Pnpm upgrade to 10.x and prevent script execution#59466
Merged
pierrejeambrun merged 1 commit intoDec 15, 2025
Merged
Conversation
boring-cyborg
Bot
added
area:dev-tools
area:providers
backport-to-v3-1-test
provider:edge
pierrejeambrun
force-pushed
the
upgrade-pnpm-and-prevent-script-execution
branch
from
f3a7359 to
aedddb3
Compare
vincbeck
approved these changes
Dec 15, 2025
potiuk
approved these changes
Dec 15, 2025
Contributor
Backport failed to create: v3-1-test. View the failure log Run details
You can attempt to backport this manually by running: cherry_picker 75e2225 v3-1-testThis should apply the commit to the v3-1-test branch and leave the commit in conflict state marking After you have resolved the conflicts, you can continue the backport process by running: cherry_picker --continue |
Contributor
|
Cool! |
pierrejeambrun
added a commit
to astronomer/airflow
that referenced
this pull request
Dec 16, 2025
(cherry picked from commit 75e2225)
Member
Author
|
Manual backport #59512 |
pierrejeambrun
added a commit
that referenced
this pull request
Dec 16, 2025
TempestShaw
pushed a commit
to TempestShaw/airflow
that referenced
this pull request
Dec 24, 2025
54 tasks
ephraimbuddy
pushed a commit
that referenced
this pull request
Jan 6, 2026
jhgoebbert
pushed a commit
to jhgoebbert/airflow_Owen-CH-Leung
that referenced
this pull request
Feb 8, 2026
Subham-KRLX
pushed a commit
to Subham-KRLX/airflow
that referenced
this pull request
Mar 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Upgrade pnpm to 10.x version.
By default pnpm 10.x blocks install scripts:
https://pnpm.io/supply-chain-security#block-risky-postinstall-scripts
For people still developing locally and using 9.x, install scripts 'almost' disables everywhere via the
onlyBuiltDependencies, allowing scripts only for certain specific packages. It was missing in thefab providerone, added an empty attribute that will virtually disable scripts by defaults:https://pnpm.io/9.x/package_json#pnpmonlybuiltdependencies