ci: pnpm trustPolicy no-downgrade exclude chokidar@4.0.3#7643
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthrough
Changespnpm Trust Policy Exclusion
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
View your CI Pipeline Execution ↗ for commit 22a7c7f
☁️ Nx Cloud last updated this comment at |
🚀 Changeset Version Preview3 package(s) bumped directly, 10 bumped as dependents. 🟩 Patch bumps
|
chokidar4.0.3 (and 4.0.2) are known to be trust policy downgrades, but are safe. The maintainers do not plan on fixing this issue, to encourage the ecosystem to move to 5.0.0However for us, it's also "the ecosystem" that is blocking us: we depend directly on 5.0.0, but transitively depend on 4.0.3 (
sass,prisma,netlify, ...)Because this problem is known, and 4.0.3 is known to be safe, and there should not be any more 4.x.x releases, we should be ok to just exclude
'chokidar@4.0.3'exactly from pnpm's trust policy rule.Summary by CodeRabbit