fix(env-installer): prune env lockfile when updating a config dep#11892
Conversation
`pnpm add --config <pkg>` (via `resolveConfigDeps`) wrote the env lockfile without pruning, so optional subdependencies from the previously resolved version remained as orphans. Mirror the prune call from `resolveAndInstallConfigDeps`.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (3)
📜 Recent review details⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
🧰 Additional context used📓 Path-based instructions (2)**/*.{ts,tsx}📄 CodeRabbit inference engine (AGENTS.md)
Files:
**/*.test.{ts,tsx}📄 CodeRabbit inference engine (AGENTS.md)
Files:
🧠 Learnings (1)📚 Learning: 2026-05-14T09:04:00.133ZApplied to files:
🔇 Additional comments (3)
📝 WalkthroughWalkthroughThis PR fixes a lockfile pollution issue where updating a config dependency in ChangesEnv lockfile pruning for config dependency updates
Possibly related PRs
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
Summary
When updating a config dependency via
pnpm add --config <pkg>, the optional subdependencies of the previously resolved version were left as orphan entries inpnpm-lock.env.yaml. The siblingresolveAndInstallConfigDepspath already prunes; this PR adds the samepruneEnvLockfilecall toresolveConfigDepsbefore the write.Test plan
installing/env-installer/test/resolveConfigDeps.test.ts(orphan optional subdeps from a previous resolution are pruned) — pre-populates the env lockfile with an unreferenced parent + optional subdep, runsresolveConfigDeps, asserts the orphans are gone. Verified the test fails onmainand passes with the fix.resolveConfigDeps.test.tspass.Pacquet parity
If pacquet has ported the config-deps install flow, this same pruning needs to land on the Rust side too — flagging for a maintainer to check before merge.
Written by an agent (Claude Code, claude-opus-4-7).
Summary by CodeRabbit
pnpm add --configleft orphan entries inpnpm-lock.env.yamlfor outdated configuration dependencies. The package manager now properly cleans up stale optional subdependencies when config dependencies are updated.