Skip to content

Commit 706a0b8

Browse files
nicktrnclaude
nicktrn
and
claude
authored
chore: upgrade pnpm to 10.33.2 with security hardening (#3489)
## Summary - Upgrade pnpm from 10.23.0 → 10.33.2 (latest minor) - Enable `blockExoticSubdeps: true` for supply-chain defense - Update all version references across the repo ## Security improvements in 10.28.2+ - Path traversal protection in `directories.bin` - Symlink-escape protection for `file:/git:` dependencies (prevents reading `/etc/passwd`, `~/.ssh/...`) - https://pnpm.io/settings#blockexoticsubdeps ## Files updated - `package.json` — `packageManager` field - `docker/Dockerfile` — 5 `corepack prepare` calls - `apps/supervisor/Containerfile` — 1 `corepack prepare` call - `pnpm-workspace.yaml` — added `blockExoticSubdeps: true` - `CLAUDE.md`, `AGENTS.md`, `CONTRIBUTING.md`, `ai/references/repo.md` — version references ## Verification - `pnpm install --frozen-lockfile` succeeds (no lockfile regen needed) - `pnpm install` (plain) produces zero lockfile diff - All CI checks pass Slack thread: https://triggerdotdev.slack.com/archives/C061L2MHW93/p1777625600974279?thread_ts=1777622248.762639&cid=C061L2MHW93 https://claude.ai/code/session_01G759MUqmjsPh9k1qDxbdjG --------- Co-authored-by: Claude <noreply@anthropic.com>
1 parent 1594080 commit 706a0b8

18 files changed

Lines changed: 31 additions & 30 deletions

.github/workflows/changesets-pr.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ jobs:
8888
- name: Setup pnpm
8989
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
9090
with:
91-
version: 10.23.0
91+
version: 10.33.2
9292

9393
- name: Setup node
9494
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

.github/workflows/claude.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333
- name: ⎔ Setup pnpm
3434
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
3535
with:
36-
version: 10.23.0
36+
version: 10.33.2
3737

3838
- name: ⎔ Setup node
3939
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

.github/workflows/e2e-webapp.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ jobs:
4848
- name: ⎔ Setup pnpm
4949
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
5050
with:
51-
version: 10.23.0
51+
version: 10.33.2
5252

5353
- name: ⎔ Setup node
5454
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

.github/workflows/e2e.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
- name: ⎔ Setup pnpm
3232
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
3333
with:
34-
version: 10.23.0
34+
version: 10.33.2
3535

3636
- name: ⎔ Setup node
3737
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -48,7 +48,7 @@ jobs:
4848
run: pnpm run build --filter trigger.dev^...
4949

5050
- name: 🔧 Build worker template files
51-
run: pnpm --filter trigger.dev run build:workers
51+
run: pnpm --filter trigger.dev run --if-present build:workers
5252

5353
- name: Enable corepack
5454
run: corepack enable

.github/workflows/release.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ jobs:
8181
- name: Setup pnpm
8282
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
8383
with:
84-
version: 10.23.0
84+
version: 10.33.2
8585

8686
- name: Setup node
8787
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -250,7 +250,7 @@ jobs:
250250
- name: Setup pnpm
251251
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
252252
with:
253-
version: 10.23.0
253+
version: 10.33.2
254254

255255
- name: Setup node
256256
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

.github/workflows/sdk-compat.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ jobs:
2525
- name: ⎔ Setup pnpm
2626
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
2727
with:
28-
version: 10.23.0
28+
version: 10.33.2
2929

3030
- name: ⎔ Setup node
3131
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -63,7 +63,7 @@ jobs:
6363
- name: ⎔ Setup pnpm
6464
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
6565
with:
66-
version: 10.23.0
66+
version: 10.33.2
6767

6868
- name: ⎔ Setup node
6969
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -104,7 +104,7 @@ jobs:
104104
- name: ⎔ Setup pnpm
105105
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
106106
with:
107-
version: 10.23.0
107+
version: 10.33.2
108108

109109
- name: ⎔ Setup node
110110
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -149,7 +149,7 @@ jobs:
149149
- name: ⎔ Setup pnpm
150150
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
151151
with:
152-
version: 10.23.0
152+
version: 10.33.2
153153

154154
- name: ⎔ Setup node
155155
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

.github/workflows/typecheck.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
- name: ⎔ Setup pnpm
2020
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
2121
with:
22-
version: 10.23.0
22+
version: 10.33.2
2323

2424
- name: ⎔ Setup node
2525
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

.github/workflows/unit-tests-internal.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ jobs:
5353
- name: ⎔ Setup pnpm
5454
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
5555
with:
56-
version: 10.23.0
56+
version: 10.33.2
5757

5858
- name: ⎔ Setup node
5959
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -122,7 +122,7 @@ jobs:
122122
- name: ⎔ Setup pnpm
123123
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
124124
with:
125-
version: 10.23.0
125+
version: 10.33.2
126126

127127
- name: ⎔ Setup node
128128
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

.github/workflows/unit-tests-packages.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ jobs:
5353
- name: ⎔ Setup pnpm
5454
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
5555
with:
56-
version: 10.23.0
56+
version: 10.33.2
5757

5858
- name: ⎔ Setup node
5959
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -122,7 +122,7 @@ jobs:
122122
- name: ⎔ Setup pnpm
123123
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
124124
with:
125-
version: 10.23.0
125+
version: 10.33.2
126126

127127
- name: ⎔ Setup node
128128
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

.github/workflows/unit-tests-webapp.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ jobs:
5353
- name: ⎔ Setup pnpm
5454
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
5555
with:
56-
version: 10.23.0
56+
version: 10.33.2
5757

5858
- name: ⎔ Setup node
5959
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -130,7 +130,7 @@ jobs:
130130
- name: ⎔ Setup pnpm
131131
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
132132
with:
133-
version: 10.23.0
133+
version: 10.33.2
134134

135135
- name: ⎔ Setup node
136136
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0

0 commit comments

Comments
 (0)