Renovate bot uses pnpm 9 even when engines config specifies version 8 #28527
Replies: 3 comments 2 replies
-
Hi there, Get your discussion fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible. Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this. Discussions without reproductions are less likely to be converted to Issues. To get started, please read our guide on creating a minimal reproduction. Good luck, The Renovate team |
Beta Was this translation helpful? Give feedback.
-
Please create a reproduction of this per description above and we'll try to get it working soon |
Beta Was this translation helpful? Give feedback.
-
Repository which reproduces the issue: pnpm-lockfile.yaml generated by pnpm 8, which is also specified in PR generated by renovate for dependency: https://github.com/nrkno/pnpm-lockfile-reproduce/pull/3/files which has pnpm-lock.yaml with lockfileversion: 9.0 |
Beta Was this translation helpful? Give feedback.
-
What would you like help with?
I think I found a bug
How are you running Renovate?
Mend Renovate hosted app on github.com
If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.
No response
Please tell us more about your question or problem
Noticed today that mend renovate bot has started creating dependency prs against our javascript repositories using pnpm with lockfile version 9, which was introduced in pnpm 9 (first released 2024-04-16).
Renovate documentation on https://docs.renovatebot.com/node/ specifies that the npm version used in running renovate is either chosen dynamically or, if specified, using the version from the
engines.npm
config. Now, this page does not mention pnpm at all, but I still tried specifying a pnpm version in engines config, to no avail. The PRs are still created with lockfile version (which results in a error likeERR_PNPM_NO_LOCKFILE Cannot install with "frozen-lockfile" because pnpm-lock.yaml is absent
in the build action. This is surprising in itself in a PR that actually modifies pnpm-lock.yaml, but I guess that is pnpm fault :-)Always using the latest version will create situations like this when pnpm change the lockfile format and version.
Is there a way to configure mend renovate bot to use a specific version of pnpm or should the the engines do it, but has a bug at present? According to #12214, engines config should control it.
Logs (if relevant)
Logs
Beta Was this translation helpful? Give feedback.
All reactions