chore: update pnpm to 11 #9637
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,17 +8,15 @@ jobs: | |
| runs-on: ${{ matrix.os }} | ||
| strategy: | ||
| matrix: | ||
| node-version: [24] | ||
| os: [ubuntu-latest] | ||
| fail-fast: false | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - uses: pnpm/action-setup@v6 | ||
| - uses: actions/setup-node@v6 | ||
|
Comment on lines
+15
to
+17
There was a problem hiding this comment. 🧩 Analysis chain🌐 Web query:
💡 Result: actions/checkout v6 release & breaking changes (as of 2026-05-10) Release timing - The latest v6 release is v6.0.2 dated 2026-01-09. [1] - The major v6.0.0 release notes are described in the repo changelog under “v6.0.0”. [2] Breaking change / behavioral change (most important) - Credential persistence security change: when using the default persist-credentials behavior, v6 improves security by storing Git credentials in a separate file under $RUNNER_TEMP instead of directly in.git/config. [3] - Workflow impact: the action’s docs state there are “No workflow changes required” for normal git fetch/push usage because git fetch/push continue to work automatically. [3] - Self-hosted/Docker runner requirement: if you run authenticated git commands from a Docker container action, the docs state you need Actions Runner v2.329.0 or later (because the credentials are now read from their new location). [3] Related v6.x updates (not major-breaking, but relevant) - v6.0.1: adds “worktree support for persist-credentials includeIf”. [4][5] - v6.0.2: fixes “tag handling” (preserve annotations and explicit fetch-tags). [4][6] Source-backed summary for upgrading v5 -> v6 - Upgrade is typically safe for standard workflows; the key functional difference is the location of persisted credentials when persist-credentials is enabled. [3] - If you have self-hosted runners (especially with Docker container actions) you may need to update the runner version to at least v2.329.0. [3] Citations:
🌐 Web query:
💡 Result: Summary (pnpm/action-setup v6) 1) v6 release / timeline - The latest v6 release at the time of research is v6.0.6 (published 2026-05-08). Its only listed change is a fix for the Citations:
🌐 Web query:
💡 Result: actions/setup-node v6.0.0 was released on 2025-10-14, and the key v6 breaking change called out in that release is limiting automatic dependency caching to npm only (disabling auto-caching for other package managers unless configured explicitly). [1] 1) Release: v6.0.0 - v6.0.0 release tag: published 2025-10-14. [1] 2) Breaking changes (v6) - Automatic caching behavior changed: “Limit automatic caching to npm” (Breaking Changes) in v6.0.0. [1] - More specifically, the change restricts automatic caching to npm (detected from package.json via packageManager/devEngines.packageManager) and for Yarn/pnpm caching is disabled by default and must be enabled via the action’s cache input. [2][3] - This behavior is controlled by the input package-manager-cache (defaults to true): to disable automatic npm caching, set package-manager-cache: false. [3] Related v6-era behavioral change (not labeled breaking, but relevant to migration) - The action also supports reading packageManager from node-version-file: PR Citations:
检查 GitHub Actions v6 版本升级的重大变更配置。 工作流升级到多个 v6 版本存在重大变更需要确认:
请确认工作流是否使用 yarn/pnpm 缓存,如果使用需要添加显式配置。 🤖 Prompt for AI Agents |
||
| with: | ||
| node-version: 24 | ||
| cache: 'pnpm' | ||
| - run: pnpm install | ||
| - run: pnpm run build | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1 @@ | ||
| # .npmrc | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| nodeOptions: --max_old_space_size=8192 | ||
|
Contributor
There was a problem hiding this comment. The packages:
- 'packages/*'
nodeOptions: --max_old_space_size=8192 |
||
| publicHoistPattern: | ||
| - '@types*' | ||
| autoInstallPeers: false | ||
| allowBuilds: | ||
| '@parcel/watcher': true | ||
| '@swc/core': true | ||
| core-js: true | ||
| core-js-pure: true | ||
| esbuild: true | ||
| less: true | ||
| yorkie: true | ||
|
Comment on lines
+5
to
+12
Contributor
There was a problem hiding this comment. While onlyBuiltDependencies:
- '@parcel/watcher'
- '@swc/core'
- 'core-js'
- 'core-js-pure'
- 'esbuild'
- 'less'
- 'yorkie' |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧩 Analysis chain
🌐 Web query:
pnpm 11.0.9 release notes and breaking changes💡 Result:
pnpm 11.0.9 is a patch release with no breaking changes. It includes the following fixes under Patch Changes [1]: - Fixed installation of GitLab-hosted dependencies by downloading tarballs from the correct URL instead of the API endpoint that caused 406 errors and invalid module specifiers
#11533[1]. - Honor NPM_CONFIG_USERCONFIG (and npm_config_userconfig) as a low-priority fallback for locating user-level.npmrc, restoring compatibility with actions/setup-node in GitHub Actions#11539[1]. - Fix pnpm pack not bundling dependencies listed in bundleDependencies (or bundledDependencies) due to npm-packlist API changes#11519[1]. - Fixed CLI crash on unsupported Node.js versions (now requires Node.js v22.13+), showing a clear error instead of SyntaxError#11546[1]. Breaking changes apply to the pnpm 11.0 major release, not this patch [2][3]: - Requires Node.js 22+ (drops 18-21) [2]. - Distributed as pure ESM; standalone exe requires glibc 2.27+ [2]. -.npmrc now only for auth/registry; other settings moved to pnpm-workspace.yaml [2][3]. - Native publish, no npm fallback; removed several npm passthrough commands [2]. - Global installs isolated in virtual store [2]. - Other config migrations like allowBuilds replacing old build settings, no npm_config_* env vars, etc. [3].Citations:
🌐 Web query:
pnpm action-setup v6 packageManager field support💡 Result:
pnpm/action-setup@v6 supports reading the pnpm version from the packageManager field in package.json, but there are open v6 issues indicating it may not reliably respect that field when using the package_json_file input. 1) Documented support for packageManager field (when package_json_file is used) - The action documentation states that the version input is optional when there is a packageManager field in the package.json. It also states that you can “omit version input to use the version in the packageManager field in the package.json.” [1][2] - The documented input package_json_file is “File path to the package.json/package.yaml to read ‘packageManager’ configuration.” [1][3] 2) Reported behavior in v6: packageManager may be ignored (open issues) - Issue
#227reports: “When specifying package_json_file and that package.json file has a packageManager field … the v6 release does not load the specified version.” The issue includes a workaround: pass version explicitly to the action. [4] - Issue#225similarly reports that v6 does not take the requested pnpm version into account. [5] 3) What this means for you (practical guidance) - If you rely on automatic pnpm version selection from package.json’s packageManager field via package_json_file, v6 may not consistently work as expected (per the open issues above). [4][5] - To be safe/explicit in CI today, pass the desired pnpm version via the action’s with: version input, instead of relying on packageManager auto-detection. The workaround is explicitly called out in the v6 issue report. [4] Example (safe / explicit) - uses: pnpm/action-setup@v6 with: version: 10.28.1 # set explicitly Example (auto, as documented but reported as unreliable in v6) - uses: pnpm/action-setup@v6 with: package_json_file: path/to/package.jsonCitations:
package_json_filepnpm/action-setup#227为 pnpm/action-setup@v6 明确指定版本。
pnpm/action-setup@v6存在已知问题(#227、#225),当依赖package.json中的packageManager字段来隐式指定版本时,不能可靠地加载该版本。建议显式指定版本以避免 CI 中出现不可预测的行为:pnpm 11.0.9 是有效的发布版本,在该补丁级别内无重大变更。
🤖 Prompt for AI Agents