Conversation
There was a problem hiding this comment.
Pull request overview
This PR aims to update pnpm to version 10.28.1 and add security settings to the workspace configuration. However, the changes include additional undocumented modifications to the package name and version.
Changes:
- Update pnpm from 10.11.0 to 10.28.1 in packageManager field
- Create pnpm-workspace.yaml with security settings (blockExoticSubdeps, minimumReleaseAge, trustPolicy)
- Change package name from '@saleor/cli' to 'saleor-cli' and version from '0.0.0' to '1.42.1'
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| pnpm-workspace.yaml | Adds new workspace configuration file with security settings |
| package.json | Updates pnpm version, package name, and version number |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| blockExoticSubdeps: true | ||
| minimumReleaseAge: 1440 # 24h | ||
| trustPolicy: no-downgrade |
There was a problem hiding this comment.
The pnpm-workspace.yaml file is missing the required packages field that defines which packages are part of the workspace. Additionally, the security settings blockExoticSubdeps, minimumReleaseAge, and trustPolicy are pnpm configuration options that belong in .npmrc file, not in pnpm-workspace.yaml. The pnpm-workspace.yaml file should only contain workspace package definitions like packages: ['packages/*'].
| blockExoticSubdeps: true | |
| minimumReleaseAge: 1440 # 24h | |
| trustPolicy: no-downgrade | |
| packages: | |
| - "packages/*" |
package.json
Outdated
| "name": "saleor-cli", | ||
| "version": "1.42.1", |
There was a problem hiding this comment.
The PR description mentions updating pnpm settings but doesn't mention the package name change from '@saleor/cli' to 'saleor-cli' and version change from '0.0.0' to '1.42.1'. These changes appear unrelated to the pnpm configuration updates and should either be in a separate PR or documented in the PR description. If these changes are intentional and related, the PR description should be updated to explain them.
| "name": "saleor-cli", | |
| "version": "1.42.1", | |
| "name": "@saleor/cli", | |
| "version": "0.0.0", |
package.json
Outdated
| "name": "@saleor/cli", | ||
| "version": "0.0.0", | ||
| "name": "saleor-cli", | ||
| "version": "1.42.1", |
There was a problem hiding this comment.
this is wrong, IIRC it should be 0.0.0 and on release branches version is set
2 participants
Summary
blockExoticSubdeps: trueminimumReleaseAge: 1440(24h)trustPolicy: no-downgrade