chore(deps): update all non-major dependencies#221
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughPinned zizmor action (v0.5.3 → v0.5.6) and applied coordinated patch/minor dependency bumps across root, packages, and example manifests (Angular, React, Preact, Solid, Vanilla). ChangesMonorepo dependency and workflow updates
Estimated code review effort Possibly related issues
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 6
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
examples/angular/injectAsyncThrottledCallback/package.json (1)
1-1:⚠️ Potential issue | 🔴 Critical | ⚡ Quick winCritical: Lockfile out of sync with package.json changes.
The pipeline failure indicates
pnpm-lock.yamlis not up to date after the dependency updates across the monorepo. The lockfile needs to be regenerated to reflect the new versions of eslint (^10.4.0), knip (^6.14.1), and nx (^22.7.2) in the root package.json.Run the following to regenerate the lockfile:
pnpm installThen commit the updated
pnpm-lock.yaml.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@examples/angular/injectAsyncThrottledCallback/package.json` at line 1, The repo's pnpm-lock.yaml is out of sync with package.json changes (root deps updated to eslint ^10.4.0, knip ^6.14.1, nx ^22.7.2); regenerate the lockfile by running pnpm install at repo root, verify pnpm-lock.yaml updates, then commit the updated pnpm-lock.yaml alongside the modified package.json so the lockfile matches the new dependency versions.examples/solid/createDebouncer/package.json (1)
1-1:⚠️ Potential issue | 🔴 Critical | ⚡ Quick winRegenerate pnpm-lock.yaml to fix the pipeline failure.
The CI failure indicates
pnpm-lock.yamlis out of sync with rootpackage.jsondue to mismatched specifiers for eslint, knip, and nx. Runpnpm installat the repository root to update the lockfile.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@examples/solid/createDebouncer/package.json` at line 1, Regenerate the repository lockfile so specifiers for eslint, knip, and nx match the root package.json: run pnpm install from the repository root to update pnpm-lock.yaml (ensuring the lockfile reflects the root package.json changes), then commit the updated pnpm-lock.yaml so CI no longer fails due to mismatched specifiers for eslint/knip/nx.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@examples/angular/asyncBatch/package.json`:
- Around line 23-38: The package.json was updated (packageManager/pnpm and
dependency version bumps) but the pnpm-lock.yaml was not regenerated and
committed, causing CI to fail with ERR_PNPM_OUTDATED_LOCKFILE; run pnpm install
to regenerate pnpm-lock.yaml (or pnpm install --lockfile-only) using the updated
package.json, add and commit the new pnpm-lock.yaml alongside the package.json
changes, and push so CI can run pnpm install --frozen-lockfile successfully.
In `@examples/angular/injectQueuedSignal/package.json`:
- Line 23: The repo’s pnpm lockfile is out of sync with updated dependency specs
(packageManager/pnpm version and several root/example deps), causing
ERR_PNPM_OUTDATED_LOCKFILE; regenerate pnpm-lock.yaml and commit it. Run pnpm
install using the declared pnpm version (pnpm@11.1.2) to produce an updated
pnpm-lock.yaml, verify root deps (eslint, knip, nx) and example Angular deps
match package.json entries, and commit the updated pnpm-lock.yaml so
frozen-lockfile CI will pass.
In `@examples/react/rateLimit/package.json`:
- Around line 19-20: The CI failure is caused by an out-of-sync pnpm lockfile
after dependency changes (e.g. "`@vitejs/plugin-react`" and "vite") in
package.json; run `pnpm install` in this workspace to regenerate pnpm-lock.yaml,
verify the lockfile changes, and commit the updated pnpm-lock.yaml alongside
your package.json change so the pipeline picks up the consistent dependencies.
In `@examples/react/useBatcher/package.json`:
- Around line 19-20: The package manifest was bumped (e.g., dependency entries
like "`@vitejs/plugin-react`" and "vite" in package.json) but pnpm-lock.yaml was
not regenerated, causing CI to fail with ERR_PNPM_OUTDATED_LOCKFILE; run pnpm
install (or pnpm install --lockfile-only) at the repo root to regenerate
pnpm-lock.yaml so it matches the updated manifests, verify the lockfile
addresses specifier drift for packages such as eslint/knip/nx, and commit the
updated pnpm-lock.yaml alongside the manifest changes.
In `@examples/react/useQueuerWithPersister/package.json`:
- Around line 20-21: The package.json bump for "`@vitejs/plugin-react`" and "vite"
requires updating the pnpm lockfile so CI won't fail; regenerate and commit an
updated pnpm-lock.yaml by running pnpm install (or pnpm install --lockfile-only
/ pnpm up) in the repo root to sync the lockfile with the new dependency
versions, verify the lockfile changes are staged/committed, and re-run CI to
confirm the ERR_PNPM_OUTDATED_LOCKFILE error is resolved.
In `@package.json`:
- Around line 61-66: The lockfile is out of sync with the bumped dependency
versions (eslint, knip, nx) causing --frozen-lockfile to fail; regenerate
pnpm-lock.yaml by running pnpm install (or pnpm install --lockfile-only) so the
lockfile matches the new specifiers, verify the updated pnpm-lock.yaml reflects
the updated packages (eslint, knip, nx), and commit the changed pnpm-lock.yaml
to the repo so CI can install deterministically.
---
Outside diff comments:
In `@examples/angular/injectAsyncThrottledCallback/package.json`:
- Line 1: The repo's pnpm-lock.yaml is out of sync with package.json changes
(root deps updated to eslint ^10.4.0, knip ^6.14.1, nx ^22.7.2); regenerate the
lockfile by running pnpm install at repo root, verify pnpm-lock.yaml updates,
then commit the updated pnpm-lock.yaml alongside the modified package.json so
the lockfile matches the new dependency versions.
In `@examples/solid/createDebouncer/package.json`:
- Line 1: Regenerate the repository lockfile so specifiers for eslint, knip, and
nx match the root package.json: run pnpm install from the repository root to
update pnpm-lock.yaml (ensuring the lockfile reflects the root package.json
changes), then commit the updated pnpm-lock.yaml so CI no longer fails due to
mismatched specifiers for eslint/knip/nx.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 2024b0f6-f342-4cd9-917f-27fc3cb3b02e
📒 Files selected for processing (167)
.github/workflows/zizmor.ymlexamples/angular/asyncBatch/package.jsonexamples/angular/asyncDebounce/package.jsonexamples/angular/asyncRateLimit/package.jsonexamples/angular/asyncRetry/package.jsonexamples/angular/asyncThrottle/package.jsonexamples/angular/batch/package.jsonexamples/angular/debounce/package.jsonexamples/angular/injectAsyncBatchedCallback/package.jsonexamples/angular/injectAsyncBatcher/package.jsonexamples/angular/injectAsyncDebouncedCallback/package.jsonexamples/angular/injectAsyncDebouncer/package.jsonexamples/angular/injectAsyncQueuedSignal/package.jsonexamples/angular/injectAsyncQueuer/package.jsonexamples/angular/injectAsyncRateLimiter/package.jsonexamples/angular/injectAsyncRateLimiterWithPersister/package.jsonexamples/angular/injectAsyncThrottledCallback/package.jsonexamples/angular/injectAsyncThrottler/package.jsonexamples/angular/injectBatchedCallback/package.jsonexamples/angular/injectBatcher/package.jsonexamples/angular/injectDebouncedCallback/package.jsonexamples/angular/injectDebouncedSignal/package.jsonexamples/angular/injectDebouncedValue/package.jsonexamples/angular/injectDebouncer/package.jsonexamples/angular/injectQueuedSignal/package.jsonexamples/angular/injectQueuedValue/package.jsonexamples/angular/injectQueuer/package.jsonexamples/angular/injectQueuerWithPersister/package.jsonexamples/angular/injectRateLimitedCallback/package.jsonexamples/angular/injectRateLimitedSignal/package.jsonexamples/angular/injectRateLimitedValue/package.jsonexamples/angular/injectRateLimiter/package.jsonexamples/angular/injectRateLimiterWithPersister/package.jsonexamples/angular/injectThrottledCallback/package.jsonexamples/angular/injectThrottledSignal/package.jsonexamples/angular/injectThrottledValue/package.jsonexamples/angular/injectThrottler/package.jsonexamples/angular/queue/package.jsonexamples/angular/rateLimit/package.jsonexamples/angular/throttle/package.jsonexamples/preact/asyncBatch/package.jsonexamples/preact/asyncDebounce/package.jsonexamples/preact/asyncRateLimit/package.jsonexamples/preact/asyncRetry/package.jsonexamples/preact/asyncThrottle/package.jsonexamples/preact/batch/package.jsonexamples/preact/debounce/package.jsonexamples/preact/queue/package.jsonexamples/preact/rateLimit/package.jsonexamples/preact/throttle/package.jsonexamples/preact/useAsyncBatchedCallback/package.jsonexamples/preact/useAsyncBatcher/package.jsonexamples/preact/useAsyncDebouncedCallback/package.jsonexamples/preact/useAsyncDebouncer/package.jsonexamples/preact/useAsyncQueuedState/package.jsonexamples/preact/useAsyncQueuer/package.jsonexamples/preact/useAsyncRateLimiter/package.jsonexamples/preact/useAsyncRateLimiterWithPersister/package.jsonexamples/preact/useAsyncThrottledCallback/package.jsonexamples/preact/useAsyncThrottler/package.jsonexamples/preact/useBatchedCallback/package.jsonexamples/preact/useBatcher/package.jsonexamples/preact/useDebouncedCallback/package.jsonexamples/preact/useDebouncedState/package.jsonexamples/preact/useDebouncedValue/package.jsonexamples/preact/useDebouncer/package.jsonexamples/preact/useQueuedState/package.jsonexamples/preact/useQueuedValue/package.jsonexamples/preact/useQueuer/package.jsonexamples/preact/useQueuerWithPersister/package.jsonexamples/preact/useRateLimitedCallback/package.jsonexamples/preact/useRateLimitedState/package.jsonexamples/preact/useRateLimitedValue/package.jsonexamples/preact/useRateLimiter/package.jsonexamples/preact/useRateLimiterWithPersister/package.jsonexamples/preact/useThrottledCallback/package.jsonexamples/preact/useThrottledState/package.jsonexamples/preact/useThrottledValue/package.jsonexamples/preact/useThrottler/package.jsonexamples/preact/util-comparison/package.jsonexamples/react/asyncBatch/package.jsonexamples/react/asyncDebounce/package.jsonexamples/react/asyncRateLimit/package.jsonexamples/react/asyncRetry/package.jsonexamples/react/asyncThrottle/package.jsonexamples/react/batch/package.jsonexamples/react/debounce/package.jsonexamples/react/queue/package.jsonexamples/react/rateLimit/package.jsonexamples/react/react-query-debounced-prefetch/package.jsonexamples/react/react-query-queued-prefetch/package.jsonexamples/react/react-query-throttled-prefetch/package.jsonexamples/react/throttle/package.jsonexamples/react/useAsyncBatchedCallback/package.jsonexamples/react/useAsyncBatcher/package.jsonexamples/react/useAsyncDebouncedCallback/package.jsonexamples/react/useAsyncDebouncer/package.jsonexamples/react/useAsyncQueuedState/package.jsonexamples/react/useAsyncQueuer/package.jsonexamples/react/useAsyncRateLimiter/package.jsonexamples/react/useAsyncRateLimiterWithPersister/package.jsonexamples/react/useAsyncThrottledCallback/package.jsonexamples/react/useAsyncThrottler/package.jsonexamples/react/useBatchedCallback/package.jsonexamples/react/useBatcher/package.jsonexamples/react/useDebouncedCallback/package.jsonexamples/react/useDebouncedState/package.jsonexamples/react/useDebouncedValue/package.jsonexamples/react/useDebouncer/package.jsonexamples/react/useQueuedState/package.jsonexamples/react/useQueuedValue/package.jsonexamples/react/useQueuer/package.jsonexamples/react/useQueuerWithPersister/package.jsonexamples/react/useRateLimitedCallback/package.jsonexamples/react/useRateLimitedState/package.jsonexamples/react/useRateLimitedValue/package.jsonexamples/react/useRateLimiter/package.jsonexamples/react/useRateLimiterWithPersister/package.jsonexamples/react/useThrottledCallback/package.jsonexamples/react/useThrottledState/package.jsonexamples/react/useThrottledValue/package.jsonexamples/react/useThrottler/package.jsonexamples/react/util-comparison/package.jsonexamples/solid/asyncBatch/package.jsonexamples/solid/asyncDebounce/package.jsonexamples/solid/asyncRateLimit/package.jsonexamples/solid/asyncThrottle/package.jsonexamples/solid/batch/package.jsonexamples/solid/createAsyncBatcher/package.jsonexamples/solid/createAsyncDebouncer/package.jsonexamples/solid/createAsyncQueuer/package.jsonexamples/solid/createAsyncRateLimiter/package.jsonexamples/solid/createAsyncThrottler/package.jsonexamples/solid/createBatcher/package.jsonexamples/solid/createDebouncedSignal/package.jsonexamples/solid/createDebouncedValue/package.jsonexamples/solid/createDebouncer/package.jsonexamples/solid/createQueuedSignal/package.jsonexamples/solid/createQueuer/package.jsonexamples/solid/createRateLimitedSignal/package.jsonexamples/solid/createRateLimitedValue/package.jsonexamples/solid/createRateLimiter/package.jsonexamples/solid/createThrottledSignal/package.jsonexamples/solid/createThrottledValue/package.jsonexamples/solid/createThrottler/package.jsonexamples/solid/debounce/package.jsonexamples/solid/queue/package.jsonexamples/solid/rateLimit/package.jsonexamples/solid/throttle/package.jsonexamples/vanilla/LiteBatcher/package.jsonexamples/vanilla/LiteDebouncer/package.jsonexamples/vanilla/LiteQueuer/package.jsonexamples/vanilla/LiteRateLimiter/package.jsonexamples/vanilla/LiteThrottler/package.jsonexamples/vanilla/liteBatch/package.jsonexamples/vanilla/liteDebounce/package.jsonexamples/vanilla/liteQueue/package.jsonexamples/vanilla/liteRateLimit/package.jsonexamples/vanilla/liteThrottle/package.jsonpackage.jsonpackages/angular-pacer/package.jsonpackages/pacer-devtools/package.jsonpackages/preact-pacer-devtools/package.jsonpackages/preact-pacer/package.jsonpackages/react-pacer-devtools/package.jsonpackages/react-pacer/package.jsonpackages/solid-pacer/package.json
| }, | ||
| "private": true, | ||
| "packageManager": "pnpm@11.1.1", | ||
| "packageManager": "pnpm@11.1.2", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify lockfile drift matches the reported CI error (read-only checks)
set -euo pipefail
echo "Root dependency specifiers:"
rg -n '"(eslint|knip|nx)"\s*:\s*"\^[^"]+"' package.json
echo
echo "Lockfile entries:"
rg -n '^\s{2}(eslint|knip|nx)@' pnpm-lock.yaml || true
echo
echo "If versions differ from package.json intent, run locally:"
echo "pnpm install && git add pnpm-lock.yaml"Repository: TanStack/pacer
Length of output: 461
🏁 Script executed:
# Verify the actual file structure and content
echo "=== Checking if example directory exists ==="
ls -la examples/angular/injectQueuedSignal/ 2>&1 | head -20
echo -e "\n=== Checking package.json at the example location ==="
if [ -f "examples/angular/injectQueuedSignal/package.json" ]; then
echo "File exists. Line 23:"
sed -n '20,30p' examples/angular/injectQueuedSignal/package.json
else
echo "File not found"
fi
echo -e "\n=== Checking for pnpm-lock.yaml locations ==="
find . -name "pnpm-lock.yaml" -type f 2>/dev/null | head -5
echo -e "\n=== Checking root package.json at line 23 ==="
sed -n '20,30p' package.jsonRepository: TanStack/pacer
Length of output: 2347
🏁 Script executed:
# Check example package.json dependencies
echo "=== Example package.json full content ==="
cat examples/angular/injectQueuedSignal/package.json
echo -e "\n=== Extract dependency versions from example ==="
jq '.dependencies, .devDependencies' examples/angular/injectQueuedSignal/package.json
echo -e "\n=== Check lockfile for these dependencies ==="
# Get all packages from example dependencies
rg -o '"`@angular/`[^"]+"|"typescript"|"`@nrwl/`[^"]+"' examples/angular/injectQueuedSignal/package.json | head -20Repository: TanStack/pacer
Length of output: 1876
🏁 Script executed:
# Check if example's dependencies have lockfile versions matching their specifiers
echo "=== Check lockfile for Angular and other example dependencies ==="
echo "Checking `@angular/common`:"
rg -n '`@angular/common`@21\.2\.13' pnpm-lock.yaml || echo "Not found"
echo -e "\nChecking typescript:"
rg -n 'typescript@6\.0\.3' pnpm-lock.yaml || echo "Not found"
echo -e "\nChecking all typescript versions in lockfile:"
rg -n '^\s+typescript@' pnpm-lock.yaml | head -5
echo -e "\nChecking `@angular/common` versions in lockfile:"
rg -n '^\s+@angular/common@' pnpm-lock.yaml | head -5
echo -e "\n=== Check if root has install issues due to lockfile ==="
echo "Root package.json eslint, knip, nx specs:"
rg '"(eslint|knip|nx)"\s*:\s*' package.json | grep -E "^\s+"
echo -e "\nRoot lockfile versions:"
rg -n '^\s{2}(eslint|knip|nx)@' pnpm-lock.yaml | head -10Repository: TanStack/pacer
Length of output: 45468
Regenerate and commit pnpm-lock.yaml to unblock frozen-lockfile CI.
The PR fails install with ERR_PNPM_OUTDATED_LOCKFILE; updated dependency specifiers are not reflected in the lockfile. Root dependencies (eslint ^10.4.0 vs 10.3.0, knip ^6.14.1 vs 6.13.1, nx ^22.7.2 vs 22.7.1) and example dependencies (Angular ^21.2.13 vs 21.2.12) are all out of sync. This blocks merge.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@examples/angular/injectQueuedSignal/package.json` at line 23, The repo’s pnpm
lockfile is out of sync with updated dependency specs (packageManager/pnpm
version and several root/example deps), causing ERR_PNPM_OUTDATED_LOCKFILE;
regenerate pnpm-lock.yaml and commit it. Run pnpm install using the declared
pnpm version (pnpm@11.1.2) to produce an updated pnpm-lock.yaml, verify root
deps (eslint, knip, nx) and example Angular deps match package.json entries, and
commit the updated pnpm-lock.yaml so frozen-lockfile CI will pass.
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
5124183 to
2d4efc4
Compare
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub. |
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@examples/angular/asyncBatch/package.json`:
- Around line 25-30: Update the Angular build and CLI package versions to match
the runtime packages: change the `@angular/build` and `@angular/cli` entries to use
^21.2.13 so they align with `@angular/core`, `@angular/common`, `@angular/compiler`,
`@angular/forms`, `@angular/platform-browser`, and `@angular/router`; locate and edit
the `@angular/build` and `@angular/cli` entries in package.json to ensure all
Angular packages are on the same 21.2.13 patch level.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 8ac82c91-3225-4eb0-8072-b2a8db3ee3bb
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (167)
.github/workflows/zizmor.ymlexamples/angular/asyncBatch/package.jsonexamples/angular/asyncDebounce/package.jsonexamples/angular/asyncRateLimit/package.jsonexamples/angular/asyncRetry/package.jsonexamples/angular/asyncThrottle/package.jsonexamples/angular/batch/package.jsonexamples/angular/debounce/package.jsonexamples/angular/injectAsyncBatchedCallback/package.jsonexamples/angular/injectAsyncBatcher/package.jsonexamples/angular/injectAsyncDebouncedCallback/package.jsonexamples/angular/injectAsyncDebouncer/package.jsonexamples/angular/injectAsyncQueuedSignal/package.jsonexamples/angular/injectAsyncQueuer/package.jsonexamples/angular/injectAsyncRateLimiter/package.jsonexamples/angular/injectAsyncRateLimiterWithPersister/package.jsonexamples/angular/injectAsyncThrottledCallback/package.jsonexamples/angular/injectAsyncThrottler/package.jsonexamples/angular/injectBatchedCallback/package.jsonexamples/angular/injectBatcher/package.jsonexamples/angular/injectDebouncedCallback/package.jsonexamples/angular/injectDebouncedSignal/package.jsonexamples/angular/injectDebouncedValue/package.jsonexamples/angular/injectDebouncer/package.jsonexamples/angular/injectQueuedSignal/package.jsonexamples/angular/injectQueuedValue/package.jsonexamples/angular/injectQueuer/package.jsonexamples/angular/injectQueuerWithPersister/package.jsonexamples/angular/injectRateLimitedCallback/package.jsonexamples/angular/injectRateLimitedSignal/package.jsonexamples/angular/injectRateLimitedValue/package.jsonexamples/angular/injectRateLimiter/package.jsonexamples/angular/injectRateLimiterWithPersister/package.jsonexamples/angular/injectThrottledCallback/package.jsonexamples/angular/injectThrottledSignal/package.jsonexamples/angular/injectThrottledValue/package.jsonexamples/angular/injectThrottler/package.jsonexamples/angular/queue/package.jsonexamples/angular/rateLimit/package.jsonexamples/angular/throttle/package.jsonexamples/preact/asyncBatch/package.jsonexamples/preact/asyncDebounce/package.jsonexamples/preact/asyncRateLimit/package.jsonexamples/preact/asyncRetry/package.jsonexamples/preact/asyncThrottle/package.jsonexamples/preact/batch/package.jsonexamples/preact/debounce/package.jsonexamples/preact/queue/package.jsonexamples/preact/rateLimit/package.jsonexamples/preact/throttle/package.jsonexamples/preact/useAsyncBatchedCallback/package.jsonexamples/preact/useAsyncBatcher/package.jsonexamples/preact/useAsyncDebouncedCallback/package.jsonexamples/preact/useAsyncDebouncer/package.jsonexamples/preact/useAsyncQueuedState/package.jsonexamples/preact/useAsyncQueuer/package.jsonexamples/preact/useAsyncRateLimiter/package.jsonexamples/preact/useAsyncRateLimiterWithPersister/package.jsonexamples/preact/useAsyncThrottledCallback/package.jsonexamples/preact/useAsyncThrottler/package.jsonexamples/preact/useBatchedCallback/package.jsonexamples/preact/useBatcher/package.jsonexamples/preact/useDebouncedCallback/package.jsonexamples/preact/useDebouncedState/package.jsonexamples/preact/useDebouncedValue/package.jsonexamples/preact/useDebouncer/package.jsonexamples/preact/useQueuedState/package.jsonexamples/preact/useQueuedValue/package.jsonexamples/preact/useQueuer/package.jsonexamples/preact/useQueuerWithPersister/package.jsonexamples/preact/useRateLimitedCallback/package.jsonexamples/preact/useRateLimitedState/package.jsonexamples/preact/useRateLimitedValue/package.jsonexamples/preact/useRateLimiter/package.jsonexamples/preact/useRateLimiterWithPersister/package.jsonexamples/preact/useThrottledCallback/package.jsonexamples/preact/useThrottledState/package.jsonexamples/preact/useThrottledValue/package.jsonexamples/preact/useThrottler/package.jsonexamples/preact/util-comparison/package.jsonexamples/react/asyncBatch/package.jsonexamples/react/asyncDebounce/package.jsonexamples/react/asyncRateLimit/package.jsonexamples/react/asyncRetry/package.jsonexamples/react/asyncThrottle/package.jsonexamples/react/batch/package.jsonexamples/react/debounce/package.jsonexamples/react/queue/package.jsonexamples/react/rateLimit/package.jsonexamples/react/react-query-debounced-prefetch/package.jsonexamples/react/react-query-queued-prefetch/package.jsonexamples/react/react-query-throttled-prefetch/package.jsonexamples/react/throttle/package.jsonexamples/react/useAsyncBatchedCallback/package.jsonexamples/react/useAsyncBatcher/package.jsonexamples/react/useAsyncDebouncedCallback/package.jsonexamples/react/useAsyncDebouncer/package.jsonexamples/react/useAsyncQueuedState/package.jsonexamples/react/useAsyncQueuer/package.jsonexamples/react/useAsyncRateLimiter/package.jsonexamples/react/useAsyncRateLimiterWithPersister/package.jsonexamples/react/useAsyncThrottledCallback/package.jsonexamples/react/useAsyncThrottler/package.jsonexamples/react/useBatchedCallback/package.jsonexamples/react/useBatcher/package.jsonexamples/react/useDebouncedCallback/package.jsonexamples/react/useDebouncedState/package.jsonexamples/react/useDebouncedValue/package.jsonexamples/react/useDebouncer/package.jsonexamples/react/useQueuedState/package.jsonexamples/react/useQueuedValue/package.jsonexamples/react/useQueuer/package.jsonexamples/react/useQueuerWithPersister/package.jsonexamples/react/useRateLimitedCallback/package.jsonexamples/react/useRateLimitedState/package.jsonexamples/react/useRateLimitedValue/package.jsonexamples/react/useRateLimiter/package.jsonexamples/react/useRateLimiterWithPersister/package.jsonexamples/react/useThrottledCallback/package.jsonexamples/react/useThrottledState/package.jsonexamples/react/useThrottledValue/package.jsonexamples/react/useThrottler/package.jsonexamples/react/util-comparison/package.jsonexamples/solid/asyncBatch/package.jsonexamples/solid/asyncDebounce/package.jsonexamples/solid/asyncRateLimit/package.jsonexamples/solid/asyncThrottle/package.jsonexamples/solid/batch/package.jsonexamples/solid/createAsyncBatcher/package.jsonexamples/solid/createAsyncDebouncer/package.jsonexamples/solid/createAsyncQueuer/package.jsonexamples/solid/createAsyncRateLimiter/package.jsonexamples/solid/createAsyncThrottler/package.jsonexamples/solid/createBatcher/package.jsonexamples/solid/createDebouncedSignal/package.jsonexamples/solid/createDebouncedValue/package.jsonexamples/solid/createDebouncer/package.jsonexamples/solid/createQueuedSignal/package.jsonexamples/solid/createQueuer/package.jsonexamples/solid/createRateLimitedSignal/package.jsonexamples/solid/createRateLimitedValue/package.jsonexamples/solid/createRateLimiter/package.jsonexamples/solid/createThrottledSignal/package.jsonexamples/solid/createThrottledValue/package.jsonexamples/solid/createThrottler/package.jsonexamples/solid/debounce/package.jsonexamples/solid/queue/package.jsonexamples/solid/rateLimit/package.jsonexamples/solid/throttle/package.jsonexamples/vanilla/LiteBatcher/package.jsonexamples/vanilla/LiteDebouncer/package.jsonexamples/vanilla/LiteQueuer/package.jsonexamples/vanilla/LiteRateLimiter/package.jsonexamples/vanilla/LiteThrottler/package.jsonexamples/vanilla/liteBatch/package.jsonexamples/vanilla/liteDebounce/package.jsonexamples/vanilla/liteQueue/package.jsonexamples/vanilla/liteRateLimit/package.jsonexamples/vanilla/liteThrottle/package.jsonpackage.jsonpackages/angular-pacer/package.jsonpackages/pacer-devtools/package.jsonpackages/preact-pacer-devtools/package.jsonpackages/preact-pacer/package.jsonpackages/react-pacer-devtools/package.jsonpackages/react-pacer/package.jsonpackages/solid-pacer/package.json
✅ Files skipped from review due to trivial changes (106)
- examples/react/useQueuerWithPersister/package.json
- examples/react/asyncDebounce/package.json
- packages/preact-pacer-devtools/package.json
- examples/react/throttle/package.json
- packages/solid-pacer/package.json
- examples/react/asyncBatch/package.json
- examples/solid/rateLimit/package.json
- examples/react/useAsyncBatchedCallback/package.json
- examples/solid/createThrottledValue/package.json
- examples/react/useThrottler/package.json
- examples/react/useDebouncedState/package.json
- packages/pacer-devtools/package.json
- examples/react/useQueuer/package.json
- examples/preact/useDebouncedValue/package.json
- examples/react/useAsyncDebouncer/package.json
- examples/react/useAsyncBatcher/package.json
- examples/react/batch/package.json
- examples/react/useAsyncDebouncedCallback/package.json
- examples/preact/useAsyncRateLimiter/package.json
- examples/react/useDebouncer/package.json
- examples/preact/asyncThrottle/package.json
- examples/preact/useQueuedState/package.json
- examples/react/useRateLimitedValue/package.json
- examples/solid/asyncBatch/package.json
- examples/vanilla/liteRateLimit/package.json
- examples/solid/createBatcher/package.json
- examples/react/queue/package.json
- examples/solid/createDebouncedValue/package.json
- examples/preact/useThrottledValue/package.json
- examples/react/useAsyncRateLimiter/package.json
- examples/preact/useAsyncThrottler/package.json
- examples/react/useThrottledValue/package.json
- examples/solid/createAsyncRateLimiter/package.json
- examples/preact/useAsyncDebouncer/package.json
- examples/react/useQueuedState/package.json
- examples/preact/useAsyncBatchedCallback/package.json
- examples/react/useThrottledState/package.json
- packages/angular-pacer/package.json
- examples/react/useDebouncedCallback/package.json
- examples/solid/createRateLimitedSignal/package.json
- examples/solid/createAsyncBatcher/package.json
- examples/preact/useRateLimitedValue/package.json
- examples/vanilla/LiteQueuer/package.json
- examples/preact/useAsyncRateLimiterWithPersister/package.json
- examples/preact/useQueuedValue/package.json
- examples/solid/batch/package.json
- examples/preact/useAsyncBatcher/package.json
- examples/vanilla/liteThrottle/package.json
- examples/react/useRateLimitedState/package.json
- examples/react/rateLimit/package.json
- examples/solid/createQueuedSignal/package.json
- examples/react/util-comparison/package.json
- examples/vanilla/LiteRateLimiter/package.json
- examples/react/useAsyncRateLimiterWithPersister/package.json
- examples/vanilla/liteBatch/package.json
- examples/angular/rateLimit/package.json
- examples/preact/useAsyncThrottledCallback/package.json
- examples/preact/useThrottledState/package.json
- examples/react/useQueuedValue/package.json
- examples/solid/asyncRateLimit/package.json
- package.json
- examples/solid/createRateLimiter/package.json
- examples/react/useAsyncThrottledCallback/package.json
- examples/solid/queue/package.json
- examples/vanilla/LiteDebouncer/package.json
- examples/react/useThrottledCallback/package.json
- examples/solid/createRateLimitedValue/package.json
- examples/preact/useBatchedCallback/package.json
- examples/angular/injectDebouncedCallback/package.json
- examples/react/useDebouncedValue/package.json
- examples/preact/useAsyncQueuer/package.json
- examples/react/useBatcher/package.json
- examples/preact/useDebouncedCallback/package.json
- examples/preact/useRateLimiterWithPersister/package.json
- examples/solid/createThrottler/package.json
- examples/angular/injectBatcher/package.json
- examples/angular/injectDebouncedValue/package.json
- examples/angular/injectAsyncBatchedCallback/package.json
- examples/preact/asyncRateLimit/package.json
- examples/solid/createAsyncThrottler/package.json
- packages/react-pacer/package.json
- examples/solid/createThrottledSignal/package.json
- examples/preact/debounce/package.json
- examples/vanilla/LiteThrottler/package.json
- examples/preact/useRateLimiter/package.json
- examples/solid/asyncThrottle/package.json
- examples/preact/useDebouncedState/package.json
- examples/react/useBatchedCallback/package.json
- examples/angular/injectRateLimitedSignal/package.json
- examples/angular/injectQueuerWithPersister/package.json
- examples/preact/useBatcher/package.json
- examples/solid/asyncDebounce/package.json
- examples/preact/rateLimit/package.json
- examples/angular/asyncDebounce/package.json
- examples/solid/createQueuer/package.json
- examples/react/useAsyncQueuer/package.json
- examples/react/useAsyncQueuedState/package.json
- examples/angular/injectAsyncQueuedSignal/package.json
- examples/vanilla/LiteBatcher/package.json
- examples/solid/createAsyncQueuer/package.json
- examples/angular/injectRateLimitedCallback/package.json
- packages/preact-pacer/package.json
- examples/angular/asyncRetry/package.json
- examples/preact/queue/package.json
- examples/angular/queue/package.json
- examples/solid/createAsyncDebouncer/package.json
🚧 Files skipped from review as they are similar to previous changes (51)
- examples/preact/useThrottledCallback/package.json
- examples/preact/useAsyncQueuedState/package.json
- examples/vanilla/liteQueue/package.json
- examples/react/debounce/package.json
- examples/preact/batch/package.json
- examples/solid/debounce/package.json
- .github/workflows/zizmor.yml
- examples/react/asyncRateLimit/package.json
- examples/angular/injectRateLimiter/package.json
- examples/preact/asyncBatch/package.json
- examples/angular/injectThrottledValue/package.json
- examples/angular/throttle/package.json
- examples/preact/util-comparison/package.json
- examples/angular/injectAsyncThrottler/package.json
- examples/vanilla/liteDebounce/package.json
- examples/preact/useRateLimitedCallback/package.json
- examples/angular/injectQueuedValue/package.json
- examples/preact/useQueuer/package.json
- examples/angular/debounce/package.json
- examples/angular/injectAsyncDebouncer/package.json
- examples/angular/injectAsyncBatcher/package.json
- examples/react/useRateLimiterWithPersister/package.json
- examples/solid/throttle/package.json
- examples/preact/useRateLimitedState/package.json
- examples/angular/injectRateLimitedValue/package.json
- examples/angular/injectBatchedCallback/package.json
- examples/angular/injectAsyncRateLimiterWithPersister/package.json
- examples/preact/useQueuerWithPersister/package.json
- examples/react/useRateLimiter/package.json
- examples/react/useRateLimitedCallback/package.json
- examples/angular/injectThrottler/package.json
- examples/react/react-query-queued-prefetch/package.json
- examples/react/useAsyncThrottler/package.json
- examples/angular/injectThrottledSignal/package.json
- packages/react-pacer-devtools/package.json
- examples/angular/injectQueuer/package.json
- examples/angular/injectQueuedSignal/package.json
- examples/angular/injectRateLimiterWithPersister/package.json
- examples/preact/useDebouncer/package.json
- examples/preact/asyncRetry/package.json
- examples/angular/injectAsyncThrottledCallback/package.json
- examples/solid/createDebouncedSignal/package.json
- examples/angular/injectAsyncQueuer/package.json
- examples/angular/injectDebouncer/package.json
- examples/angular/batch/package.json
- examples/preact/useAsyncDebouncedCallback/package.json
- examples/angular/asyncThrottle/package.json
- examples/angular/injectThrottledCallback/package.json
- examples/angular/injectDebouncedSignal/package.json
- examples/angular/injectAsyncRateLimiter/package.json
- examples/preact/asyncDebounce/package.json
Comment on lines
+25
to
+30
| "@angular/common": "^21.2.13", | ||
| "@angular/compiler": "^21.2.13", | ||
| "@angular/core": "^21.2.13", | ||
| "@angular/forms": "^21.2.13", | ||
| "@angular/platform-browser": "^21.2.13", | ||
| "@angular/router": "^21.2.13", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check Angular release notes and compatibility for version skew
# Search for known issues with mixing Angular 21.2.13 runtime and 21.2.11 build tools
rg -n "`@angular/`(build|cli).*21\.2\.11" examples/angular/ -A 2 -B 2Repository: TanStack/pacer
Length of output: 18607
🌐 Web query:
Angular 21.2.13 compatibility with Angular CLI 21.2.11 and Angular build 21.2.11
💡 Result:
Angular 21.2.13 compatibility with Angular CLI 21.2.11 and Angular build 21.2.11: While there is no official documentation explicitly confirming the compatibility of these specific patch versions, the standard practice and official guidance for Angular projects is to keep the Angular core, Angular CLI, and build packages aligned at the same version [1]. What the sources confirm: 1) Major version alignment: Angular’s official documentation states that major versions of Angular core and the CLI must be aligned [1]. 2) Version consistency: The official guidance is that in order to use the CLI, the version of @angular/core and the CLI should be the same [1]. 3) Release trains: The @angular/cli repository releases (such as v21.2.11) are part of a unified release train that includes the CLI and build packages [2]. Recommendation: To ensure stability and avoid potential issues, it is strongly recommended to update your @angular/core, @angular/cli, and build packages (@angular-devkit/build-angular or @angular/build) to the same version (e.g., 21.2.13). While they may technically function if mismatched within the same minor version (21.2.x), keeping them aligned is the only way to guarantee full compatibility and support [1].
Citations:
- 1: https://angular.dev/reference/releases
- 2: https://github.com/angular/angular-cli/releases/tag/v21.2.11
Align build and runtime package versions.
Runtime packages (@angular/core, @angular/common, etc.) are at ^21.2.13 while build packages (@angular/build at line 36, @angular/cli at line 37) remain at ^21.2.11. Angular's official guidance recommends keeping core, CLI, and build packages aligned to the same version for full compatibility and support. While patch-level mismatches within the same minor version (21.2.x) may function, updating @angular/build and @angular/cli to ^21.2.13 ensures version consistency and eliminates potential compatibility gaps.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@examples/angular/asyncBatch/package.json` around lines 25 - 30, Update the
Angular build and CLI package versions to match the runtime packages: change the
`@angular/build` and `@angular/cli` entries to use ^21.2.13 so they align with
`@angular/core`, `@angular/common`, `@angular/compiler`, `@angular/forms`,
`@angular/platform-browser`, and `@angular/router`; locate and edit the
`@angular/build` and `@angular/cli` entries in package.json to ensure all Angular
packages are on the same 21.2.13 patch level.
147c3ea to
6c4f3bf
Compare
renovate
Bot
force-pushed
the
renovate/all-minor-patch
branch
from
6c4f3bf to
ca464a6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^21.2.11→^21.2.12^21.2.11→^21.2.12^21.2.12→^21.2.14^21.2.12→^21.2.14^21.2.12→^21.2.14^21.2.12→^21.2.14^21.2.12→^21.2.14^21.2.12→^21.2.14^21.2.12→^21.2.14^21.2.12→^21.2.14^5.7.7→^5.8.3^5.100.10→^5.100.11^5.100.10→^5.100.11^19.2.14→^19.2.15^6.0.1→^6.0.2^10.3.0→^10.4.0^6.13.1→^6.14.1^22.7.1→^22.7.211.1.1→11.1.3^10.29.1→^10.29.2^10.29.1→^10.29.2^1.9.12→^1.9.13^1.9.12→^1.9.13^8.0.12→^8.0.14^4.1.6→^4.1.7v0.5.3→v0.5.6Release Notes
angular/angular-cli (@angular/build)
v21.2.12Compare Source
@angular/build
angular/angular (@angular/common)
v21.2.14Compare Source
compiler
core
router
v21.2.13Compare Source
core
platform-server
allowedHostsoption torenderModuleandrenderApplicationRel1cx/eslint-react (@eslint-react/eslint-plugin)
v5.8.3Compare Source
🐞 Fixes
react-dom/no-unknown-property: Added React 19precedenceandblockingattributes to the known property allowlist with version-gated tag checks, preventing false positives on<style>,<link>, and<script>elements (#1789, #1790).Full Changelog: Rel1cx/eslint-react@v5.8.2...v5.8.3
v5.8.2Compare Source
📝 Documentation
usehook guidance toerror-boundaries,rules-of-hooks, andno-use-contextdocs.eslint-plugin-react-xrule documentation with scenario-based examples, Troubleshooting sections, and Further Reading links across 48 rule docs (#1786).^^^) from documentation examples for better readability (#1785).eslint-plugin-reactwith additional details.🏗️ Internal
pnpm-lock.yaml: bumpednxto 22.7.2 andbrace-expansionto 5.0.5.Full Changelog: Rel1cx/eslint-react@v5.8.1...v5.8.2
v5.8.1Compare Source
📝 Documentation
eslint-plugin-react-x,eslint-plugin-react-dom,eslint-plugin-react-jsx,eslint-plugin-react-web-api,eslint-plugin-react-naming-convention,eslint-plugin-react-debug,eslint-plugin-react-rsc) from theCommon Violations / Invalid / Validformat to the newExamples / scenario-based / Troubleshooting / Further Readingformat (#1784).🏗️ Internal
scripts/scaffold-rule.tsand the rule request issue template to match the new documentation structure (#1782).Full Changelog: Rel1cx/eslint-react@v5.8.0...v5.8.1
v5.8.0Compare Source
🪄 Improvements
react-jsx/no-children-prop,react-jsx/no-children-prop-with-children: Added support forcreateElementcalls in addition to JSX elements (#1780).📝 Documentation
eslint-plugin-perfectionistto the third-party plugins documentation page (#1778).🏗️ Internal
import-integrity-lintto 1.0.1.typescript-eslintandimport-integrity-lintin the workspace (#1776).minimumReleaseAgeto 3 days and updated lockfile (#1779)..reposdirectory references from config files (#1773).create-spec-alignment-issues.sh,migrate-labels.sh) (#1777).eslint-plugin-fast-importwithimport-integrity-lint(#1774).Full Changelog: Rel1cx/eslint-react@v5.7.10...v5.8.0
v5.7.10🐞 Fixes
react-x/no-leaked-conditional-rendering,react-x/set-state-in-effect: Added cycle detection to prevent stack overflow in recursive function analysis (#1769).📝 Documentation
third-party-plugins.mdxdocumentation page.react-x/globalsrule.🏗️ Internal
react-x/error-boundaries: SimplifiedgetEnclosingTryBlockimplementation.minimumReleaseAgeandminimumReleaseAgeExcludeentries topnpm-workspace.yaml.fumadocs-coreandfumadocs-uito 16.8.11.facebook/reactas git subtree under.repos" in v5.7.9 (re-released as v5.7.10, closes #1772).Full Changelog: Rel1cx/eslint-react@v5.7.8...v5.7.10
v5.7.8Compare Source
🐞 Fixes
react-x/no-missing-key: Fixed the rule not detectingConditionalExpression/LogicalExpressionreturned from block-bodied.map/Array.fromcallbacks. The rule now reports both branches when both lack akey, instead of only the first (#1767, #1766).📝 Documentation
[NEEDS VERIFICATION]markers to spec diffs for React Compiler aligned rules.Hintcomponent to the website and used it on the home page.🏗️ Internal
@effect/language-serviceto 0.86.0.dompurifyto 3.4.3.fumadocs-mdxto 15.0.4 and related dependencies.pnpmfrom 11.1.0 to 11.1.1.experimental.useFlatConfigfrom Zed settings.dprint.json.TanStack/query (@tanstack/react-query)
v5.100.11Patch Changes
TanStack/query (@tanstack/react-query-devtools)
v5.100.11Patch Changes
vitejs/vite-plugin-react (@vitejs/plugin-react)
v6.0.2Compare Source
Allow all options in reactCompilerPreset (#1189)
This is a type only change. Only
compilationModeandtargetoptions were available forreactCompilerPreset.eslint/eslint (eslint)
v10.4.0Compare Source
webpro-nl/knip (knip)
v6.14.1: Release 6.14.1Compare Source
e1c1b17) - thanks @jinhyuk9714!9dae641)919cba2)v6.14.0: Release 6.14.0Compare Source
d654ec7)e7122a1)2308b5a)6c34287)eee3b89)7ffdc2f)64e5072)0987421)bebe750)77efb32)38d91b6)9149437)a661a21)c11d62f)d4b59d8)694dbf4)6f12997)f21a587)8db5346)662ceaf)nrwl/nx (nx)
v22.7.2Compare Source
22.7.2 (2026-05-14)
🚀 Features
🩹 Fixes
nx mcpto run outside of an Nx workspace (#35655)❤️ Thank You
pnpm/pnpm (pnpm)
v11.1.3Compare Source
Patch Changes
pnpm installnow re-validatespnpm-lock.yamlentries against the activeminimumReleaseAgeandtrustPolicy: 'no-downgrade'policies before any tarball is fetched. Lockfiles resolved elsewhere (committed to the repo, restored from a CI cache, produced by an older pnpm) under a weaker or absent policy can no longer install a freshly-published or trust-downgraded version silently. Violating entries abort the install withERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION,ERR_PNPM_TRUST_DOWNGRADE, or the genericERR_PNPM_LOCKFILE_RESOLUTION_VERIFICATIONwhen both policies trip in the same batch;minimumReleaseAgeExcludeandtrustPolicyExcludeare honored. Verification results are cached so repeat installs against an unchanged lockfile take a fast path, and pnpm shows a transient progress line while the registry round-trip runs.When fresh resolution picks an immature version, the behavior depends on
minimumReleaseAgeStrict:minimumReleaseAgekeeps its built-in 24-hour value — auto-adds the immature picks tominimumReleaseAgeExcludeinpnpm-workspace.yamland lets the install proceed. A single info message lists what was persisted.minimumReleaseAgeExcludeand the install continues; declining aborts before the lockfile,package.json, ornode_modulesis touched.ERR_PNPM_NO_MATURE_MATCHING_VERSIONlisting every offending entry, instead of failing on the first one the resolver hit.minimumReleaseAgeStrictauto-enables whenever the user explicitly setsminimumReleaseAge(CLI flag, env var, globalconfig.yaml, orpnpm-workspace.yaml); setminimumReleaseAgeStrict: falseto keep loose-mode auto-collect even with an explicitminimumReleaseAgevalue. Closes #10438, #10488, #11687.Allow redundant trailing base64 padding in
.npmrcauth values and report invalid auth base64 with a pnpm error.Make
pnpm self-updaterespectminimumReleaseAge(andminimumReleaseAgeExclude) when resolving which pnpm version to install.When the
latestdist-tag points to a version newer than the configured age threshold,self-updatenow selects the newest mature version instead unless excluded byminimumReleaseAgeExclude.Also makes
dlxandoutdatedsurface invalidminimumReleaseAgeExcludepatterns under the sameERR_PNPM_INVALID_MINIMUM_RELEASE_AGE_EXCLUDEerror code already used byinstall, instead of leaking the internalERR_PNPM_INVALID_VERSION_UNION/ERR_PNPM_NAME_PATTERN_IN_VERSION_UNIONcodes.Global installs respect global config build policy (e.g.,
dangerouslyAllowAllBuildsfrom config.yaml) when GVS is enabled #9249.The global virtual-store (GVS) default
allowBuilds = {}was applied before workspace manifest settings were read and before global config values (stripped byextractAndRemoveDependencyBuildOptions) were re-applied viaglobalDepsBuildConfig. This causedhasDependencyBuildOptionsto returntrue(because{}is not null), blocking restoration of global config values likedangerouslyAllowAllBuilds. As a result, global installs skipped all build scripts even when the config explicitly allowed them.This fix moves the GVS default to after workspace manifest reading and
globalDepsBuildConfigre-application, so that:allowBuildstakes precedence (if present)dangerouslyAllowAllBuildsis properly restored (if set and no workspace policy exists){}is only applied as a last resort when no policy is configured anywhereHonor
--silentwhenverifyDepsBeforeRun: installauto-installs dependencies beforepnpm runorpnpm exec, preventing install output from being written to stdout #11636.Fix lockfile parsing failures when
pnpm-lock.yamlcontains CRLF line endings and multiple YAML documents #11612.Anchor the side-effects-cache key and global-virtual-store hash to the project's script-runner Node —
engines.runtimepin when present, shellnodeotherwise — instead of pnpm's own runtime.ENGINE_NAME(the<platform>;<arch>;node<major>prefix used as the side-effects-cache key and the engine portion of the GVS hash) was computed fromprocess.version— the Node that runs pnpm itself. That was wrong in two situations:@pnpm/exeSEA bundle. The bundle has its own embedded Node, not thenodeon the user'sPATHthat actually spawns lifecycle scripts. Two pnpm installations on the same machine (one SEA, one npm-package) therefore disagreed on the cache key, partitioning the side-effects cache and the global virtual store across two Node majors even though both installs would run scripts on the same shellnode.engines.runtime/devEngines.runtimepin. When a project pins a Node version viadevEngines.runtime(pnpm v11+), pnpm downloads that Node intonode_modules/node/and uses it to run lifecycle scripts. But the hash still anchored to whichever Node ran pnpm itself, not to the pinned Node — so two installs of the same project with two different runner Nodes would still disagree on the GVS slot path even though scripts run on the same pinned Node.Three changes:
@pnpm/engine.runtime.system-node-versionnow exportsengineName(nodeVersion?). Resolves the version in this order: explicit override →getSystemNodeVersion()(which already prefersnode --versionoverprocess.versionin SEA contexts) →process.version.@pnpm/deps.graph-hashernow exportsfindRuntimeNodeVersion(snapshotKeys)— scans an iterable of lockfile snapshot keys for anode@runtime:<version>entry and returns its bare version string.calcDepStateandcalcGraphNodeHash/iterateHashedGraphNodesaccept anodeVersion?(in the options bag for the first, as a trailing parameter / ctx field for the others), forwarded toengineName(). The default (no override) preserves the pre-change behaviour. The legacyENGINE_NAMEconstant in@pnpm/constantsis unchanged so external consumers and existing tests keep working; in non-SEA, non-pinned contexts every value lines up.@pnpm/installing.deps-resolver,@pnpm/installing.deps-restorer,@pnpm/installing.deps-installer,@pnpm/building.during-install,@pnpm/building.after-install,@pnpm/deps.graph-builder) now derives the project's pinned runtime viafindRuntimeNodeVersion(Object.keys(graph))once per invocation and threads it through.On upgrade, two one-time GVS slot churns are possible:
node26) now hash under the shell-Node major (e.g.node24), matching what pacquet, the npm-publishedpnpmpackage, and any other pnpm-compatible tool already produce.devEngines.runtimepin: slots that previously hashed under the runner's Node major now hash under the pinned Node major, matching what the lifecycle scripts will actually run on.In both cases the old slots become prune-eligible.
Resolve the GVS hash's engine portion per-snapshot when a dependency declares its own
engines.runtime, instead of using an install-wide value.Pnpm's resolver desugars a dep's
engines.runtimeintodependencies.node: 'runtime:<version>', and the bin linker spawns that dep's lifecycle scripts through the pinned Node downloaded into<pkgDir>/node_modules/node/. The GVS hash and the side-effects-cache key prefix were still anchored to the install-wide runtime — so a pinning snapshot's slot encoded the wrong Node major, and a reinstall on the same host could read the cached side-effects under a key whose<platform>;<arch>;node<major>triple disagreed with the Node the build actually ran on.Per-snapshot resolution now matches what
bins/linkeralready does on a per-package basis:@pnpm/deps.graph-hasheraddsreadSnapshotRuntimePin(children)— reads thenodeentry from one snapshot's graph children and extracts the version from anode@runtime:value. Pairs with the existingfindRuntimeNodeVersion(snapshotKeys)install-wide fallback (also now exported from@pnpm/deps.graph-hasherrather than@pnpm/engine.runtime.system-node-version, where it was a poor fit —system-node-versionis about probing the host Node, not parsing lockfile-derived strings).calcDepStateandcalcGraphNodeHashconsultreadSnapshotRuntimePin(graph[depPath].children)first and only fall back to the install-widenodeVersionparameter when the snapshot doesn't pin its own Node.Pacquet mirrors the same precedence at the
calc_graph_node_hashcall site inpackage-manager/src/virtual_store_layout.rs— a newfind_own_runtime_node_major(snapshot)helper reads each snapshot'sdependenciesfor anodeentry withPrefix::Runtimeand overrides the install-wide engine when present.On upgrade, snapshots of dependencies that declare their own
engines.runtimere-hash under that dep's pinned Node instead of the install-wide value. The old slots become prune-eligible. Closes #11690.Fixed
pnpm publishfailing with a 404 when authentication relied on OIDC trusted publishing alongside an.npmrcwritten byactions/setup-node(_authToken=${NODE_AUTH_TOKEN}) withoutNODE_AUTH_TOKENbeing set. Unresolved${VAR}placeholders in auth values are now treated as empty rather than passed through verbatim, so the literal placeholder no longer surfaces as a bearer token when OIDC fallback is the intended auth source #11513.Fix
devEngines.packageManager(singular form, withoutonFail) defaulting toonFail: "error"instead of the documentedpmOnFail: "download". As a result, a project that pinned a different pnpm version viadevEngines.packageManagerand ranpnpm installfrom a mismatched pnpm version failed with a hard error, even though the migration table frommanagePackageManagerVersions: truetopmOnFail: download (default)promises the install would auto-download the wanted version #11676.The array form of
devEngines.packageManagerkeeps its existing per-element defaults (errorfor the last entry,ignorefor the rest), since those reflect explicit prioritization by the user. ExplicitonFailvalues continue to win.Fix
devEngines.packageManagernot writingpackageManagerDependenciestopnpm-lock.yamlwhen the lockfile lacks an env-doc entry. Previously the lockfile sync skipped resolution unless an existingpackageManagerDependencies.pnpmentry needed refreshing, so a fresh install withoutonFail: "download"left the resolved pnpm version unrecorded — contradicting the documented behavior that the resolved version is stored inpnpm-lock.yaml#11674.Warn when
package.jsoncontains a legacypnpmfield with settings pnpm no longer reads frompackage.json(e.g.pnpm.overrides,pnpm.patchedDependencies). Previously these were silently ignored after the upgrade from v10, leaving users unaware that their overrides/patched dependencies had stopped taking effect #11677.v11.1.2Compare Source
Patch Changes
convertEnginesRuntimeToDependencies: switch the runtime-dependency write toObject.definePropertyso the CodeQLjs/prototype-polluting-assignmentrule treats the assignment as safe regardless of the property name (follow-up to #11609).Address CodeQL static-analysis findings: guard manifest dependency writes against prototype-polluting keys (
__proto__,constructor,prototype), and replace a potentially super-linear semver-detection regex in registry 404 hints with an O(n) parser.Strip
sec-fetch-*headers from outgoing HTTP requests. These headers are automatically added by undici'sfetch()implementation per the Fetch spec but cause Azure DevOps Artifacts to return HTTP 400 for uncached upstream packages, as ADO interprets them as browser requests #11572.Fix
minimumReleaseAgehandling for cached abbreviated metadata.The version-spec cache fast path no longer rethrows
ERR_PNPM_MISSING_TIMEunderstrictPublishedByCheck; it now falls through to the registry-fetch path, consistent with the adjacent mtime-gated cache block.When the registry returns 304 Not Modified for a package whose cached metadata is abbreviated (no per-version
time), pnpm now re-fetches withfullMetadata: trueifminimumReleaseAgeis active and the package was modified after the cutoff. The upgraded metadata is persisted to disk so subsequent installs don't repeat the fetch. Previously the abbreviated meta was used as-is and the maturity check fell back to its warn-and-skip path, silently bypassing the quarantine and emitting a misleading "metadata is missing the time field" warning.Closes #11619.
Fix
pnpm upgrade --interactive --latest -rnot respecting named catalog groups. Previously, upgrading a dependency using a named catalog (e.g."catalog:foo") would incorrectly rewritepackage.jsonto"catalog:"and place the updated version in the default catalog instead of the named one #10115.Fixed
optimisticRepeatInstallskippingpnpm-lock.yamlmerge conflict resolution when the existingnode_modulesstate appears up to date.Fix
minimumReleaseAge/resolutionMode: time-basedinstalls failing on lockfiles whosetime:block is missing entries. The npm-resolver's peek-from-store fast path now surfacespublishedAtfrom the lockfile rather than discarding it, and falls through to a registry metadata fetch when the time-based cutoff can't be computed from the data on hand.preactjs/preact (preact)
v10.29.2Compare Source
Fixes
Maintenance
vitejs/vite (vite)
v8.0.14Compare Source
Features
Bug Fixes
Miscellaneous Chores
Code Refactoring
Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.