Skip to content

Align pnpm patch version to 8.15.9 across ci.yml and package.json#34

Open
toon-backlog-bot[bot] wants to merge 1 commit into
mainfrom
agent/31-align-pnpm-version
Open

Align pnpm patch version to 8.15.9 across ci.yml and package.json#34
toon-backlog-bot[bot] wants to merge 1 commit into
mainfrom
agent/31-align-pnpm-version

Conversation

@toon-backlog-bot

Copy link
Copy Markdown
Contributor

Closes #31

Summary

  • .github/workflows/ci.yml: bump the build job's pnpm/action-setup@v4 version from 8.15.0 to 8.15.9.
  • package.json: bump root packageManager from pnpm@8.15.0 to pnpm@8.15.9.
  • Added an empty changeset (.changeset/issue-31-align-pnpm-version.md) since this is CI/tooling metadata, not a code change to a published package.

This aligns both with devbox.json's pnpm_8 pin at 8.15.9 (fixed for the devbox shell in #25), so the non-devbox CI build job now resolves the same pnpm patch version as devbox shell and every contributor's pinned toolchain.

Deviation from Agent Assessment

The issue's evidence/scope only lists ci.yml and package.json. While implementing, I noticed .github/workflows/release.yml:26 has the identical pnpm/action-setup@v4 version: 8.15.0 drift. I deliberately did not touch release.yml here — it's part of the npm-publish pipeline, which is called out as sensitive in this repo's CLAUDE.md, and it wasn't in the issue's stated scope/acceptance criteria. Flagging it here as a candidate for a follow-up issue rather than expanding this PR's scope unilaterally.

Verification

  • devbox was not available in this execution environment, so verification ran directly via corepack prepare pnpm@8.15.9 --activate (matching the new pin) instead of devbox run:
    • grep -n "version: 8.15.9" .github/workflows/ci.yml
    • grep -n '"packageManager": "pnpm@8.15.9"' package.json
    • pnpm install --no-frozen-lockfile (pre-existing, unrelated lockfile/specifier drift in packages/swap/package.json vs pnpm-lock.yaml required --no-frozen-lockfile; confirmed this drift pre-exists on main and is out of scope for this issue — left pnpm-lock.yaml untouched in the final diff)
    • pnpm -r build
    • pnpm -r test ✅ (130 passed, 2 skipped)
    • pnpm lint ✅ (0 errors, pre-existing warnings only)
  • CI's build and devbox-validate jobs will run on this PR.

🤖 Generated with Claude Code

CI's build job and package.json's packageManager field still pinned
pnpm@8.15.0, while devbox.json (fixed in #25) resolves to pnpm_8@8.15.9.
Aligns both to the devbox-resolved version so every contributor and CI
job build with the same pnpm patch version.

Closes #31

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>

@ALLiDoizCode ALLiDoizCode left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed: diff exactly matches issue #31's stated scope (ci.yml build job + package.json packageManager, both 8.15.0 → 8.15.9), plus a correctly-formatted empty changeset for this tooling-only change. Verified devbox-validate's version assertion uses a loose ^8\.15\. regex so it doesn't need touching, and confirmed release.yml's separate 8.15.0 pin (correctly left out per PR body — sensitive publish pipeline, out of scope for #31) is the only other drift. Title/body accurately describe the diff. No code, security, or standards issues found. Approving.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Align pnpm patch version across ci.yml, package.json, and devbox.json (8.15.0 vs 8.15.9 drift)

1 participant