INTER-2298 chore: upgrade pnpm to 11.9.0#259
Conversation
Migrate config from .npmrc into pnpm-workspace.yaml per pnpm 11 requirements.
|
Coverage report
Show files with reduced coverage 🔻
Test suite run success83 tests passing in 24 suites. Report generated by 🧪jest coverage report action from 6de6486 Show full coverage report
|
pnpm 11 no longer exposes transitive package bins or ESM imports to the workspace root, which broke `pnpm lint` in CI.
Avoid repeating eslint and typescript-eslint in every repo that uses @fingerprintjs/eslint-config-dx-team under pnpm 11.
pnpm 11 requires Node.js 22+, but the SDK still smoke-tests on 18–21.
There was a problem hiding this comment.
Pull request overview
Updates the repository’s tooling and CI to support pnpm v11 while keeping runtime smoke tests covering Node 18+.
Changes:
- Bump the repo’s pinned package manager to
pnpm@11.9.0and refresh the lockfile accordingly. - Move prior
.npmrcsettings intopnpm-workspace.yaml, add pnpm v11 build approval foresbuild, and hoist ESLint-related tooling to keeppnpm lintworking under pnpm’s isolated layout. - Update the functional tests workflow to install dependencies on Node 22 (required by pnpm 11), then switch to the matrix Node version to run the smoke test via
node.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
pnpm-workspace.yaml |
Adds pnpm v11-related workspace settings (build approvals + hoisting + previous npmrc options). |
pnpm-lock.yaml |
Lockfile updates consistent with pnpm upgrade / dependency graph changes. |
package.json |
Pins packageManager to pnpm@11.9.0. |
contributing.md |
Updates documented pnpm prerequisite to match the pinned version. |
.npmrc |
Removes settings that are being relocated per pnpm v11 configuration approach. |
.github/workflows/functional_tests.yml |
Installs deps on Node 22 for pnpm 11 compatibility, then runs smoke tests on the matrix Node version. |
Files not reviewed (1)
- pnpm-lock.yaml: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
verbose is npm-specific; pnpm accepts debug, info, warn, or error.
- actions/checkout v4 -> v7, actions/setup-node v4 -> v6, actions/download-artifact v4 -> v8 - pnpm/action-setup pinned to v6.0.9 commit SHA - add Node 24 to the functional-test Node matrix
- typescript 5.4 -> 6.0 (capped below 7: typescript-eslint, typedoc and rollup-plugin-dts have no TS 7 support yet) - @types/node pinned to ^18 to match the >=18.17.0 engines floor - vitest & @vitest/coverage-v8 3 -> 4, lint-staged 15 -> 17, rimraf 5 -> 6, typedoc 0.27 -> 0.28, @commitlint/cli 19 -> 21, @changesets/cli, rollup, @rollup/plugin-typescript, rollup-plugin-dts, rollup-plugin-license, tslib, yaml, commitizen and dotenv (example + functional-tests) to latest - husky 9.1: prepare script 'husky install' -> 'husky'; drop deprecated hook preamble - drop tsx: run generate.mts via native Node type stripping - add corepack packageManager integrity hash - tsconfig: ignoreDeprecations '6.0' + explicit types:[node] required by TS 6 - test:dts: adapt tsc flags for TS 6; unit tests: toThrowError -> toThrow (vitest 4)
pnpm/action-setup v6 errors when both a 'version' input and a packageManager field specify pnpm. Let the corepack packageManager field be the single source of truth.
…attern Upgrade @fingerprintjs/eslint-config-dx-team to ^3.0.0, which now declares eslint, typescript-eslint and prettier as peer dependencies. Declare those peers explicitly as devDependencies and drop the publicHoistPattern hack. Add a temporary minimumReleaseAgeExclude for eslint-config-dx-team@3.0.0 so CI can install it before it ages past pnpm's default minimum-release-age window.
|
cc @ilfa Resolved dependencies issue by upgrading to latest dx-toolkit-eslint-configt and defining peer deps explicitly, can you please approve again? Thanks a lot! |
Resolve package.json/pnpm-lock.yaml conflicts: keep dep bumps from care/update-deps, adopt base's eslint stack (eslint ^10, typescript-eslint ^8, eslint-config-dx-team ^3.0.0), drop tsx. Regenerated lockfile; typescript-eslint@8.63 resolves cleanly against typescript@6.0.3.
husky v9 runs hooks via `sh -e`, ignoring the shebang. The bash-only `[[ =~ ]]` matcher silently failed under a POSIX sh (dash on Linux/CI), disabling the main-branch push guard. Replace it with a POSIX `case`.
INTER-2303 chore(deps): update all dependencies to latest supported versions
🚀 Following releases will be created using changesets from this PR:@fingerprint/node-sdk@7.5.0Minor Changes
Patch Changes |
pnpm@11.9.0.npmrcsettings intopnpm-workspace.yaml; delete.npmrc(pnpm 11 only reads auth/registry there)allowBuilds.esbuild: true— pnpm 11 requires explicit build approval@fingerprintjs/eslint-config-dx-teamto^3.0.0and declare itseslint/typescript-eslint/prettierpeers as explicitdevDependencies— no phantom deps, no hoist hackTransitive eslint deps: peer deps, not publicHoistPattern
pnpm lintfailed witheslint: not found— those tools only came in via@fingerprintjs/eslint-config-dx-teampublicHoistPatterninpnpm-workspace.yaml(reusable across repos, but reintroduces phantom deps)@fingerprintjs/eslint-config-dx-team@3.0.0now declareseslint/typescript-eslint/prettieras peer dependencies, so each repo declares them explicitly as dev deps (idiomatic, no phantom deps).publicHoistPatternis dropped.eslint@10.4.1,typescript-eslint@8.62.1) — same tools, now directminimumReleaseAgeExclude is temporary
@fingerprintjs/eslint-config-dx-team@3.0.0was published within pnpm 11's default minimum-release-age window, so a frozen-lockfile install rejects it. Added a temporaryminimumReleaseAgeExcludeentry to unblock CI — remove it once the version has aged out.Discussion point: smoke tests on Node 18–21
pnpm installfailed on Node 18–21node smokeTests.mjsonlyTest plan
pnpm install --frozen-lockfilepnpm lint,pnpm build,pnpm test