Skip to content

Upgrade pnpm 9 to 10 and tighten Node.js engine requirement#1274

Merged
obiot merged 1 commit intomasterfrom
chore/pnpm-and-node-engines
Mar 18, 2026
Merged

Upgrade pnpm 9 to 10 and tighten Node.js engine requirement#1274
obiot merged 1 commit intomasterfrom
chore/pnpm-and-node-engines

Conversation

@obiot
Copy link
Member

@obiot obiot commented Mar 18, 2026

Summary

  • pnpm 9.5.0 → 10.32.1 (faster installs via MessagePack, improved security)
  • Node.js engines tightened to ^20.19.0 || >=22.12.0 (matching Vite 8 requirement)
  • Added pnpm.onlyBuiltDependencies allowlist for packages with postinstall scripts (pnpm 10 blocks them by default)

Test plan

  • All 1301 tests pass
  • All packages build
  • Clean install works with pnpm 10

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings March 18, 2026 12:02
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Upgrades the monorepo tooling baseline to pnpm 10 and tightens Node.js engine requirements to align with Vite 8’s supported Node versions, while updating the lockfile accordingly.

Changes:

  • Bumped root packageManager to pnpm@10.32.1 and tightened engines.node to ^20.19.0 || >=22.12.0.
  • Added pnpm.onlyBuiltDependencies allowlist to permit required dependency build/postinstall steps under pnpm 10.
  • Refreshed pnpm-lock.yaml to reflect updated resolution graph (including vitest 4.1.0 and related transitive updates).

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File Description
pnpm-lock.yaml Updated lockfile for pnpm 10 install/resolution output and refreshed dependency versions.
packages/melonjs/package.json Tightened Node engine requirement for the melonjs package.
package.json Set pnpm 10 as the package manager, tightened Node engine requirement, and configured onlyBuiltDependencies.
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

package.json
Comment on lines 5 to 7
"engines": {
"node": ">= 20"
"node": "^20.19.0 || >=22.12.0"
},
packages/melonjs/package.json
Comment on lines 40 to 42
"engines": {
"node": ">= 20"
"node": "^20.19.0 || >=22.12.0"
},
@obiot @claude
Upgrade pnpm 9 to 10 and tighten Node.js engine requirement
115bea4 
- pnpm 9.5.0 → 10.32.1
- Node.js engines tightened to ^20.19.0 || >=22.12.0 (matching Vite 8)
- Added pnpm.onlyBuiltDependencies for packages with postinstall scripts
  (core-js, esbuild, lefthook, playwright) — pnpm 10 blocks lifecycle
  scripts by default for security

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@obiot obiot force-pushed the chore/pnpm-and-node-engines branch from b117d6e to 115bea4 Compare March 18, 2026 12:11
@obiot obiot merged commit 67dc9e3 into master Mar 18, 2026
8 checks passed
@obiot obiot deleted the chore/pnpm-and-node-engines branch March 18, 2026 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@obiot