Skip to content

fix: pin pnpm version when invoking via npx#24293

Merged
Artur- merged 1 commit into
mainfrom
use-pnpm-version
May 8, 2026
Merged

fix: pin pnpm version when invoking via npx#24293
Artur- merged 1 commit into
mainfrom
use-pnpm-version

Conversation

@Artur-
Copy link
Copy Markdown
Member

@Artur- Artur- commented May 7, 2026

getSuitablePnpm() invoked npx --yes --quiet pnpm, letting npx resolve whatever it considered latest (or whatever was cached) rather than the DEFAULT_PNPM_VERSION constant. Pass pnpm@<DEFAULT_PNPM_VERSION> so the installed version matches the constant.

@github-actions github-actions Bot added the +0.0.1 label May 7, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026
edited
Loading

Test Results

 1 404 files  ±0   1 404 suites  ±0   1h 22m 25s ⏱️ + 1m 6s
10 128 tests ±0  10 058 ✅ ±0  70 💤 ±0  0 ❌ ±0 
10 603 runs  ±0  10 524 ✅ ±0  79 💤 ±0  0 ❌ ±0 

Results for commit ef4b09e. ± Comparison against base commit d9290f8.

♻️ This comment has been updated with latest results.

@Artur- Artur- marked this pull request as draft May 8, 2026 05:38
@Artur- Artur- force-pushed the use-pnpm-version branch from 2c3249b to 1676e93 Compare May 8, 2026 06:43
@Artur-
fix: pin pnpm version when invoking via npx
ef4b09e 
getSuitablePnpm() invoked `npx --yes --quiet pnpm`, letting npx resolve
whatever it considered latest (or whatever was cached) rather than the
DEFAULT_PNPM_VERSION constant. Pass `pnpm@<DEFAULT_PNPM_VERSION>` so the
installed version matches the constant.
@Artur- Artur- marked this pull request as ready for review May 8, 2026 06:44
@Artur- Artur- force-pushed the use-pnpm-version branch from 1676e93 to ef4b09e Compare May 8, 2026 06:44
@Artur- Artur- requested a review from mcollovati May 8, 2026 06:44
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 8, 2026

Quality Gate Passed Quality Gate passed

Issues
Image 0 New issues
Image 0 Accepted issues

Measures
Image 0 Security Hotspots
Image 0.0% Coverage on New Code
Image 0.0% Duplication on New Code

See analysis details on SonarQube Cloud

mcollovati
mcollovati reviewed May 8, 2026
View reviewed changes
Comment thread flow-build-tools/src/main/java/com/vaadin/flow/server/frontend/FrontendTools.java
// happens to resolve as latest
pnpmCommand = getNpmCliToolExecutable(BuildTool.NPX, "--yes",
"--quiet", "pnpm");
"--quiet", "pnpm@" + DEFAULT_PNPM_VERSION);
Copy link
Copy Markdown
Collaborator

@mcollovati mcollovati May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what it looked like until #13344.
Could this change cause a regression, or is the fixed issue not valid anymore?

Copy link
Copy Markdown
Member Author

@Artur- Artur- May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't remember that npx pnpm@5 might run pnpm 6... but I don't see how this would make it any worse. Without any version number, npx can basically pick any pnpm version. With the version number, it should not be able to pick older versions

@Artur- Artur- added this pull request to the merge queue May 8, 2026
Merged via the queue into main with commit 03e8c7c May 8, 2026
31 checks passed
@Artur- Artur- deleted the use-pnpm-version branch May 8, 2026 07:59
@vaadin-bot
Copy link
Copy Markdown
Collaborator

vaadin-bot commented May 18, 2026

This ticket/PR has been released with Vaadin 25.2.0-alpha7.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcollovati mcollovati mcollovati approved these changes

Assignees

No one assigned

Labels

Released with Vaadin 25.2.0-alpha7 +0.0.1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Artur- @vaadin-bot @mcollovati