Skip to content

feat: migrate to pnpm v11.0.0-rc.0#253

Merged
John-David Dalton (jdalton) merged 5 commits into
mainfrom
feat/pnpm-v11-rc
Apr 11, 2026
Merged

feat: migrate to pnpm v11.0.0-rc.0#253
John-David Dalton (jdalton) merged 5 commits into
mainfrom
feat/pnpm-v11-rc

Conversation

@jdalton
Copy link
Copy Markdown
Collaborator

@jdalton John-David Dalton (jdalton) commented Apr 11, 2026

Summary

  • Add pnpm to external-tools.json with SHA-256 checksums (6 platforms, same pattern as zizmor)
  • Update CI setup action for v11 tarball extraction (v10 shipped single executables, v11 ships tarballs)
  • Migrate .npmrc pnpm settings → pnpm-workspace.yaml (v11 only reads auth/registry from .npmrc)
  • Migrate package.json pnpm.overridespnpm-workspace.yaml overrides:
  • Migrate ignoredBuiltDependenciesallowBuilds (v11 strictDepBuilds default)
  • Remove stale iconv-lite@0.6.3 patch reference (file didn't exist)
  • Update packageManager to pnpm@11.0.0-rc.0
  • Regenerate lockfile (v9.0 format)

Breaking changes handled

  • .npmrcpnpm-workspace.yaml config split
  • pnpm field in package.json no longer read by v11
  • ignoredBuiltDependenciesallowBuilds mapping
  • Tarball-based binary distribution (v10 was single executable)

Test plan

  • pnpm install succeeds
  • pnpm run build succeeds
  • pnpm run test passes (2184 tests)
  • CI workflows pass with new setup action

@jdalton
feat: migrate to pnpm v11.0.0-rc.0
38e71d8 
- Add pnpm to external-tools.json with SHA-256 checksums for 6 platforms
- Update CI setup action for v11 tarball extraction (v10 was single binary)
- Migrate .npmrc pnpm settings → pnpm-workspace.yaml (v11 only reads auth/registry)
- Migrate package.json pnpm.overrides → pnpm-workspace.yaml overrides
- Migrate ignoredBuiltDependencies → allowBuilds (v11 strictDepBuilds)
- Remove stale iconv-lite patch reference from patchedDependencies
- Update packageManager to pnpm@11.0.0-rc.0
- Regenerate lockfile (v9.0 format)
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 11, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​typescript@​5.9.2 ⏵ 6.0.2100 +110090 +19990

View full report

@jdalton
fix: address review findings for pnpm v11 migration
2b06fa7 
- Use PowerShell Expand-Archive instead of unzip for Windows zip extraction
- Remove loglevel from pnpm-workspace.yaml (not a recognized v11 setting)
- Remove stale unrs-resolver from allowBuilds (not in dependency tree)
@jdalton
chore: bump .node-version to 25.9.0
85b3cc9
@jdalton
Merge remote-tracking branch 'origin/main' into feat/pnpm-v11-rc
718ab50
@jdalton
chore: regenerate lockfile after merge with main
a8722d6
@jdalton John-David Dalton (jdalton) merged commit 4a026eb into main Apr 11, 2026
10 of 22 checks passed
@jdalton John-David Dalton (jdalton) deleted the feat/pnpm-v11-rc branch April 11, 2026 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jdalton