ci: upgrade pnpm to v11#17114
Open
denolfe wants to merge 8 commits into
Open
Conversation
Contributor
📦 esbuild Bundle Analysis for payloadThis analysis was generated by esbuild-bundle-analyzer. 🤖 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
Upgrade the monorepo's package manager from pnpm 10.27.0 to 11.9.0.
pnpm v11 no longer reads the
pnpmfield frompackage.json(it is silently ignored), so configuration that lived there moves topnpm-workspace.yaml.Key Changes
Bump pnpm to 11.9.0
Updates
packageManager,.tool-versions(which drives the CI pnpm version), and the documented version inCLAUDE.md.Move root pnpm config to
pnpm-workspace.yamloverridesandonlyBuiltDependenciesmove out of the now-ignoredpackage.json#pnpmfield.onlyBuiltDependenciesbecomes theallowBuildsmap that replaces it in v11; overrides carry over with the same values.Move test-suite pnpm config
The standalone
test/package (installed with--ignore-workspace) keeps itsgraphqloverride in a newtest/pnpm-workspace.yaml, since its ownpackage.json#pnpmfield is also ignored under v11.Allow pnpm 11 in template engines
templates/blankandtemplates/websitepinnedengines.pnpmto^9 || ^10, which blocked v11 across the whole workspace. Widened to^9 || ^10 || ^11.Disable
verifyDepsBeforeRunpnpm v11 changed this setting's default to
install, which auto-reinstalls whennode_moduleslooks stale before anypnpm run/pnpm exec. The rootpreparescript nestspnpm turboinside the outer install's lifecycle, so that check deadlocks against the in-flight install and CI hangs until the runner sends SIGTERM. Set tofalseto restore v10 behavior (see pnpm/pnpm#8865).Design Decisions
pnpm v11's supply-chain defaults (
minimumReleaseAge,blockExoticSubdeps) are left on; the install succeeded without needing to relax them. The lockfile is unchanged because the migrated config resolves to identical versions.verifyDepsBeforeRun: falseis preferred over rewriting the nestedpnpmcalls out of the build scripts. Turbo runs each package'sbuildvia pnpm, and those scripts callpnpm build:types/pnpm build:swcin turn, so the nesting can't be removed without touching many packages — out of scope for a version bump.The
$-prefixed override syntax (e.g.$react) is kept as-is. It is deprecated in v11 in favor of catalogs but still works; the catalog migration is left as a follow-up, along with the template.npmrcsettings that v11 no longer reads.References / Links