Skip to content

security: stricter pnpm config blockExoticSubdeps & trustPolicy#445

Open
Sheraff wants to merge 1 commit into
TanStack:mainfrom
Sheraff:stricter-pnpm-deps-config
Open

security: stricter pnpm config blockExoticSubdeps & trustPolicy#445
Sheraff wants to merge 1 commit into
TanStack:mainfrom
Sheraff:stricter-pnpm-deps-config

Conversation

@Sheraff
Copy link
Copy Markdown
Contributor

@Sheraff Sheraff commented May 17, 2026

Enables pnpm's no-downgrade trust policy and blocks exotic transitive dependencies via pnpm workspace security settings.

Removes the redundant standalone danielroe/provenance-action downgrade CI job from the PR workflow.
@Sheraff Sheraff requested a review from a team as a code owner May 17, 2026 14:07
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 17, 2026

Warning

Rate limit exceeded

@Sheraff has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 48 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2fcaf21a-8747-4afd-acb1-55e2f777866f

📥 Commits

Reviewing files that changed from the base of the PR and between 58d0232 and 8737cb2.

📒 Files selected for processing (2)
  • .github/workflows/pr.yml
  • pnpm-workspace.yaml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.
@nx-cloud
Copy link
Copy Markdown

nx-cloud Bot commented May 17, 2026
edited
Loading

View your CI Pipeline Execution ↗ for commit 8737cb2

Command Status Duration Result
nx affected --targets=test:eslint,test:sherif,t... ✅ Succeeded 6s View ↗
nx run-many --targets=build --exclude=examples/** ✅ Succeeded 2s View ↗

☁️ Nx Cloud last updated this comment at 2026-05-17 14:07:54 UTC
@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new Bot commented May 17, 2026

More templates

@tanstack/angular-devtools

npm i https://pkg.pr.new/@tanstack/angular-devtools@445

@tanstack/devtools

npm i https://pkg.pr.new/@tanstack/devtools@445

@tanstack/devtools-a11y

npm i https://pkg.pr.new/@tanstack/devtools-a11y@445

@tanstack/devtools-client

npm i https://pkg.pr.new/@tanstack/devtools-client@445

@tanstack/devtools-ui

npm i https://pkg.pr.new/@tanstack/devtools-ui@445

@tanstack/devtools-utils

npm i https://pkg.pr.new/@tanstack/devtools-utils@445

@tanstack/devtools-vite

npm i https://pkg.pr.new/@tanstack/devtools-vite@445

@tanstack/devtools-event-bus

npm i https://pkg.pr.new/@tanstack/devtools-event-bus@445

@tanstack/devtools-event-client

npm i https://pkg.pr.new/@tanstack/devtools-event-client@445

@tanstack/preact-devtools

npm i https://pkg.pr.new/@tanstack/preact-devtools@445

@tanstack/react-devtools

npm i https://pkg.pr.new/@tanstack/react-devtools@445

@tanstack/solid-devtools

npm i https://pkg.pr.new/@tanstack/solid-devtools@445

@tanstack/vue-devtools

npm i https://pkg.pr.new/@tanstack/vue-devtools@445

commit: 8737cb2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant

@Sheraff