From f48f009d29dc9e57c207d07f4d44017ab141cdc9 Mon Sep 17 00:00:00 2001 From: jdalton Date: Fri, 17 Apr 2026 16:33:38 -0400 Subject: [PATCH 1/3] chore(pnpm): enable strict-peer-dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flips `strict-peer-dependencies` to `true` in .pnpmrc so pnpm surfaces peer dependency mismatches at install time instead of silently letting them through. Verified locally that the current lockfile resolves cleanly with the stricter setting — no fallout to fix. --- .pnpmrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pnpmrc b/.pnpmrc index 41c177acb..a20f9dc29 100644 --- a/.pnpmrc +++ b/.pnpmrc @@ -5,7 +5,7 @@ minimumReleaseAge=10080 auto-install-peers=true # Strict peer dependencies. -strict-peer-dependencies=false +strict-peer-dependencies=true # Save exact versions (like npm --save-exact). save-exact=true \ No newline at end of file From b9fb744c0c6c9d1be102248c5463cf39931321b0 Mon Sep 17 00:00:00 2001 From: jdalton Date: Fri, 17 Apr 2026 16:48:39 -0400 Subject: [PATCH 2/3] fix(pnpm): put strictPeerDependencies in pnpm-workspace.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit pnpm v11 doesn't read .pnpmrc — the comment in this very workspace file spells that out ("Migrated from .npmrc (pnpm v11 only reads auth/registry from .npmrc)"). My earlier flip of strict-peer-dependencies in .pnpmrc was therefore a no-op. Reverts the .pnpmrc change back to false (where it's still harmless, just ignored) and adds `strictPeerDependencies: true` to pnpm-workspace.yaml next to the other migrated settings, which is the location pnpm actually reads. Thanks to Cursor bugbot for catching this. --- .pnpmrc | 2 +- pnpm-workspace.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.pnpmrc b/.pnpmrc index a20f9dc29..41c177acb 100644 --- a/.pnpmrc +++ b/.pnpmrc @@ -5,7 +5,7 @@ minimumReleaseAge=10080 auto-install-peers=true # Strict peer dependencies. -strict-peer-dependencies=true +strict-peer-dependencies=false # Save exact versions (like npm --save-exact). save-exact=true \ No newline at end of file diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index ce38a5e9f..307a7855f 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -153,6 +153,7 @@ catalog: # Migrated from .npmrc (pnpm v11 only reads auth/registry from .npmrc). ignoreScripts: true linkWorkspacePackages: false +strictPeerDependencies: true # Wait 7 days (10080 minutes) before installing newly published packages. minimumReleaseAge: 10080 From 038e0874a971cc698886c0db930f80151e9bf1ec Mon Sep 17 00:00:00 2001 From: jdalton Date: Fri, 17 Apr 2026 16:55:48 -0400 Subject: [PATCH 3/3] chore(pnpm): drop .pnpmrc, move settings to pnpm-workspace.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit pnpm v11 doesn't read .pnpmrc — per the existing comment in pnpm-workspace.yaml, only auth/registry go in .npmrc, everything else reads from the workspace yaml. So every line in .pnpmrc was either ignored or already duplicated in pnpm-workspace.yaml. Changes: * Delete .pnpmrc entirely so nothing in the repo suggests those knobs are live. * Move saveExact: true into pnpm-workspace.yaml (overrides pnpm's default of false and keeps the catalog's pinned-version style). * Drop auto-install-peers=true (matches pnpm v11 default, redundant). * Drop the local minimumReleaseAge=10080 line (already present in pnpm-workspace.yaml alongside minimumReleaseAgeExclude). Net result: one source of truth. Settings in the repo actually do something. --- .pnpmrc | 11 ----------- pnpm-workspace.yaml | 3 ++- 2 files changed, 2 insertions(+), 12 deletions(-) delete mode 100644 .pnpmrc diff --git a/.pnpmrc b/.pnpmrc deleted file mode 100644 index 41c177acb..000000000 --- a/.pnpmrc +++ /dev/null @@ -1,11 +0,0 @@ -# Delayed dependency updates - wait 7 days (10080 minutes) before allowing new packages. -minimumReleaseAge=10080 - -# Auto-install peers. -auto-install-peers=true - -# Strict peer dependencies. -strict-peer-dependencies=false - -# Save exact versions (like npm --save-exact). -save-exact=true \ No newline at end of file diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 307a7855f..a3d319646 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -150,9 +150,10 @@ catalog: yargs-parser: 21.1.1 yoctocolors-cjs: 2.1.3 zod: 4.1.8 -# Migrated from .npmrc (pnpm v11 only reads auth/registry from .npmrc). +# pnpm v11 reads settings from this file; only auth/registry go in .npmrc. ignoreScripts: true linkWorkspacePackages: false +saveExact: true strictPeerDependencies: true # Wait 7 days (10080 minutes) before installing newly published packages.