dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard

Published 20 hours ago verified publisher icon dependabot

pnpm9: version is incompatible with "/home/dependabot/dependabot-updater/repo".

Open fallemand opened this issue 9 months ago • 2 comments

Package ecosystem

npm

Package manager version

pnpm 9

Language version

Node 20

What you expected to see, versus what you actually saw

My repo is now using pnpm 9, so we define in the package.json

"engines": {
    "node": ">=20.6.0",
    "pnpm": "^9.0.4"
  },

But all dependabot updates are failing, since dependabot runs in v8:

updater | Your pnpm version is incompatible with "/home/dependabot/dependabot-updater/repo".
updater | 
updater | Expected version: ^9.0.4
updater | Got: 8.15.6
updater | 
updater | This is happening because the package's manifest has an engines.pnpm field specified.
updater | To fix this issue, install the required pnpm version globally.
updater | 
updater | To install the latest version of pnpm, run "pnpm i -g pnpm".
updater | To check your pnpm version, run "pnpm -v".

If we allow pnpm8, Dependabot will create the PR, but the newly generated pnpm-lock will be broken since it's generated with version 6.

fallemand avatar May 07 '24 08:05 fallemand

If we allow pnpm8, Dependabot will create the PR, but the new generated pnpm-lock will be broken, since it's generated with version 6.

image

fallemand avatar May 07 '24 15:05 fallemand

We are seeing the same issue with all our dependabot jobs fail due to the above error since updating. Which is quite unfortunate as we expected pnpm 9 to be supported by now.

VIKTORVAV99 avatar May 15 '24 13:05 VIKTORVAV99

Many times during the job I see errors like this, which must get caught, since the job continues to run...

  proxy | 2024/05/24 10:07:40 [245] GET https://registry.npmjs.org:443/pnpm
  proxy | 2024/05/24 10:07:40 [245] 200 https://registry.npmjs.org:443/pnpm
  proxy | 2024/05/24 10:07:40 [245] WARN: Cannot write TLS response header from mitm'd client: write tcp 192.168.1.1:1080->192.168.1.2:45206: write: broken pipe
updater | 2024/05/24 10:07:40 ERROR <job_832552953> Error processing globals (Dependabot::SharedHelpers::HelperSubprocessFailed)
updater | 2024/05/24 10:07:40 ERROR <job_832552953>  ERR_PNPM_UNSUPPORTED_ENGINE  Unsupported environment (bad pnpm and/or Node.js version)
updater | 
updater | Your pnpm version is incompatible with "/home/dependabot/dependabot-updater/repo".
updater | 
updater | Expected version: ^9.1.2
updater | Got: 8.15.6
updater | 
updater | This is happening because the package's manifest has an engines.pnpm field specified.
updater | To fix this issue, install the required pnpm version globally.
updater | 
updater | To install the latest version of pnpm, run "pnpm i -g pnpm".
updater | To check your pnpm version, run "pnpm -v".

Then at the end of the job:

updater | 2024/05/24 10:08:53 INFO <job_832552953> Finished job processing
updater | 2024/05/24 10:08:53 INFO Results:
updater | Dependabot encountered '20' error(s) during execution, please check the logs for more details.
updater | +--------------------------------------------------+
updater | |          Dependencies failed to update           |
updater | +----------------------------------+---------------+
updater | | svelte-persisted-store           | unknown_error |
updater | | svelte                           | unknown_error |
updater | | @playwright/test                 | unknown_error |
updater | | @inlang/paraglide-sveltekit      | unknown_error |
updater | | typescript-eslint                | unknown_error |
updater | | svelte-ux                        | unknown_error |
updater | | globals                          | unknown_error |
updater | | bits-ui                          | unknown_error |
updater | | @sentry/sveltekit                | unknown_error |
updater | | drizzle-kit                      | unknown_error |
updater | | postcss-nesting                  | unknown_error |
updater | | @inlang/cli                      | unknown_error |
updater | | arctic                           | unknown_error |
updater | | @inlang/paraglide-js             | unknown_error |
updater | | lucide-svelte                    | unknown_error |
updater | | postcss-preset-env               | unknown_error |
updater | | eslint-plugin-jsdoc              | unknown_error |
updater | | @typescript-eslint/eslint-plugin | unknown_error |
updater | | @internationalized/date          | unknown_error |
updater | | tsx                              | unknown_error |
updater | +----------------------------------+---------------+
updater | time="2024-05-24T10:08:53Z" level=info msg="task complete" container_id=job-832552953-updater exit_code=0 job_id=832552953 step=updater

Refs:

  • https://github.com/dependabot/dependabot-core/pull/9668
  • https://github.com/dependabot/dependabot-core/issues/9684
  • https://github.com/dependabot/dependabot-core/pull/9687
  • https://github.com/dependabot/dependabot-core/issues/9321

pboling avatar May 24 '24 10:05 pboling

We were able to fix the issue by adding the packageManager field with the desired version of pnpm you wish to use. We don't use corepack, but adding this will help Dependabot install the correct version. This solution was commented on another issue.

  "engines": {
    "node": ">=20.6.0",
    "pnpm": "^9.3.0"
  },
  "packageManager": "[email protected]",

fallemand avatar Jun 17 '24 10:06 fallemand

@deivid-rodriguez fix here should address this, please let us know if it still doesn't work

abdulapopoola avatar Jun 27 '24 21:06 abdulapopoola

Fix works 👍

fallemand avatar Jun 28 '24 12:06 fallemand