Skip to content

Use shared Renovate preset#278

Merged
dcroote merged 5 commits intomainfrom
standardize-renovate
Jan 9, 2026
Merged

Use shared Renovate preset#278
dcroote merged 5 commits intomainfrom
standardize-renovate

Conversation

@dcroote
Copy link
Contributor

@dcroote dcroote commented Jan 8, 2026

@dcroote dcroote requested a review from mcoetzee January 8, 2026 03:07
@dcroote dcroote self-assigned this Jan 8, 2026
mcoetzee
mcoetzee requested changes Jan 8, 2026
View reviewed changes
Copy link
Contributor

@mcoetzee mcoetzee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want to upgrade pnpm to v10 along with using the shared Renovate preset. pnpm v10 helps to prevent supply chain attacks. To do that we'll need to update package.json:

  "packageManager": "pnpm@10.26.2",
  "engines": {
    "pnpm": "^10.26.2"
  },

and to add a pnpm-workspace.yaml:

# See: https://pnpm.io/supply-chain-security
blockExoticSubdeps: true
minimumReleaseAge: 20160 # 14 days (keep in sync with Renovate config)

dcroote
dcroote commented Jan 8, 2026
View reviewed changes
package.json Outdated
Comment on lines +16 to +18
"engines": {
"pnpm": "^10.26.2"
},
Copy link
Contributor Author

@dcroote dcroote Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added, but I think engines will cause a problem for Airnode. Is there a strong reason it's needed here?

Copy link
Contributor

@mcoetzee mcoetzee Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm good point 👍. Seeing as this package.json gets published to NPM it probably doesn't make sense to set the "pnpm" version like this. I think lets remove it.

FYI it's mostly a sanity check for non-corepack users/contributors of a repo. E.g. if someone wants to contribute to the repo but isn't using a pnpm version that falls into this range, then pnpm install would fail.

@dcroote dcroote requested a review from mcoetzee January 9, 2026 17:05
mcoetzee
mcoetzee approved these changes Jan 9, 2026
View reviewed changes
Copy link
Contributor

@mcoetzee mcoetzee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🥂

@dcroote dcroote merged commit d416fcf into main Jan 9, 2026
3 checks passed
@dcroote dcroote deleted the standardize-renovate branch January 9, 2026 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcoetzee mcoetzee mcoetzee approved these changes

Assignees

@dcroote dcroote

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dcroote @mcoetzee