-
Notifications
You must be signed in to change notification settings - Fork 0
chore: migrate to pnpm 11 via corepack and test Node 22/24/26 #62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -6,7 +6,7 @@ on: | |||||
| types: [released] | ||||||
|
|
||||||
| permissions: | ||||||
| contents: read | ||||||
| contents: read | ||||||
|
|
||||||
| env: | ||||||
| HYPHEN_PUBLIC_API_KEY: ${{ secrets.HYPHEN_PUBLIC_API_KEY }} | ||||||
|
|
@@ -19,18 +19,26 @@ jobs: | |||||
|
|
||||||
| steps: | ||||||
| - uses: actions/checkout@v4 | ||||||
|
|
||||||
| - name: Install pnpm | ||||||
| uses: pnpm/action-setup@v6 | ||||||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 3rd party Github Actions should be pinned - high severity
Suggested change
Reply |
||||||
|
|
||||||
| - name: Use Node.js | ||||||
| uses: actions/setup-node@v4 | ||||||
| with: | ||||||
| node-version: 24 | ||||||
| cache: 'pnpm' | ||||||
|
|
||||||
| - name: Enable Corepack | ||||||
| run: corepack enable | ||||||
|
|
||||||
| - name: Install Dependencies | ||||||
| run: npm install pnpm -g && pnpm install | ||||||
| run: pnpm install | ||||||
|
|
||||||
| - name: Build | ||||||
| - name: Build | ||||||
| run: pnpm build | ||||||
|
|
||||||
| - name: Testing | ||||||
| - name: Testing | ||||||
| run: pnpm test:ci | ||||||
|
|
||||||
| - name: Publish | ||||||
|
|
@@ -39,4 +47,3 @@ jobs: | |||||
| npm publish --ignore-scripts --access public | ||||||
| env: | ||||||
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | ||||||
|
|
||||||
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -21,21 +21,28 @@ jobs: | |||||
|
|
||||||
| strategy: | ||||||
| matrix: | ||||||
| node-version: ['22', '24'] | ||||||
| node-version: ['22', '24', '26'] | ||||||
|
|
||||||
| steps: | ||||||
| - uses: actions/checkout@v4 | ||||||
|
|
||||||
| - name: Install pnpm | ||||||
| uses: pnpm/action-setup@v6 | ||||||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 3rd party Github Actions should be pinned - high severity
Suggested change
Reply |
||||||
|
|
||||||
| - name: Use Node.js ${{ matrix.node-version }} | ||||||
| uses: actions/setup-node@v4 | ||||||
| with: | ||||||
| node-version: ${{ matrix.node-version }} | ||||||
| cache: 'pnpm' | ||||||
|
|
||||||
| - name: Enable Corepack | ||||||
| run: corepack enable | ||||||
|
|
||||||
| - name: Install Dependencies | ||||||
| run: npm install pnpm -g && pnpm install | ||||||
| run: pnpm install | ||||||
|
|
||||||
| - name: Build | ||||||
| - name: Build | ||||||
| run: pnpm build | ||||||
|
|
||||||
| - name: Testing | ||||||
| - name: Testing | ||||||
| run: pnpm test:ci | ||||||
|
|
||||||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -54,5 +54,6 @@ | |
| ], | ||
| "dependencies": { | ||
| "hookified": "^2.1.1" | ||
| } | ||
| }, | ||
| "packageManager": "pnpm@11.8.0+sha512.c1f5e7c4cb241c8f174b743851d82f42b802324afc8b0f116b96adb15aa06664948dde36960a3ba1079ba5b4b29dd0140135b94b5b5f5263592249d68e555f26" | ||
|
Comment on lines
55
to
+58
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. To correctly configure allowed builds in pnpm 11, define "dependencies": {
"hookified": "^2.1.1"
},
"pnpm": {
"allowBuilds": [
"@swc/core",
"esbuild",
"unrs-resolver"
]
},
"packageManager": "pnpm@11.8.0+sha512.c1f5e7c4cb241c8f174b743851d82f42b802324afc8b0f116b96adb15aa06664948dde36960a3ba1079ba5b4b29dd0140135b94b5b5f5263592249d68e555f26" |
||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| allowBuilds: | ||
| '@swc/core': true | ||
| esbuild: true | ||
| unrs-resolver: true | ||
| minimumReleaseAge: 2880 | ||
|
Comment on lines
+1
to
5
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In pnpm, configuration options like Additionally, in pnpm 11, These configurations should be moved to the root minimumReleaseAge: 2880 |
||
| onlyBuiltDependencies: | ||
| - '@swc/core' | ||
| - esbuild | ||
| - unrs-resolver | ||
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
3rd party Github Actions should be pinned - high severity
A third-party GitHub Action was imported, and is not pinned via a hash. This leaves your CI/CD at risk for potential supply chain attacks, if the affected GitHub Action is compromised.
Reply
@AikidoSec ignore: [REASON]to ignore this issue.More info