chore: migrate pnpm settings to pnpm-workspace.yaml and bump to pnpm 11#4623
Conversation
pnpm 11 no longer reads the "pnpm" field in package.json. Move onlyBuiltDependencies, patchedDependencies, and overrides into each pnpm-workspace.yaml (api/spec and api/client/javascript) and bump the packageManager pins to pnpm@11.1.2. Without this, a fresh pnpm 11 install silently drops the TypeSpec/openapi-typescript patches and version overrides.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughThis PR bumps the pnpm packageManager pin in Changespnpm Workspace Config Migration
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Greptile SummaryThis PR updates the pnpm setup for the TypeSpec and JavaScript client workspaces.
Confidence Score: 5/5This looks safe to merge.
Important Files Changed
Reviews (2): Last reviewed commit: "chore: use pnpm 11 allowBuilds instead o..." | Re-trigger Greptile |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@api/spec/pnpm-workspace.yaml`:
- Around line 11-12: The workspace config is using the deprecated
onlyBuiltDependencies approval list, so pnpm 11 will ignore it. Update the
pnpm-workspace.yaml entry to use allowBuilds instead, keeping the same package
identifier (`@typespec/http-client-python`) under the new key so build approval
still applies.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: c9ff54f0-f10c-42b0-a324-c6c6831635ed
⛔ Files ignored due to path filters (3)
api/client/javascript/package.jsonis excluded by!api/client/**api/client/javascript/pnpm-workspace.yamlis excluded by!api/client/**api/spec/pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (2)
api/spec/package.jsonapi/spec/pnpm-workspace.yaml
pnpm 11 replaces onlyBuiltDependencies with an explicit allowBuilds allow/deny map and errors on ignored build scripts by default (ERR_PNPM_IGNORED_BUILDS), breaking `pnpm --frozen-lockfile install` in CI code generation. - api/client/javascript: allow esbuild; drop unrs-resolver, which is not present in this workspace's dependency tree. - api/spec: preserve the prior allowlist by allowing @typespec/http-client-python and explicitly denying core-js, esbuild, and protobufjs so their postinstall scripts do not start running.
What
pnpm 11 no longer reads the
pnpmfield inpackage.json(it warns and ignoresonlyBuiltDependencies,patchedDependencies, andoverrides). This moves those settings into eachpnpm-workspace.yamland bumps thepackageManagerpins topnpm@11.1.2.Affected workspace roots:
api/specapi/client/javascriptWhy
Without the migration, a fresh
pnpm installunder pnpm 11 silently drops the TypeSpec compiler/emitter patches, theopenapi-typescriptpatch, and thesemver/viteversion overrides — changing generated output and dependency resolution without any error.Verification
pnpm install --lockfile-onlyin both roots: exit 0, no deprecation warning, running pnpm v11.1.2.pnpm-lock.yamlfiles retain theirpatchedDependenciesandoverridessections, confirming the patches remain applied.api/spec/pnpm-lock.yamlreformatted to the pnpm 11 lockfile layout (patches stored as inline content hashes instead ofpath:sub-maps);api/client/javascript/pnpm-lock.yamlwas already in that format and is unchanged.Notes
api/spec/packages/*still pinpackageManager: pnpm@10.28.0. They are workspace members (not roots), did not trigger warnings, and are left untouched here.Summary by CodeRabbit