Skip to content

chore: pin pnpm to 11.1.0 + 7-day minimumReleaseAge#165

Merged
tirumerla merged 3 commits into
mainfrom
chore/pnpm11-min-release-age
May 15, 2026
Merged

chore: pin pnpm to 11.1.0 + 7-day minimumReleaseAge#165
tirumerla merged 3 commits into
mainfrom
chore/pnpm11-min-release-age

Conversation

@tirumerla
Copy link
Copy Markdown
Collaborator

@tirumerla tirumerla commented May 12, 2026
edited
Loading

Summary

  • Pins packageManager: pnpm@11.1.0 (latest)
  • Adds engines.pnpm: ">=11"
  • Adds pnpm.minimumReleaseAge: 10080 (= 7 days, in minutes)
  • Adds pnpm.minimumReleaseAgeExclude: ["@openzeppelin/*"]

First-party @openzeppelin/* packages are excluded so internal releases continue to install immediately.

Test plan

  • CI passes with the new lockfile
  • pnpm install works locally on a fresh clone
  • No transitive resolution drift introduced by the pnpm 10 → 11 bump

@tirumerla
chore: pin pnpm to 11.1.0 and enforce 7-day minimum release age
901f538 
- packageManager: pnpm@11.1.0
- engines.pnpm: >=11
- pnpm.minimumReleaseAge: 10080 (7 days, in minutes)
- pnpm.minimumReleaseAgeExclude: ["@openzeppelin/*"]

Adopts the supply-chain hardening recommendation from the recent npm
ecosystem incidents — packages must be at least 7 days old before pnpm
will install them. First-party @OpenZeppelin packages are excluded so
internal releases can be consumed immediately.
@tirumerla tirumerla requested a review from stevep0z as a code owner May 12, 2026 08:15
@netlify
Copy link
Copy Markdown

netlify Bot commented May 12, 2026
edited
Loading

Deploy Preview for openzeppelin-docs-v2 ready!

Name Link
🔨 Latest commit beacb13
🔍 Latest deploy log https://app.netlify.com/projects/openzeppelin-docs-v2/deploys/6a0633070db0570008c5d4c9
😎 Deploy Preview https://deploy-preview-165--openzeppelin-docs-v2.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

tirumerla added 2 commits May 14, 2026 13:38
@tirumerla
Merge remote-tracking branch 'origin/main' into chore/pnpm11-min-rele…
a7f4e5c 
…ase-age

# Conflicts:
#	package.json
@tirumerla
fix(ci): allow build scripts for @tailwindcss/oxide, esbuild, sharp
beacb13 
pnpm 11 default-denies postinstall scripts unless explicitly approved.
The CI install was failing with ERR_PNPM_IGNORED_BUILDS for these three
packages, blocking the Lint and Format Check job from ever running.

Filled in pnpm-workspace.yaml's allowBuilds map via pnpm approve-builds
to unblock CI.
@tirumerla tirumerla requested review from ericglau and son-oz May 14, 2026 20:41
@tirumerla tirumerla merged commit 43946e7 into main May 15, 2026
11 checks passed
@tirumerla tirumerla deleted the chore/pnpm11-min-release-age branch May 15, 2026 01:15
@ernestognw ernestognw mentioned this pull request May 15, 2026
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ericglau ericglau ericglau approved these changes

@son-oz son-oz son-oz approved these changes

@stevep0z stevep0z Awaiting requested review from stevep0z stevep0z is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tirumerla @ericglau @son-oz