diff --git a/docs/npm_translate_lock.md b/docs/npm_translate_lock.md index 4566c2f77..b191ef0cf 100644 --- a/docs/npm_translate_lock.md +++ b/docs/npm_translate_lock.md @@ -128,7 +128,7 @@ For more about how to use npm_translate_lock, read [pnpm and rules_js](/docs/pnp | quiet | Set to False to print info logs and output stdout & stderr of pnpm lock update actions to the console. | `True` | | external_repository_action_cache | The location of the external repository action cache to write to when `update_pnpm_lock` = True. | `".aspect/rules/external_repository_action_cache"` | | link_workspace | The workspace name where links will be created for the packages in this lock file.

This is typically set in rule sets and libraries that vendor the starlark generated by npm_translate_lock so the link_workspace passed to npm_import is set correctly so that links are created in the external repository and not the user workspace.

Can be left unspecified if the link workspace is the user workspace. | `None` | -| pnpm_version | pnpm version to use when generating the @pnpm repository. Set to None to not create this repository.

Can be left unspecified and the rules_js default `LATEST_PNPM_VERSION` will be used. | `"8.15.3"` | +| pnpm_version | pnpm version to use when generating the @pnpm repository. Set to None to not create this repository.

Can be left unspecified and the rules_js default `DEFAULT_PNPM_VERSION` will be used. | `"8.15.8"` | | use_pnpm | label of the pnpm entry point to use. | `None` | | npm_package_target_name | The name of linked `npm_package`, `js_library` or `JsInfo` producing targets.

When targets are linked as pnpm workspace packages, the name of the target must align with this value.

The `{dirname}` placeholder is replaced with the directory name of the target. | `"pkg"` | | kwargs | Internal use only | none | diff --git a/npm/extensions.bzl b/npm/extensions.bzl index 6988817d7..28266aab0 100644 --- a/npm/extensions.bzl +++ b/npm/extensions.bzl @@ -4,7 +4,7 @@ See https://bazel.build/docs/bzlmod#extension-definition load("@aspect_bazel_lib//lib:repo_utils.bzl", "repo_utils") load("@bazel_features//:features.bzl", "bazel_features") -load("//npm:repositories.bzl", "npm_import", "pnpm_repository", _LATEST_PNPM_VERSION = "LATEST_PNPM_VERSION") +load("//npm:repositories.bzl", "npm_import", "pnpm_repository", _DEFAULT_PNPM_VERSION = "DEFAULT_PNPM_VERSION", _LATEST_PNPM_VERSION = "LATEST_PNPM_VERSION") load("//npm/private:npm_import.bzl", "npm_import_lib", "npm_import_links_lib") load("//npm/private:npm_translate_lock.bzl", "npm_translate_lock", "npm_translate_lock_lib") load("//npm/private:npm_translate_lock_helpers.bzl", npm_translate_lock_helpers = "helpers") @@ -12,9 +12,10 @@ load("//npm/private:npm_translate_lock_macro_helpers.bzl", macro_helpers = "help load("//npm/private:npm_translate_lock_state.bzl", "npm_translate_lock_state") load("//npm/private:npmrc.bzl", "parse_npmrc") load("//npm/private:transitive_closure.bzl", "translate_to_transitive_closure") -load("//npm/private:utils.bzl", "utils") +DEFAULT_PNPM_VERSION = _DEFAULT_PNPM_VERSION LATEST_PNPM_VERSION = _LATEST_PNPM_VERSION + _DEFAULT_PNPM_REPO_NAME = "pnpm" def _npm_extension_impl(module_ctx): @@ -287,7 +288,7 @@ pnpm = module_extension( Overriding the default is only permitted in the root module.""", default = _DEFAULT_PNPM_REPO_NAME, ), - "pnpm_version": attr.string(default = LATEST_PNPM_VERSION), + "pnpm_version": attr.string(default = DEFAULT_PNPM_VERSION), "pnpm_version_integrity": attr.string(), }, ), diff --git a/npm/private/npm_translate_lock.bzl b/npm/private/npm_translate_lock.bzl index 84b1a71fc..b3cc14494 100644 --- a/npm/private/npm_translate_lock.bzl +++ b/npm/private/npm_translate_lock.bzl @@ -32,7 +32,7 @@ load(":npm_translate_lock_generate.bzl", "generate_repository_files") load(":npm_translate_lock_helpers.bzl", "helpers") load(":npm_translate_lock_macro_helpers.bzl", macro_helpers = "helpers") load(":npm_translate_lock_state.bzl", "DEFAULT_ROOT_PACKAGE", "npm_translate_lock_state") -load(":pnpm_repository.bzl", "LATEST_PNPM_VERSION", _pnpm_repository = "pnpm_repository") +load(":pnpm_repository.bzl", "DEFAULT_PNPM_VERSION", _pnpm_repository = "pnpm_repository") load(":transitive_closure.bzl", "translate_to_transitive_closure") load(":utils.bzl", "utils") @@ -181,7 +181,7 @@ def npm_translate_lock( quiet = True, external_repository_action_cache = utils.default_external_repository_action_cache(), link_workspace = None, - pnpm_version = LATEST_PNPM_VERSION, + pnpm_version = DEFAULT_PNPM_VERSION, use_pnpm = None, npm_package_target_name = "pkg", **kwargs): @@ -492,7 +492,7 @@ def npm_translate_lock( pnpm_version: pnpm version to use when generating the @pnpm repository. Set to None to not create this repository. - Can be left unspecified and the rules_js default `LATEST_PNPM_VERSION` will be used. + Can be left unspecified and the rules_js default `DEFAULT_PNPM_VERSION` will be used. use_pnpm: label of the pnpm entry point to use. diff --git a/npm/private/pnpm_repository.bzl b/npm/private/pnpm_repository.bzl index 5e868ce44..bb028820a 100644 --- a/npm/private/pnpm_repository.bzl +++ b/npm/private/pnpm_repository.bzl @@ -6,7 +6,11 @@ load(":versions.bzl", "PNPM_VERSIONS") LATEST_PNPM_VERSION = PNPM_VERSIONS.keys()[-1] -def pnpm_repository(name, pnpm_version = LATEST_PNPM_VERSION): +# Default to the latest pnpm v8 since pnpm v9 has breaking changes in the lockfile that have not yet been +# tested at scale to ensure all corner cases are covered in the wild. +DEFAULT_PNPM_VERSION = [v for v in PNPM_VERSIONS.keys() if v.startswith("8")][-1] + +def pnpm_repository(name, pnpm_version = DEFAULT_PNPM_VERSION): """Import https://npmjs.com/package/pnpm and provide a js_binary to run the tool. Useful as a way to run exactly the same pnpm as Bazel does, for example with: diff --git a/npm/private/versions.bzl b/npm/private/versions.bzl index b924493fe..3ff3bdc54 100644 --- a/npm/private/versions.bzl +++ b/npm/private/versions.bzl @@ -800,4 +800,18 @@ PNPM_VERSIONS = { "8.15.1": "sha512-gxz0xfi4N0r3FSHU0VPbSdcIbeYVwq98tenX64umMN2sRv6kldZD5VLvLmijqpmj5en77oaWcClnUE31xZyycw==", "8.15.2": "sha512-CtSEkTkCu/5zmI7z2NHFEK6wxlSDur3EBYnBpmNc+GA5vDY5veOdFKPMngJx5/rRx/qJHEfKfH8esGv/3MOTnw==", "8.15.3": "sha512-3YXNbspkF8b3PbMroetHZ/+0y6T1vwcnhGciyStrnlaizCGLEThbvCsh8YoWpn2nes6um2Gg9WoWQ7JeH7amBQ==", + "8.15.4": "sha512-C9Opvp6w6aaSZ23uwAowO6IYuiedmSQUdWFrOY267t0RFG+SwoQ0WPVXsdEn4J1MFx4QW9zWthACs5aFqAFrng==", + "8.15.5": "sha512-sFGjLH5pWDO4SSbTspuMylclS1ifBknYmcbp0O22cLkex+KkNFm65zdZu1zmGcMmbxFr+THOItHvF1mn5Fqpbw==", + "8.15.6": "sha512-d7iem+d6Kwatj0A6Gcrl4il29hAj+YrTI9XDAZSVjrwC7gpq5dE+5FT2E05OjK8poF8LGg4dKxe8prah8RWfhg==", + "8.15.7": "sha512-yFzSG22hAzIVaxyiqnnAph7nrS6wRTuIqymSienoypPmCRIyslwHy/YfbfdxKNnISeXJrG5EhU29IRxJ86Z63A==", + "8.15.8": "sha512-0aAp4aRHrZC8ls1YsPrUhtKZPVMYVjlve6vy2D6xgju4PFo9D8GPZ1stEDIdSesWH+zjb+gTSqWCPs0hX+7Tkg==", + "9.0.0": "sha512-tBBnB8ciWxdIthWVlTzL6/+XtUrQXQAqo2NfYzucU81mb3zpuLxEcE8foEi5pJtVNxqy2enWZ9Hv4u8VFLzVEw==", + "9.0.1": "sha512-+QSxM9aZQVsNmX7j8Fommv+9sCz2sif6A9hUg6jz387QuRYKfUd9wFGrZ6+L5EcFuf3xXyrjO8g7dohlKftLHQ==", + "9.0.2": "sha512-i+3zHeQnBbl/+JMwu+F3lUrVcDqS+olL4PtNRbXfq1miH2WoQZrRyugt0W+sLUGow0N3XoDv59q22AsECNsv1g==", + "9.0.3": "sha512-yT2+bOq0/HRmJQ7f92X/seGGOUmNEekH8Ao5ceUW5gsNwyHqxF3qno1lBACDfbDUrbyJdqaro0csYi6j/mVDkg==", + "9.0.4": "sha512-w3S1LePeiMWP2DM99mSnNyec2w4TRLpAVNOx//qaGjZwhU91XcpPFq3qPxS+mJan/K8WdAn+DBrWBHUnHa/oGg==", + "9.0.5": "sha512-pyJXXBj9eR+e9x44fG4WzAPJDYWbmwmY0EKMoOMiCCizKpbm3nPOo07bwPUIJHcbGmnH6ja4bao7icfm2aPZEg==", + "9.0.6": "sha512-9thjEwlzIHy3ozbWtDmiQqJqyAaAd99TDWqGBpQZhT3B/+ZAKexZSpxQWjpBDRlkPIcKumd2Mw9c/dzxCpwWFw==", + "9.1.0": "sha512-Z/WHmRapKT5c8FnCOFPVcb6vT3U8cH9AyyK+1fsVeMaq07bEEHzLO6CzW+AD62IaFkcayDbIe+tT+dVLtGEnJA==", + "9.1.1": "sha512-FOkVdZwR936sB/q6TQGcGT7IY3Ip5i7Jnu+3zzw7dcZER4grfEhRQkUe46a0CAWc37e3+gNBuXXxLQ92KccRlQ==", } diff --git a/npm/repositories.bzl b/npm/repositories.bzl index 96b76abc8..ed1bbdb32 100644 --- a/npm/repositories.bzl +++ b/npm/repositories.bzl @@ -2,8 +2,9 @@ load("//npm/private:npm_import.bzl", _npm_import = "npm_import") load("//npm/private:npm_translate_lock.bzl", _list_patches = "list_patches", _npm_translate_lock = "npm_translate_lock") -load("//npm/private:pnpm_repository.bzl", _LATEST_PNPM_VERSION = "LATEST_PNPM_VERSION", _pnpm_repository = "pnpm_repository") +load("//npm/private:pnpm_repository.bzl", _DEFAULT_PNPM_VERSION = "DEFAULT_PNPM_VERSION", _LATEST_PNPM_VERSION = "LATEST_PNPM_VERSION", _pnpm_repository = "pnpm_repository") +DEFAULT_PNPM_VERSION = _DEFAULT_PNPM_VERSION LATEST_PNPM_VERSION = _LATEST_PNPM_VERSION list_patches = _list_patches