chore(desktop): add runtime updater dependencies

[cline-cloud]

Split from #440.

This PR contains only the dependency/lockfile changes needed by the runtime updater follow-up:

• pacote + @types/pacote
• semver + @types/semver

Separated because the desktop package-lock diff is large and much easier to review alone.

[greptile-apps]

Greptile Summary

This PR adds pacote and @types/pacote to the desktop package's dependencies in preparation for a runtime updater feature, split out from #440 to isolate the large lockfile diff.

• pacote@^21.5.0 is added as a runtime dependency and @types/pacote@^11.1.8 as a dev dependency; semver/@types/semver were already present and are unchanged.
• The lockfile grows by ~936 lines to capture pacote's transitive npm-ecosystem dependencies (e.g., @npmcli/*, @gar/promise-retry, minipass, etc.).
• @isaacs/fs-minipass loses its \"dev\": true flag in the lockfile since pacote now requires it at runtime as well.

Confidence Score: 5/5

Safe to merge — this is a pure dependency addition with no logic changes.

The change only touches package.json and its lockfile. The transitive dependency tree introduced by pacote is standard npm-ecosystem tooling with integrity hashes present for every new entry. No existing package versions are downgraded or replaced.

No files require special attention beyond the already-reviewed @types/pacote version alignment question.

Important Files Changed

Filename	Overview
packages/desktop/package.json	Adds pacote@^21.5.0 as a runtime dependency and @types/pacote@^11.1.8 as a dev dependency alongside the pre-existing semver/@types/semver pair; @types/semver was already present.
packages/desktop/package-lock.json	Lockfile updated to reflect pacote's transitive dependency tree (~936 new lines); @isaacs/fs-minipass loses its dev: true flag as it is now also needed at runtime.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["packages/desktop"] -->|runtime dep| B["pacote@^21.5.0"]
    A -->|devDep| C["@types/pacote@^11.1.8"]
    A -->|runtime dep – pre-existing| D["semver@^7.6.3"]
    A -->|devDep – pre-existing| E["@types/semver@^7.5.8"]

    B --> F["@npmcli/agent"]
    B --> G["@npmcli/fs"]
    B --> H["@npmcli/git"]
    B --> I["@npmcli/promise-spawn"]
    B --> J["@isaacs/fs-minipass\n(dev → runtime)"]
    B --> K["minipass-pipeline\nminipass-fetch\n… (other transitive deps)"]

Loading

_{Reviews (2): Last reviewed commit: "chore(desktop): add runtime updater depe..." | Re-trigger Greptile}

[greptile-apps]

@types/pacote version lags runtime by 10 major versions

@types/pacote@^11.1.8 describes the pacote v11 API, while the runtime dependency is pacote@^21.5.0. Over 10 major versions the public API has changed (different option shapes, removed exports, etc.), so the TypeScript compiler will validate call sites against stale types. Any new API introduced between v11 and v21 will be untyped, and any breaking change will be silently accepted by the type checker, allowing real runtime errors to bypass type checks. Consider checking whether the upstream DefinitelyTyped types have been updated, or whether pacote 21.x ships its own first-party .d.ts declarations that should be used instead.

Prompt To Fix With AI

This is a comment left during a code review.
Path: packages/desktop/package.json
Line: 26

Comment:
**`@types/pacote` version lags runtime by 10 major versions**

`@types/pacote@^11.1.8` describes the pacote v11 API, while the runtime dependency is `pacote@^21.5.0`. Over 10 major versions the public API has changed (different option shapes, removed exports, etc.), so the TypeScript compiler will validate call sites against stale types. Any new API introduced between v11 and v21 will be untyped, and any breaking change will be silently accepted by the type checker, allowing real runtime errors to bypass type checks. Consider checking whether the upstream DefinitelyTyped types have been updated, or whether pacote 21.x ships its own first-party `.d.ts` declarations that should be used instead.

How can I resolve this? If you propose a fix, please make it concise.