 安装脚本报错\n或被静默跳过"]
    G -- "迁移为 allowBuilds: esbuild: true" --> I["✅ esbuild 安装脚本正常运行"]
    D --> J["pnpm run lint\n✅ 通过"]
Loading

Comments Outside Diff (1)

  1. pnpm-workspace.yaml, line 1-2 (link)

    P1 pnpm 11 已移除 onlyBuiltDependencies

    pnpm 11 完全移除了 onlyBuiltDependenciesonlyBuiltDependenciesFileneverBuiltDependenciesignoredBuiltDependencies 等旧版构建依赖设置,并以 allowBuilds 替代。同时,pnpm 11 默认启用 strictDepBuilds: true,即所有依赖的安装脚本默认被禁止——若 esbuild 的 postinstall 脚本在安装时触发而未被 allowBuilds 声明,pnpm 11 将会报错。此 PR 仅更新了 package.json 中的 packageManager 字段,未同步迁移 pnpm-workspace.yaml,需将 onlyBuiltDependencies 替换为等效的 allowBuilds 配置。

    Fix in Codex Fix in Claude Code

Fix All in Codex Fix All in Claude Code

Reviews (1): Last reviewed commit: "🔧 chore(deps): update pnpm pin" | Re-trigger Greptile

@xdanger xdanger merged commit f1505eb into main May 7, 2026
5 checks passed
@xdanger xdanger deleted the codex/dependency-sweep-20260507 branch May 7, 2026 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xdanger