chore: bump pnpm to v11.1.2#9447
Merged
Merged
Conversation
✅ Deploy Preview for rolldown-rs canceled.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 55adc14f16
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3402c48238
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
pnpm v11 requires Node >=22.13, so the Node 20 CI matrix entries override packageManager to the latest pnpm 10 before setup-vp runs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
pnpm v11 only reads `overrides` from `pnpm-workspace.yaml`. Leaving them in `package.json` with a v11-generated lockfile caused pnpm 10 (Node 20 CI) to fail with ERR_PNPM_LOCKFILE_CONFIG_MISMATCH. Move overrides + the legacy `onlyBuiltDependencies` (kept alongside `allowBuilds` for pnpm 10 compat) to the workspace file and regenerate the lockfile. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Boshen
force-pushed
the
chore/bump-pnpm-v11
branch
from
3402c48 to
26598e5
Compare
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
IWANABETHATGUY
approved these changes
May 19, 2026
Merged
shulaoda
added a commit
that referenced
this pull request
May 20, 2026
## [1.0.2] - 2026-05-20 ### 🚀 Features - devtools: emit package size in PackageGraphReady (#9434) by @IWANABETHATGUY - devtools: classify package dependency types (#9427) by @IWANABETHATGUY - devtools: map packages to modules and chunks (#9426) by @IWANABETHATGUY - devtools: mark used packages (#9423) by @IWANABETHATGUY - devtools: make duplicate packages discoverable (#9422) by @IWANABETHATGUY - devtools: emit package metadata (#9421) by @IWANABETHATGUY - update oxc to 0.132.0 (#9449) by @shulaoda - update oxc to 0.131.0 (#9424) by @shulaoda - allow checks.* to escalate emissions to hard errors (#9388) by @IWANABETHATGUY - dev: support watcher options `include` and `exclude` (#9395) by @h-a-n-a - emit warnings for invalid pure annotations (#9381) by @Kyujenius ### 🐛 Bug Fixes - hash: keep chunk file names stable when an unrelated entry is added (#9444) by @hyf0 - call `codeSplitting.groups[].name` in deterministic order (#9457) by @sapphi-red - dev/lazy: make `resolve_id` idempotent when the resolved id is already a lazy entry (#9439) by @h-a-n-a - chunk-optimization: publish absorbed dynamic-entry namespace cross-chunk (#9448) by @IWANABETHATGUY - treeshake: propagate pure annotation through compound exprs (#9431) by @Dunqing - finalizer: skip redundant init call when barrel executes in same chunk (#9354) by @IWANABETHATGUY - linking: initialize wrapped ESM re-export owners (#9353) by @IWANABETHATGUY - do not inherit __toESM across chunks for named-only external imports (#9333) (#9415) by @IWANABETHATGUY - watcher: don't write output or emit events after close() (#9328) by @situ2001 - chunk-optimization: avoid unsafe dynamic-only merges (#9398) by @IWANABETHATGUY - cjs: rename CJS-wrapped locals that would shadow chunk-scope names (#9392) by @hyf0 - dev/lazy: watch lazy modules added in rebuilds (#9391) by @h-a-n-a ### 🚜 Refactor - rolldown_dev: move dev example to break publish cycle (#9465) by @Boshen - binding: drop unsafe napi string helper, hoist transform ArcStr (#9456) by @hyf0 - ecmascript_utils: split rewrite_ident_reference off JsxExt trait (#9417) by @IWANABETHATGUY - use `ThreadsafeFunction::call_async_catch` (#9390) by @sapphi-red ### 📚 Documentation - devtools: document @rolldown/debug usage and package graph consumption (#9435) by @IWANABETHATGUY - replace `Inter` with system font stack in OG template SVG (#9240) by @yvbopeng - remove `output.comments` warning as all issues have been resolved (#9393) by @sapphi-red - in-depth: clarify @__PURE__ scope and document positions (#9389) by @Kyujenius - readme: remove release candidate notice (#9387) by @shulaoda ### ⚡ Performance - vite-resolve: cache importer existence checks (#9443) by @Brooooooklyn - binding: reduce plugin string clones (#9436) by @Brooooooklyn ### 🧪 Testing - enable `legal_comments_inline` test (#9394) by @sapphi-red ### ⚙️ Miscellaneous Tasks - bump pnpm to v11.1.2 (#9447) by @Boshen - deps: update rust crates (#9461) by @renovate[bot] - deps: update rollup submodule for tests to v4.60.4 (#9453) by @rolldown-guard[bot] - deps: update test262 submodule for tests (#9454) by @rolldown-guard[bot] - deps: update npm packages (#9430) by @renovate[bot] - deps: update github actions (#9429) by @renovate[bot] - deps: update dependency rolldown-plugin-dts to v0.25.1 (#9452) by @renovate[bot] - deps: update rust crates (#9428) by @renovate[bot] - revert allow checks.* to escalate emissions to hard errors (#9388) (#9438) by @IWANABETHATGUY - update mimalloc-safe to 0.1.61 (#9413) by @shulaoda - deny `todo`, `unimplemented`, and `print_stderr` clippy lints (#9412) by @Boshen - deps: update mimalloc-safe to 0.1.60 (#9410) by @shulaoda - remove `pip install setuptools` workaround for node-gyp on macOS (#9370) by @sapphi-red - renovate: disable automerge to require manual approval (#9386) by @shulaoda - deps: update napi (#9385) by @renovate[bot] ### ❤️ New Contributors * @yvbopeng made their first contribution in [#9240](#9240) Co-authored-by: shulaoda <165626830+shulaoda@users.noreply.github.com>
shulaoda
added a commit
that referenced
this pull request
May 20, 2026
…atch bug (#9471) ## Summary - Adds `PNPM_FLAGS = "--no-frozen-lockfile"` to `docs/netlify.toml` `[build.environment]`. - Works around [pnpm/pnpm#10258](pnpm/pnpm#10258) — pnpm >=10.24 (incl. 11.x) spuriously throws `ERR_PNPM_LOCKFILE_CONFIG_MISMATCH` on Netlify under `--frozen-lockfile`, even when the workspace catalog and lockfile snapshot are byte-for-byte equivalent. ## Context #9447 bumped `packageManager` from `pnpm@10.23.0` → `pnpm@11.1.2` and removed the pin from #9364. pnpm 11.x carries the same buggy `allCatalogsAreUpToDate` check introduced in pnpm 10.24.0 ([pnpm/pnpm#10231](pnpm/pnpm#10231)), so Netlify deploys started failing again with the same false-positive catalog mismatch. I confirmed locally that `pnpm install --frozen-lockfile` on this commit with pnpm 11.1.2 + Node 24.12.0 succeeds clean — the bug only fires inside Netlify's build sandbox. The upstream issue is still open with no maintainer activity and this repo as the reproduction. ## Approach The failure occurs in Netlify's **pre-install stage** (before the project's build `command` runs), so any flag we put inside the build command is too late. Netlify forwards `PNPM_FLAGS` directly to that pre-install `pnpm install` invocation, so setting `PNPM_FLAGS = "--no-frozen-lockfile"` is enough to skip the buggy guard at the right step. Earlier attempts to disable frozen mode via `NPM_CONFIG_FROZEN_LOCKFILE` / `PNPM_CONFIG_FROZEN_LOCKFILE` and to pin the workspace root via `NPM_CONFIG_WORKSPACE_DIR` were dropped — they either weren't honored by pnpm 11 (the v11 migration changed which prefixes settings are read from) or didn't address the pre-install stage at all. `PNPM_FLAGS` is Netlify's intended hook for this and turns out to be the minimal fix. Scope is intentionally narrow: - Only the Netlify env gets the flag (via `docs/netlify.toml`, not `.npmrc`). - GitHub Actions CI keeps frozen-lockfile, so genuine drift is still caught upstream. - `packageManager` stays on pnpm 11.1.2 — no rollback of #9447. - The docs build `command` is unchanged; Netlify's own pre-install handles dependencies and the `--no-frozen-lockfile` flag rides along through `PNPM_FLAGS`. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: shulaoda <165626830+shulaoda@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
packageManagerfrompnpm@10.23.0topnpm@11.1.2(latest v11).reusable-node-test.ymlandreusable-node-dev-server-test.yml, pinpackageManagertopnpm@10.33.4for the Node 20 matrix entry, since pnpm v11 requires Node >=22.13.pnpm-lock.yamland migratedonlyBuiltDependenciestoallowBuildsinpnpm-workspace.yaml(pnpm 11 install side effects).🤖 Generated with Claude Code