Skip to content

INTER-2298 chore: upgrade pnpm to 11.9.0#259

Merged
JuroUhlar merged 15 commits into
mainfrom
chore-upgrade-pnpm
Jul 13, 2026
Merged

INTER-2298 chore: upgrade pnpm to 11.9.0#259
JuroUhlar merged 15 commits into
mainfrom
chore-upgrade-pnpm

Conversation

@JuroUhlar

@JuroUhlar JuroUhlar commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator
  • Bump to pnpm@11.9.0
  • Move .npmrc settings into pnpm-workspace.yaml; delete .npmrc (pnpm 11 only reads auth/registry there)
  • allowBuilds.esbuild: true — pnpm 11 requires explicit build approval
  • Upgrade @fingerprintjs/eslint-config-dx-team to ^3.0.0 and declare its eslint / typescript-eslint / prettier peers as explicit devDependencies — no phantom deps, no hoist hack
  • Functional tests: install deps on Node 22, then smoke-test on matrix Node 18–23

Transitive eslint deps: peer deps, not publicHoistPattern

  • pnpm 11 no longer exposes transitive packages like pnpm 9, so pnpm lint failed with eslint: not found — those tools only came in via @fingerprintjs/eslint-config-dx-team
  • Originally worked around with publicHoistPattern in pnpm-workspace.yaml (reusable across repos, but reintroduces phantom deps)
  • Instead, @fingerprintjs/eslint-config-dx-team@3.0.0 now declares eslint / typescript-eslint / prettier as peer dependencies, so each repo declares them explicitly as dev deps (idiomatic, no phantom deps). publicHoistPattern is dropped.
  • Resolved versions are unchanged (eslint@10.4.1, typescript-eslint@8.62.1) — same tools, now direct

minimumReleaseAgeExclude is temporary

@fingerprintjs/eslint-config-dx-team@3.0.0 was published within pnpm 11's default minimum-release-age window, so a frozen-lockfile install rejects it. Added a temporary minimumReleaseAgeExclude entry to unblock CI — remove it once the version has aged out.

Discussion point: smoke tests on Node 18–21

  • pnpm 11 requires Node 22+; SDK runtime still supports 18+
  • Matrix pnpm install failed on Node 18–21
  • Fix: install on Node 22 → switch to target version → run node smokeTests.mjs only

Test plan

  • pnpm install --frozen-lockfile
  • pnpm lint, pnpm build, pnpm test
  • Functional smoke tests on Node 18–23

Migrate config from .npmrc into pnpm-workspace.yaml per pnpm 11 requirements.
@changeset-bot

changeset-bot Bot commented Jul 3, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 6de6486

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Coverage report

St.
Category Percentage Covered / Total
🟢 Statements
98.15% (-0.25% 🔻)
159/162
🟢 Branches
96.84% (-0.78% 🔻)
92/95
🟢 Functions 100% 35/35
🟢 Lines
98.11% (-0.28% 🔻)
156/159
Show files with reduced coverage 🔻
St.
File Statements Branches Functions Lines
🟢
... / unsealError.ts
100%
50% (-50% 🔻)
100% 100%
🟢 serverApiClient.ts
96.15% (-0.9% 🔻)
97.22% (+1.48% 🔼)
100%
96.15% (-0.9% 🔻)

Test suite run success

83 tests passing in 24 suites.

Report generated by 🧪jest coverage report action from 6de6486

Show full coverage report
St File % Stmts % Branch % Funcs % Lines Uncovered Line #s
🟢 All files 98.14 96.84 100 98.11
🟢  src 98.43 98.66 100 98.41
🔴   ...edApiTypes.ts 0 0 0 0
🔴   index.ts 0 0 0 0
🟢   sealedResults.ts 100 100 100 100
🟢   ...rApiClient.ts 96.15 97.22 100 96.15 358,362
🟢   types.ts 100 100 100 100
🟢   urlUtils.ts 100 100 100 100
🟢   webhook.ts 100 100 100 100
🟢  src/errors 97.05 90 100 96.96
🟢   apiErrors.ts 100 100 100 100
🟢   ...orResponse.ts 100 100 100 100
🟢   toError.ts 87.5 88.88 100 87.5 21
🟢   unsealError.ts 100 50 100 100 10

JuroUhlar added 3 commits July 3, 2026 16:51
pnpm 11 no longer exposes transitive package bins or ESM imports to the
workspace root, which broke `pnpm lint` in CI.
Avoid repeating eslint and typescript-eslint in every repo that uses
@fingerprintjs/eslint-config-dx-team under pnpm 11.
pnpm 11 requires Node.js 22+, but the SDK still smoke-tests on 18–21.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s tooling and CI to support pnpm v11 while keeping runtime smoke tests covering Node 18+.

Changes:

  • Bump the repo’s pinned package manager to pnpm@11.9.0 and refresh the lockfile accordingly.
  • Move prior .npmrc settings into pnpm-workspace.yaml, add pnpm v11 build approval for esbuild, and hoist ESLint-related tooling to keep pnpm lint working under pnpm’s isolated layout.
  • Update the functional tests workflow to install dependencies on Node 22 (required by pnpm 11), then switch to the matrix Node version to run the smoke test via node.

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
pnpm-workspace.yaml Adds pnpm v11-related workspace settings (build approvals + hoisting + previous npmrc options).
pnpm-lock.yaml Lockfile updates consistent with pnpm upgrade / dependency graph changes.
package.json Pins packageManager to pnpm@11.9.0.
contributing.md Updates documented pnpm prerequisite to match the pinned version.
.npmrc Removes settings that are being relocated per pnpm v11 configuration approach.
.github/workflows/functional_tests.yml Installs deps on Node 22 for pnpm 11 compatibility, then runs smoke tests on the matrix Node version.
Files not reviewed (1)
  • pnpm-lock.yaml: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

verbose is npm-specific; pnpm accepts debug, info, warn, or error.
ilfa
ilfa previously approved these changes Jul 6, 2026
Base automatically changed from claude/upgrade-dx-toolkit-deps-q51eef to main July 8, 2026 12:23
@JuroUhlar JuroUhlar dismissed ilfa’s stale review July 8, 2026 12:23

The base branch was changed.

JuroUhlar added 7 commits July 9, 2026 15:28
- actions/checkout v4 -> v7, actions/setup-node v4 -> v6, actions/download-artifact v4 -> v8
- pnpm/action-setup pinned to v6.0.9 commit SHA
- add Node 24 to the functional-test Node matrix
- typescript 5.4 -> 6.0 (capped below 7: typescript-eslint, typedoc and
  rollup-plugin-dts have no TS 7 support yet)
- @types/node pinned to ^18 to match the >=18.17.0 engines floor
- vitest & @vitest/coverage-v8 3 -> 4, lint-staged 15 -> 17, rimraf 5 -> 6,
  typedoc 0.27 -> 0.28, @commitlint/cli 19 -> 21, @changesets/cli, rollup,
  @rollup/plugin-typescript, rollup-plugin-dts, rollup-plugin-license, tslib,
  yaml, commitizen and dotenv (example + functional-tests) to latest
- husky 9.1: prepare script 'husky install' -> 'husky'; drop deprecated hook preamble
- drop tsx: run generate.mts via native Node type stripping
- add corepack packageManager integrity hash
- tsconfig: ignoreDeprecations '6.0' + explicit types:[node] required by TS 6
- test:dts: adapt tsc flags for TS 6; unit tests: toThrowError -> toThrow (vitest 4)
pnpm/action-setup v6 errors when both a 'version' input and a
packageManager field specify pnpm. Let the corepack packageManager
field be the single source of truth.
…attern

Upgrade @fingerprintjs/eslint-config-dx-team to ^3.0.0, which now declares
eslint, typescript-eslint and prettier as peer dependencies. Declare those
peers explicitly as devDependencies and drop the publicHoistPattern hack.

Add a temporary minimumReleaseAgeExclude for eslint-config-dx-team@3.0.0 so CI
can install it before it ages past pnpm's default minimum-release-age window.
@JuroUhlar JuroUhlar requested a review from ilfa July 13, 2026 10:48
@JuroUhlar

Copy link
Copy Markdown
Collaborator Author

cc @ilfa Resolved dependencies issue by upgrading to latest dx-toolkit-eslint-configt and defining peer deps explicitly, can you please approve again? Thanks a lot!

Resolve package.json/pnpm-lock.yaml conflicts: keep dep bumps from
care/update-deps, adopt base's eslint stack (eslint ^10,
typescript-eslint ^8, eslint-config-dx-team ^3.0.0), drop tsx.
Regenerated lockfile; typescript-eslint@8.63 resolves cleanly against
typescript@6.0.3.
husky v9 runs hooks via `sh -e`, ignoring the shebang. The bash-only
`[[ =~ ]]` matcher silently failed under a POSIX sh (dash on Linux/CI),
disabling the main-branch push guard. Replace it with a POSIX `case`.
@JuroUhlar JuroUhlar changed the title chore: upgrade pnpm to 11.9.0 INTER-2298 chore: upgrade pnpm to 11.9.0 Jul 13, 2026
Orkuncakilkaya
Orkuncakilkaya previously approved these changes Jul 13, 2026
INTER-2303 chore(deps): update all dependencies to latest supported versions
@github-actions

Copy link
Copy Markdown
Contributor

🚀 Following releases will be created using changesets from this PR:

@fingerprint/node-sdk@7.5.0

Minor Changes

  • Separate Server API errors from other request errors and strongly type the error code.

    • Added ServerApiError (extends RequestError), thrown when the Server API returns a structured error response. It narrows errorCode to the strongly typed ErrorCode and exposes responseBody: ErrorResponse.
    • Exported the ErrorCode type (the union of error codes returned by the Fingerprint Server API).
    • TooManyRequestsError now extends ServerApiError.
    • RequestError remains the base class for request-level errors and is thrown directly for non–Server-API responses (for example, errors returned by an intermediate proxy). Its errorCode stays a free-form string (a best-effort placeholder derived from statusText), exactly as before.

    This is a backward-compatible change: structured Server API errors are now instances of ServerApiError (a subclass of RequestError). error instanceof RequestError checks keep working, and errorCode stays populated on every error. To get the strictly typed errorCode, narrow to ServerApiError (if (error instanceof ServerApiError) { error.errorCode }). (808c802)

Patch Changes

  • errors: Normalize caught values into real Error instances, so errors from unseal and JSON parsing always carry a genuine Error. (5764c11)
  • Throw a RequestError instead of a top-level SdkError when a Server API error response has a non-JSON body (e.g. an HTML error page from a proxy). (b16cb93)

@JuroUhlar JuroUhlar requested a review from Orkuncakilkaya July 13, 2026 11:49
@JuroUhlar JuroUhlar enabled auto-merge July 13, 2026 11:53
@JuroUhlar JuroUhlar merged commit afd9df6 into main Jul 13, 2026
19 checks passed
@JuroUhlar JuroUhlar deleted the chore-upgrade-pnpm branch July 13, 2026 11:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants