Skip to content

fix: align pnpm version in package.json with README documentation #3214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sahitya-chandra wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: align pnpm version in package.json with README documentation #3214

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,5 @@
"resolutions": {
"chrono-node": "2.7.5"
},
"packageManager": "pnpm@8.6.10"
}
"packageManager": "pnpm@9.15.9"
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify [email protected] existence and stability

# Check if [email protected] is a valid, published version
npm view [email protected] version

# Get release information
npm view [email protected] time

# Check the version is in the normal release line
npm view [email protected] dist-tags

Repository: dubinc/dub

Length of output: 164

🌐 Web query:

pnpm 9.15.9 release version npm

💡 Result:

Yes — pnpm v9.15.9 was released and published to npm. You can install it with:
npm i -g [email protected]. [1][2]

Sources:
[1] pnpm on npm (v9.15.9).
[2] pnpm GitHub releases / changelog (v9.15.9 notes).

🌐 Web query:

pnpm 8.x to 9.x breaking changes migration

💡 Result:

Here’s a concise migration checklist and the main breaking changes when moving from pnpm 8.x → 9.x, with quick remediation steps.

Required prerequisites

  • Use Node ≥ 18.12 (Node 16 support dropped) or install pnpm using the standalone/@pnpm/exe so pnpm supplies its own runtime. [1][2]

Lockfile and workspace

  • Lockfile format bumped (pnpm-lock.yaml version → v9). Old lockfile v5 is no longer supported — if you still have v5, run pnpm v8 to convert before upgrading. Expect the lockfile to be rewritten. [2][9]
  • Default of link-workspace-packages changed (was true → now false). If you rely on implicit workspace package linking, set link-workspace-packages=true in .npmrc or update workspace references to use the workspace: protocol. [9]

Configuration & behavior changes

  • dedupe-injected-deps is enabled by default; behavior of deduplication for injected deps may change dependency layout. [9]
  • hoist-workspace-packages default is true (affects where workspace deps are hoisted). [9]
  • Some dependency-key shortening and peer-resolve optimizations were introduced across 9.x releases (can slightly change resolution; see peers-related fixes and peers-suffix-max-length setting). If you hit huge dependency key errors, adjust peers-suffix-max-length. [3][4]

Lockfile/partial install behavior

  • Partial installs: when installing a subset of workspace projects, pnpm now ensures an up-to-date (non-partial) lockfile is created first. This can change behavior of CI or selective installs. [5]

Other notable items to test

  • License reporting and store validation settings (strict-store-pkg-content-check, license listing tweaks). [4][5]
  • If you use registries or unusual package publishing flows, review new store/package content checks and related config knobs. [5]

Upgrade steps (recommended)

  1. Ensure Node ≥ 18.12 or choose standalone/@pnpm/exe install. [1]
  2. On a branch, run: npm i -g pnpm@9 (or use the standalone installer). [1]
  3. If you have an old lockfile v5: install pnpm v8 and run a conversion (install in a safe branch/CI). [2]
  4. Run a full install for the workspace: pnpm install — this will rewrite the lockfile. Commit pnpm-lock.yaml and any .npmrc changes (e.g., link-workspace-packages). [2][9]
  5. Run your test suite, build, and CI to catch hoisting/resolution regressions; if needed, set link-workspace-packages or adjust package versions/peer deps.

References

  • pnpm 9 installation & docs. [1]
  • pnpm v9 release notes / rc summary (lockfile v9, Node 16 dropped, link-workspace-packages default change, dedupe/hoist defaults). [2]
  • Peer resolution / dependency key / settings notes across 9.x. [3][4][5]

Would you like a short script to detect likely breakages in your repo (check lockfile version, Node engine, workspace linking usage, and peer-dep warnings)?

Verify [email protected] compatibility before merging—significant breaking changes from 8.x.

[email protected] is a valid release, but upgrading from 8.6.10 introduces breaking changes that require thorough testing:

  • Node requirement: Requires Node ≥ 18.12 (Node 16 support dropped)
  • Lockfile format: pnpm-lock.yaml will be rewritten (v5 → v9)
  • Workspace linking: link-workspace-packages default changed from true to false—verify all workspace dependencies still resolve correctly
  • Hoisting defaults: hoist-workspace-packages default is now true—may affect dependency layout
  • Partial installs: Behavior changed for subset installations in CI

Confirm all contributors use Node 18.12+, regenerate and test lockfile, verify monorepo builds successfully, and run full test suite before merging.

}