Skip to content

fix(meta): downgrade pnpm to 10.8.1#7822

Merged
MattIPv4 merged 1 commit intomainfrom
MattIPv4/downgrade-pnpm
Jun 1, 2025
Merged

fix(meta): downgrade pnpm to 10.8.1#7822
MattIPv4 merged 1 commit intomainfrom
MattIPv4/downgrade-pnpm

Conversation

@MattIPv4
Copy link
Member

@MattIPv4 MattIPv4 commented Jun 1, 2025

Description

Dependabot is currently updating all dependencies in the lockfile in each PR it opens: e52dea5

This appears to be due to a bug in pnpm since 10.9.0, so this downgrades us to the last pnpm release prior to that.

Validation

Managing dependencies continues to work. We'll need to merge and then ask Dependabot to update its PRs to fully validate if this works.

Related Issues

pnpm/pnpm#9519

(As an aside, dependabot/dependabot-core#11246 + https://docs.github.com/en/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories#supported-ecosystems-and-repositories does suggest that Dependabot doesn't officially support pnpm 10 at all)

Check List

  • I have read the Contributing Guidelines and made commit messages that follow the guideline.
  • I have run pnpm format to ensure the code follows the style guide.
  • I have run pnpm test to check if all tests are passing.
  • I have run pnpm build to check if the website builds without errors.
  • I've covered new added functionality with unit tests if necessary.

Copilot AI review requested due to automatic review settings June 1, 2025 19:09
@MattIPv4 MattIPv4 requested a review from a team as a code owner June 1, 2025 19:09
@vercel
Copy link

vercel bot commented Jun 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
nodejs-org ✅ Ready (Inspect) Visit Preview Jun 1, 2025 7:59pm

Copilot AI reviewed Jun 1, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR downgrades the project’s pnpm version to 10.8.1 to work around a bug introduced in pnpm 10.9.0.

  • Update packageManager field to use pnpm@10.8.1
  • Align devEngines.packageManager.version with pnpm@10.8.1

@avivkeller avivkeller added the fast-track Fast Tracking PRs label Jun 1, 2025
@codecov
Copy link

codecov bot commented Jun 1, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 75.48%. Comparing base (71be084) to head (cbf7d70).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7822   +/-   ##
=======================================
  Coverage   75.48%   75.48%           
=======================================
  Files         101      101           
  Lines        8309     8309           
  Branches      218      218           
=======================================
  Hits         6272     6272           
  Misses       2035     2035           
  Partials        2        2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

avivkeller
avivkeller approved these changes Jun 1, 2025
View reviewed changes
Copy link
Member

@avivkeller avivkeller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requesting fast track

@ovflowd
Copy link
Member

ovflowd commented Jun 1, 2025

Quite the serious bug, ngl.

@MattIPv4 MattIPv4 added the github_actions:pull-request Trigger Pull Request Checks label Jun 1, 2025
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Jun 1, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Jun 1, 2025
edited
Loading

Lighthouse Results

URL Performance Accessibility Best Practices SEO Report
/en 🟢 99 🟢 100 🟢 100 🟢 91 🔗
/en/about 🟢 100 🟢 100 🟢 100 🟠 82 🔗
/en/about/previous-releases 🟢 100 🟢 100 🟢 100 🟠 83 🔗
/en/download 🟢 96 🟢 100 🟢 100 🟢 91 🔗
/en/blog 🟢 100 🟢 100 🟢 96 🟢 92 🔗

@MattIPv4 MattIPv4 force-pushed the MattIPv4/downgrade-pnpm branch from 5b5a50b to cbf7d70 Compare June 1, 2025 19:57
@MattIPv4 MattIPv4 added the github_actions:pull-request Trigger Pull Request Checks label Jun 1, 2025
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Jun 1, 2025
@MattIPv4 MattIPv4 added this pull request to the merge queue Jun 1, 2025
Merged via the queue into main with commit c11af00 Jun 1, 2025
15 checks passed
@MattIPv4 MattIPv4 deleted the MattIPv4/downgrade-pnpm branch June 1, 2025 20:14
@shamoon
Copy link

shamoon commented Jun 1, 2025

Sorry to snoop, did this work for you guys? (I think so looking at the dependabot PRs)

@MattIPv4
Copy link
Member Author

MattIPv4 commented Jun 1, 2025

It did, take a look at all the currently open Dependabot PRs -- they have correct diffs now instead of +/- 2k diffs for every dep in the lockfile.

@shamoon
Copy link

shamoon commented Jun 1, 2025

Thanks for confirming!

@MattIPv4 MattIPv4 mentioned this pull request Jun 2, 2025
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@avivkeller avivkeller avivkeller approved these changes

@AugustinMauroy AugustinMauroy AugustinMauroy approved these changes

Assignees

No one assigned

Labels

fast-track Fast Tracking PRs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@MattIPv4 @ovflowd @shamoon @avivkeller @AugustinMauroy