Skip to content

chore(repo): Update to pnpm v11#8499

Open
dstaley wants to merge 2 commits intomainfrom
ds.chore/pnpm-11
Open

chore(repo): Update to pnpm v11#8499
dstaley wants to merge 2 commits intomainfrom
ds.chore/pnpm-11

Conversation

@dstaley
Copy link
Copy Markdown
Member

@dstaley dstaley commented May 7, 2026

Description

This PR updates the repo to pnpm v11. It also updates the workspace config to disable the install scripts for every package except esbuild.

Checklist

  • pnpm test runs as expected.
  • pnpm build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

@vercel
Copy link
Copy Markdown

vercel Bot commented May 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
clerk-js-sandbox Ready Ready Preview, Comment May 7, 2026 3:58pm

Request Review

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented May 7, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: b79712f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 7, 2026
edited
Loading

Review Change Stack
No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: c680915c-ff6a-4e6e-b61b-18df81ad6267

📥 Commits

Reviewing files that changed from the base of the PR and between 24abce4 and b79712f.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (1)
  • pnpm-workspace.yaml
📝 Walkthrough

Walkthrough

This PR updates the monorepo tooling configuration. The root package.json upgrades the pnpm package manager from version 10.33.0 to 11.0.8, updating its associated integrity hash. Additionally, pnpm-workspace.yaml introduces an allowBuilds policy that explicitly enables builds for esbuild while disabling builds for nine specific packages and tools, including cypress, msw, sharp, and others, and adds a temporary rolldown override.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title 'chore(repo): Update to pnpm v11' directly matches the main changeset focus, which updates the package manager from pnpm v10 to v11.
Description check ✅ Passed The description is directly related to the changeset, clearly stating the PR updates the repo to pnpm v11 and disables install scripts in the workspace configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

  • Generate code and open pull requests
  • Plan features and break down work
  • Investigate incidents and troubleshoot customer tickets together
  • Automate recurring tasks and respond to alerts with triggers
  • Summarize progress and report instantly

Built for teams:

  • Shared memory across your entire org—no repeating context
  • Per-thread sandboxes to safely plan and execute work
  • Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
package.json (1)

153-162: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Align pnpm configuration to enforce the install-script policy consistently.

allowBuilds in pnpm-workspace.yaml explicitly blocks cypress and msw (lines 87-88), but onlyBuiltDependencies in package.json (lines 159-162) attempts to allow them. This conflict undermines the "only esbuild allowed" policy and could cause inconsistent install-script behavior.

Additionally, engines.pnpm specifies >=10.33.0 while packageManager pins pnpm@11.0.8, creating a version constraint mismatch that could lead to different behavior locally versus CI.

Fix:

  • Update engines.pnpm to >=11.0.8 to align with packageManager
  • Clear onlyBuiltDependencies since allowBuilds is the standard control mechanism in pnpm v11
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 153 - 162, Update package.json to remove the
conflicting pnpm.onlyBuiltDependencies entry and align the pnpm engine with the
pinned packageManager: delete the "onlyBuiltDependencies" array under "pnpm"
that lists "cypress" and "msw" (these are controlled by allowBuilds in
pnpm-workspace.yaml), and change "engines.pnpm" to ">=11.0.8" so it matches the
pinned "packageManager": "pnpm@11.0.8..." ensuring consistent install-script
policy and version constraints across local and CI environments.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@package.json`:
- Around line 153-162: Update package.json to remove the conflicting
pnpm.onlyBuiltDependencies entry and align the pnpm engine with the pinned
packageManager: delete the "onlyBuiltDependencies" array under "pnpm" that lists
"cypress" and "msw" (these are controlled by allowBuilds in
pnpm-workspace.yaml), and change "engines.pnpm" to ">=11.0.8" so it matches the
pinned "packageManager": "pnpm@11.0.8..." ensuring consistent install-script
policy and version constraints across local and CI environments.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: e59b6518-a2a7-4432-85fa-35aca027ee59

📥 Commits

Reviewing files that changed from the base of the PR and between 4c44aa6 and 24abce4.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (2)
  • package.json
  • pnpm-workspace.yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dstaley