dependabot[bot]
28daa2cb2e
build(deps): bump the github-actions group across 1 directory with 4 updates ( #10833 )
...
Bumps the github-actions group with 4 updates in the / directory: [actions/upload-artifact](https://github.com/actions/upload-artifact ), [actions/download-artifact](https://github.com/actions/download-artifact ), [github/codeql-action](https://github.com/github/codeql-action ) and [cbrgm/mastodon-github-action](https://github.com/cbrgm/mastodon-github-action ).
Updates `actions/upload-artifact` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaahttps://github.com/actions/download-artifact/releases )
- [Commits](37930b1c2a...70fc10c6e5https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](19b2f06db2...c793b717bchttps://github.com/cbrgm/mastodon-github-action/releases )
- [Commits](3ebdc72dcd...fc8b40e2ecsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 23:53:39 +01:00
Zoltan Kochan
4793a9380a
ci: run benchmarks on node.js 25
2026-03-02 17:10:46 +01:00
Zoltan Kochan
8ab576281d
ci: don't install npm separately from node
2026-03-01 20:36:28 +01:00
btea
107b34f241
ci: skip update-lockfile on forks ( #10686 )
...
* ci: skip update-lockfile on forks
* Update .github/workflows/update-lockfile.yml
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-02-25 10:26:24 +01:00
Zoltan Kochan
6e14ecbc91
chore: use standalone pnpm and bump packageManager to 11.0.0-alpha.10
...
Switch CI workflows to use standalone pnpm installation and update
the packageManager field to match the latest alpha release.
2026-02-23 16:32:02 +01:00
Zoltan Kochan
44d1f0b226
fix(link-bins): hardlink node.exe on Windows instead of creating a cmd-shim ( #10679 )
...
Third-party cmd shims (e.g., npm's rimraf.cmd) call node.exe from
within IF/ELSE blocks in batch files. When node resolves to node.cmd
instead of node.exe, Windows batch file chaining breaks with
"The system cannot find the path specified."
On Windows, hardlink node.exe directly into the bin directory.
On non-Windows, symlink the node binary directly.
2026-02-23 16:23:00 +01:00
Zoltan Kochan
dfd5fe7387
chore: use standalone pnpm and bump packageManager to 11.0.0-alpha.9
...
Switch CI workflows to use standalone pnpm installation and update
the packageManager field to match the latest alpha release.
2026-02-23 14:32:38 +01:00
Zoltan Kochan
997d3c6736
ci: add npm version check and comment explaining npm dependency
2026-02-23 13:48:53 +01:00
Zoltan Kochan
1b435ff3db
revert: "chore: use standalone pnpm and bump packageManager to 11.0.0-alpha.8"
...
This reverts commit db80d17401
2026-02-23 13:21:14 +01:00
Zoltan Kochan
db80d17401
chore: use standalone pnpm and bump packageManager to 11.0.0-alpha.8
...
Switch CI workflows to use standalone pnpm installation and update
the packageManager field to match the latest alpha release.
2026-02-23 04:28:41 +01:00
Zoltan Kochan
1549743b36
revert: "chore: use standalone pnpm and bump packageManager to 11.0.0-alpha.7"
...
This reverts commit fd739d41fe
2026-02-23 00:02:09 +01:00
Zoltan Kochan
fd739d41fe
chore: use standalone pnpm and bump packageManager to 11.0.0-alpha.7
...
Switch CI workflows to use standalone pnpm installation and update
the packageManager field to match the latest alpha release.
2026-02-22 23:36:05 +01:00
Zoltan Kochan
f54347e415
feat: replace pkg with Node.js SEA for standalone executables ( #10661 )
...
* feat: switch from pkg to Node.js SEA for creating standalone executables
Replace @yao-pkg/pkg with Node.js native Single Executable Applications
(--build-sea, Node.js 25.5+). The SEA binary embeds only pnpm.cjs (CJS
bootstrap), while pnpm.mjs and all assets live in a dist/ directory
shipped alongside the binary in platform-specific tarballs.
* refactor: move dist/ from platform packages to @pnpm/exe
The dist/ directory (pnpm.mjs, worker.js, templates, etc.) is identical
across all platforms, so ship it once in @pnpm/exe instead of duplicating
it in each platform package. Platform packages now only contain the
binary. The self-updater installs @pnpm/exe (not the platform package)
so it gets both dist/ and the binary via optionalDependencies.
* refactor: externalize @reflink/reflink in esbuild bundle
Make @reflink/reflink external in both the main and worker esbuild
bundles so the require() calls resolve at runtime from dist/node_modules
instead of being inlined. Add @reflink/reflink as a production dependency
of both pnpm (bundled into dist/node_modules by bundle-deps.ts) and
@pnpm/exe (installed by npm alongside the binary).
For GitHub release tarballs, only the target platform's reflink package
is kept. For @pnpm/exe npm publishing, all reflink platform packages
are stripped from dist/ since npm installs the right one automatically.
* chore: update cspell list
* test: update system-node-version tests for SEA detection
Mock @pnpm/cli-meta's detectIfCurrentPkgIsExecutable instead of
setting process.pkg, which is no longer used for SEA detection.
* test: improve cli-meta test coverage for SEA migration
Add tests for detectIfCurrentPkgIsExecutable() (non-SEA path) and
isExecutedByCorepack() which were previously untested. The SEA=true
path of detectIfCurrentPkgIsExecutable() cannot be unit tested since
node:sea is unavailable in an ESM test environment.
* refactor: move GitHub tarball assembly to copy-artifacts.ts
build-artifacts.ts (prepublishOnly of @pnpm/exe) now only builds the
SEA executables and prepares the exe npm dist/. The per-target dist/
assembly for GitHub release tarballs moves to copy-artifacts.ts, which
is the natural owner of that concern.
Other changes:
- Extract getReflinkKeepPackages/stripReflinkPackages to reflink-utils.ts
with tests using node:test
- Move --force from top-level pnpm install in release.yml to the pnpm
deploy in bundle-deps.ts, where it is actually needed to install all
@reflink/reflink-* platform packages into dist/node_modules
- Change @pnpm/exe prepublishOnly to run pnpm's full prepublishOnly
(compile + bundle-deps) so dist/node_modules is populated before
build-artifacts.ts and copy-artifacts.ts read from pnpm/dist
* fix: copy dist/ alongside binary when running pnpm setup for SEA
When the pnpm CLI is a Node.js SEA binary, it requires a dist/ directory
adjacent to the executable at runtime (containing pnpm.mjs and bundled
node_modules). The copyCli function in plugin-commands-setup now copies
dist/ from alongside the current binary into the tools directory so that
the installed pnpm works correctly after `pnpm setup`.
* fix: avoid argument list too long when creating Windows zip archives
* fix: propagate errors in copy-artifacts script
Previously errors in createArtifactTarball were swallowed, causing the
script to exit 0 even when artifact creation failed. Now errors are
re-thrown with a descriptive message, and the top-level IIFE has a
.catch() handler that sets a non-zero exit code.
* refactor: remove reflink-utils.ts from @pnpm/exe
The stripReflinkPackages call in build-artifacts.ts stripped all platform
packages while keeping @reflink/reflink. Instead, just remove the entire
@reflink directory from dist/ — @pnpm/exe already declares @reflink/reflink
as a runtime dependency, so npm installs it (along with the right platform
package via optionalDependencies) automatically.
This eliminates reflink-utils.ts, its tests, and the code duplication with
copy-artifacts.ts.
2026-02-22 12:45:50 +01:00
Zoltan Kochan
ad07a4c203
ci: consolidate test scope logic into a single step
...
Replaces separate conditional steps with a unified "Determine test scope"
step that selects the test script and a descriptive label. The step name
now shows the scope (all, all — pnpm-workspace.yaml modified, or
affected packages) in the GitHub Actions UI.
2026-02-20 14:28:35 +01:00
Zoltan Kochan
6598867040
ci: run all tests if pnpm-workspace.yaml changes ( #10659 )
2026-02-20 14:15:36 +01:00
Zoltan Kochan
3846366bb0
ci: add job for running benchmarks
2026-02-17 01:47:00 +01:00
Brandon Cheng
1a5b5beea2
build: replace ts-jest with simple transformer ( #10579 )
...
* test: use `import type` in more places
Several tests are failing because a module isn't being mocked. This is
due to the mocked module being imported before the mock being set up.
Switching to `import type` should elide the import fully.
* build: replace ts-jest with simple transformer
* chore: remove `ts-jest`
* chore: remove babel dependencies from root project
* ci: use Node.js 22.13.0 (instead of 22.12.0)
Node.js 22.13.0 introduces the `stripTypeScriptTypes` function
* fix: copilot feedback
2026-02-09 11:35:22 +01:00
Zoltan Kochan
1b4df57a01
feat!: drop Node.js 20 and 21 support ( #10569 )
2026-02-08 19:16:24 +01:00
Zoltan Kochan
23f2ef96d0
ci: update-lockfile branch PR should trigger tests job
...
Added a github token
2026-02-06 01:02:26 +01:00
Zoltan Kochan
f3dc67280d
ci: update-lockfile branch PR should trigger tests job
2026-02-06 00:45:04 +01:00
Zoltan Kochan
587e1939f5
ci: run all tests on the update-lockfile branch
2026-02-06 00:39:56 +01:00
Zoltan Kochan
89bdf4085d
ci: update lockfile job
2026-02-06 00:32:21 +01:00
dependabot[bot]
cda7187dbd
chore(deps): bump the github-actions group across 1 directory with 5 updates ( #10518 )
...
Bumps the github-actions group with 5 updates in the / directory:
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-26 15:06:30 +01:00
dependabot[bot]
7ddc81b3f9
chore(deps): bump cbrgm/mastodon-github-action ( #10410 )
...
Bumps the github-actions group with 1 update: [cbrgm/mastodon-github-action](https://github.com/cbrgm/mastodon-github-action ).
Updates `cbrgm/mastodon-github-action` from 2.1.22 to 2.1.23
- [Release notes](https://github.com/cbrgm/mastodon-github-action/releases )
- [Commits](771a360594...3ebdc72dcdsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-17 02:01:00 +01:00
Zoltan Kochan
aef6c318a9
ci: compile pnpm only once then download it for testing ( #10453 )
2026-01-13 23:34:37 +01:00
Zoltan Kochan
55c5432eab
ci: increase timeout for pnpm install step
2025-12-22 16:11:48 +01:00
dependabot[bot]
226e22392b
chore(deps): bump github/codeql-action in the github-actions group ( #10320 )
...
Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 4.31.7 to 4.31.8
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cf1bb45a27...1b168cd394support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-22 12:24:37 +01:00
dependabot[bot]
b6dc9439ae
chore(deps): bump the github-actions group across 1 directory with 5 updates ( #10291 )
...
Bumps the github-actions group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `6.0.0` | `6.0.1` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `4.31.5` | `4.31.7` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) | `2.4.2` | `2.5.0` |
| [actions/setup-node](https://github.com/actions/setup-node ) | `6.0.0` | `6.1.0` |
| [cbrgm/mastodon-github-action](https://github.com/cbrgm/mastodon-github-action ) | `2.1.21` | `2.1.22` |
Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fdbfb4d275...cf1bb45a27https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](5be0e66d93...a06a81a03ehttps://github.com/actions/setup-node/releases )
- [Commits](2028fbc5c2...395ad32622https://github.com/cbrgm/mastodon-github-action/releases )
- [Commits](96ff691bc4...771a360594support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-08 15:25:20 +01:00
dependabot[bot]
ad0cfad1b8
chore(deps): bump the github-actions group across 1 directory with 2 updates ( #10229 )
...
Bumps the github-actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0499de31b9...fdbfb4d275support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-24 15:02:57 +01:00
Zoltan Kochan
b5722a2b39
ci: increase timeout limits
2025-11-20 16:26:48 +01:00
Zoltan Kochan
404a0793f5
ci: don't use standalone pnpm exe
2025-11-20 15:31:14 +01:00
Zoltan Kochan
c7dd46580e
chore: update pnpm to v11
2025-11-20 15:25:06 +01:00
Zoltan Kochan
d3ce6e8985
ci: run Node.js 24 in the release action
2025-11-13 16:21:52 +01:00
Zoltan Kochan
ec973ea8a2
ci: checkout a known good commit of ldid
2025-11-11 23:09:18 +01:00
dependabot[bot]
d5f736ce56
chore(deps): bump softprops/action-gh-release ( #10165 )
...
Bumps the github-actions group with 1 update: [softprops/action-gh-release](https://github.com/softprops/action-gh-release ).
Updates `softprops/action-gh-release` from 2.4.1 to 2.4.2
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](6da8fa9354...5be0e66d93support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-10 14:18:42 +01:00
dependabot[bot]
5e65855aa8
chore(deps): bump the github-actions group across 1 directory with 2 updates ( #10152 )
...
Bumps the github-actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action ) and [cbrgm/mastodon-github-action](https://github.com/cbrgm/mastodon-github-action ).
Updates `github/codeql-action` from 4.30.9 to 4.31.2
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](16140ae1a1...0499de31b9https://github.com/cbrgm/mastodon-github-action/releases )
- [Commits](92418eedbe...96ff691bc4support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-05 11:48:42 +01:00
Zoltan Kochan
0e738e4e97
ci: run all tests on the main branch
2025-10-28 21:58:50 +01:00
Zoltan Kochan
dab9abef5c
Merge remote-tracking branch 'origin/main' into v11
2025-10-24 14:19:07 +02:00
Zoltan Kochan
d9bcd616ea
chore(release): 10.19.1-oidc-test.3
2025-10-24 01:36:02 +02:00
Zoltan Kochan
ddf6fa4812
ci: remove printing of npm version
2025-10-23 11:59:23 +02:00
Zoltan Kochan
f5b02ff88a
ci: update release.yml
2025-10-23 11:28:11 +02:00
Zoltan Kochan
ac5c335686
chore: update npm in the release workflow
2025-10-23 11:10:44 +02:00
Zoltan Kochan
eb0df0dca1
chore(release): 10.19.1-oidc-test.1
2025-10-23 10:56:22 +02:00
Zoltan Kochan
51119529a2
ci: enable trusted publish
2025-10-23 10:30:03 +02:00
Ryo Matsukawa
5ebc45bcc2
chore: pin actions for security ( #10111 )
2025-10-22 13:36:19 +02:00
dependabot[bot]
a9257e34be
chore(deps): bump actions/setup-node from 5 to 6 in the github-actions group ( #10106 )
...
* chore(deps): bump actions/setup-node in the github-actions group
Bumps the github-actions group with 1 update: [actions/setup-node](https://github.com/actions/setup-node ).
Updates `actions/setup-node` from 5 to 6
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com >
* Apply suggestion from @ryo-manba
Co-authored-by: Ryo Matsukawa <76232929+ryo-manba@users.noreply.github.com >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zoltan Kochan <z@kochan.io >
Co-authored-by: Ryo Matsukawa <76232929+ryo-manba@users.noreply.github.com >
2025-10-21 15:18:13 +02:00
Zoltan Kochan
3321cb05f8
ci: run tests on Node.js 25
2025-10-15 21:52:21 +02:00
dependabot[bot]
f3195f0de8
chore(deps): bump the github-actions group with 2 updates ( #10085 )
...
Bumps the github-actions group with 2 updates: [pnpm/action-setup](https://github.com/pnpm/action-setup ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `pnpm/action-setup` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/pnpm/action-setup/releases )
- [Commits](https://github.com/pnpm/action-setup/compare/v4.1.0...v4.2.0 )
Updates `github/codeql-action` from 3 to 4
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: pnpm/action-setup
dependency-version: 4.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-13 14:15:58 +02:00
Zoltan Kochan
6f861bccaa
Merge remote-tracking branch 'origin/main' into v11
2025-09-12 22:35:14 +02:00
dependabot[bot]
7be9e9d1af
chore(deps): bump actions/setup-node in the github-actions group ( #9951 )
...
Bumps the github-actions group with 1 update: [actions/setup-node](https://github.com/actions/setup-node ).
Updates `actions/setup-node` from 4 to 5
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 15:34:56 +02:00
