chore(fleet): adopt pnpm 11.0.0-rc.5 and bump socket-registry pins#1249
Merged
John-David Dalton (jdalton) merged 1 commit intomainfrom Apr 21, 2026
Merged
chore(fleet): adopt pnpm 11.0.0-rc.5 and bump socket-registry pins#1249John-David Dalton (jdalton) merged 1 commit intomainfrom
John-David Dalton (jdalton) merged 1 commit intomainfrom
Conversation
- packageManager: pnpm@11.0.0-rc.3 → pnpm@11.0.0-rc.5. - Add pmOnFail: error to pnpm-workspace.yaml so a pnpm version drift fails fast instead of silently auto-downloading via @pnpm/exe (whose rc.5 tarball leaves a placeholder launcher that errors at runtime). - Drop '@pnpm/exe': true from allowBuilds — no longer applicable now that pmOnFail: error prevents the self-download chain entirely. - Bump all SocketDev/socket-registry action/workflow pins to ebf1b48f (propagation SHA for the pnpm rc.5 cascade in socket-registry). Unifies every socket-registry pin in this repo under a single SHA; leaf-action pins (setup-git-signing, cleanup-git-signing) resolve to identical content since those actions haven't changed.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issue.
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit ebe0433. Configure here.
4 tasks
Bill Li (billxinli)
approved these changes
Apr 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
packageManagerfrompnpm@11.0.0-rc.3topnpm@11.0.0-rc.5.pmOnFail: errortopnpm-workspace.yamlso a pnpm version drift fails fast instead of silently auto-downloading via@pnpm/exe(whose rc.5 tarball leaves a placeholder launcher that errors at runtime — discovered during the socket-registry cascade that preceded this PR).'@pnpm/exe': truefromallowBuilds— no longer applicable now thatpmOnFail: errorprevents the self-download chain entirely.SocketDev/socket-registryaction/workflow pins toebf1b48f962ea4978d63f18d5ac711cab94d597f(propagation SHA for the pnpm rc.5 cascade in socket-registry). Unifies every socket-registry pin in this repo under a single SHA; leaf-action pins (setup-git-signing,cleanup-git-signing) resolve to identical content since those actions haven't changed.Part of fleet-wide alignment to pnpm 11.0.0-rc.5. Internal socket-registry cascade completed through
d7b5d15a. Direct-push fleet repos (sdxgen, stuie, ultrathink, socket-lib, socket-packageurl-js, socket-btm) already updated; PR repos (socket-sdk-js, socket-cli) require human approval.Test plan
pnpm installwith rc.5 reproduces the existing lockfile (no drift).Note
Medium Risk
Main risk is CI/install behavior changes: pnpm is bumped and
pmOnFail: errorwill now hard-fail on pnpm version drift, which could break local dev/CI if tooling isn’t aligned.Overview
Bumps the repo
packageManagertopnpm@11.0.0-rc.5.Updates
pnpm-workspace.yamlto fail fast on pnpm version drift viapmOnFail: errorand removes the now-unneeded@pnpm/exeallowance fromallowBuilds.Refreshes all
SocketDev/socket-registryaction pins in CI/publish/weekly-update workflows to a single newer SHA (ebf1b48f…).Reviewed by Cursor Bugbot for commit ebe0433. Configure here.