fix(exec): skip deps auto-install without manifest#12301
Conversation
Code Review by Qodo
Context used 1. Unknown status now skipped
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (3)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughThis PR tightens runDepsStatusCheck's early-exit: it only skips work when deps are explicitly up-to-date or when status is undefined and there's no manifest/allProjects context. It adds tests for undefined-status branches and updates a changeset to target patch releases and document the no-manifest behavior. ChangesDependency Status Check Fix
Sequence Diagram(s)sequenceDiagram
participant runDepsStatusCheck
participant checkDepsStatus
participant runPnpmCli
runDepsStatusCheck->>checkDepsStatus: checkDepsStatus(opts) => { upToDate, issues }
alt upToDate === true
runDepsStatusCheck-->>runDepsStatusCheck: return early
else upToDate === undefined and no rootProjectManifest & not allProjects
runDepsStatusCheck-->>runDepsStatusCheck: return early (skip install)
else
runDepsStatusCheck->>runPnpmCli: runPnpmCli(['install'], { cwd, reporter })
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
PR Summary by Qodofix(exec): avoid deps auto-install when dependency status is unknown WalkthroughsDescription• Treat undefined deps-status as “skip check” to prevent unintended auto-install. • Only trigger install/prompt/error paths when deps status is explicitly false. • Add regression test for no-manifest deps-status result and ship patch changeset. Diagramgraph TD
A["pnpm exec" caller] --> B["runDepsStatusCheck"] --> C["checkDepsStatus"] --> D{"upToDate === false?"}
D -- "No (true/undefined)" --> E["Return (no-op)"]
D -- "Yes" --> F["createInstallArgs"] --> G["runPnpmCli install"]
High-Level AssessmentThe following are alternative approaches to this PR: 1. Make deps-status return an explicit enum
2. Throw a dedicated “no manifest / skipped” error from checkDepsStatus
Recommendation: The PR’s approach (treating anything other than explicit false as a no-op) is the best minimal-risk fix for the reported bug and matches the existing “skipped check” semantics. Consider an explicit enum return in a follow-up if more call sites emerge, but it’s likely overkill for this targeted regression. File ChangesBug fix (1)
Tests (1)
Other (1)
|
0b420b0 to
0238aaa
Compare
|
Code review by qodo was updated up to the latest commit 0238aaa |
0238aaa to
cb68ac1
Compare
|
Code review by qodo was updated up to the latest commit cb68ac1 |
cb68ac1 to
3757dde
Compare
|
Code review by qodo was updated up to the latest commit 3757dde |
|
Congrats on merging your first pull request! 🎉🎉🎉 |
Integrate the 9 commits main gained (#12271, #12294, #12301, #12303, #12305, #12312, #12315, #12316, and the release/version bumps). Conflict resolution: all four conflicts (record_lockfile_verified, build_modules, hoisted_dep_graph, install) were between this branch's lint edits and main's feature changes — took main's authoritative versions; lint compliance is re-derived by re-running clippy in the follow-up commit.
Summary
upToDate: undefinedresults when a project manifest exists.@pnpm/exec.commandsandpnpm.Why
When dependency status cannot be evaluated because there is no root project manifest and the command is not recursive,
checkDepsStatus()already returnsupToDate: undefinedafter warning that the check is skipped. The consumer only returned early fortrue, so this intentional skip fell through to the auto-install path and could surfaceERR_PNPM_NO_PKG_MANIFESToutside a project directory.This keeps the install/error/warn/prompt path for other unknown-status results, matching the existing fallback behavior.
Closes #12240.
Checks
volta run --node 22.22.2 corepack pnpm install --frozen-lockfilevolta run --node 22.22.2 corepack pnpm run lintfromexec/commandsNODE_OPTIONS="$NODE_OPTIONS --experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169" volta run --node 22.22.2 corepack pnpm exec jest test/runDepsStatusCheck.test.ts test/createInstallArgs.test.ts --runInBandfromexec/commandsvolta run --node 22.22.2 corepack pnpm exec tsgo --build --pretty falsefromexec/commandspnpm run compile-only && pnpm run lint --quiet; Rust checks skipped because this PR does not touchpacquet/orpnpr/.Written by an agent (Codex, GPT-5).
Summary by CodeRabbit
Bug Fixes
Tests
Chores