pnpm9: version is incompatible with "/home/dependabot/dependabot-updater/repo".

[fallemand]

Package ecosystem

npm

Package manager version

pnpm 9

Language version

Node 20

What you expected to see, versus what you actually saw

My repo is now using pnpm 9, so we define in the package.json

"engines": {
    "node": ">=20.6.0",
    "pnpm": "^9.0.4"
  },

But all dependabot updates are failing, since dependabot runs in v8:

updater | Your pnpm version is incompatible with "/home/dependabot/dependabot-updater/repo".
updater | 
updater | Expected version: ^9.0.4
updater | Got: 8.15.6
updater | 
updater | This is happening because the package's manifest has an engines.pnpm field specified.
updater | To fix this issue, install the required pnpm version globally.
updater | 
updater | To install the latest version of pnpm, run "pnpm i -g pnpm".
updater | To check your pnpm version, run "pnpm -v".

If we allow pnpm8, Dependabot will create the PR, but the newly generated pnpm-lock will be broken since it's generated with version 6.

[fallemand]

If we allow pnpm8, Dependabot will create the PR, but the new generated pnpm-lock will be broken, since it's generated with version 6.

[VIKTORVAV99]

We are seeing the same issue with all our dependabot jobs fail due to the above error since updating. Which is quite unfortunate as we expected pnpm 9 to be supported by now.

[pboling]

Many times during the job I see errors like this, which must get caught, since the job continues to run...

  proxy | 2024/05/24 10:07:40 [245] GET https://registry.npmjs.org:443/pnpm
  proxy | 2024/05/24 10:07:40 [245] 200 https://registry.npmjs.org:443/pnpm
  proxy | 2024/05/24 10:07:40 [245] WARN: Cannot write TLS response header from mitm'd client: write tcp 192.168.1.1:1080->192.168.1.2:45206: write: broken pipe
updater | 2024/05/24 10:07:40 ERROR <job_832552953> Error processing globals (Dependabot::SharedHelpers::HelperSubprocessFailed)
updater | 2024/05/24 10:07:40 ERROR <job_832552953>  ERR_PNPM_UNSUPPORTED_ENGINE  Unsupported environment (bad pnpm and/or Node.js version)
updater | 
updater | Your pnpm version is incompatible with "/home/dependabot/dependabot-updater/repo".
updater | 
updater | Expected version: ^9.1.2
updater | Got: 8.15.6
updater | 
updater | This is happening because the package's manifest has an engines.pnpm field specified.
updater | To fix this issue, install the required pnpm version globally.
updater | 
updater | To install the latest version of pnpm, run "pnpm i -g pnpm".
updater | To check your pnpm version, run "pnpm -v".

Then at the end of the job:

updater | 2024/05/24 10:08:53 INFO <job_832552953> Finished job processing
updater | 2024/05/24 10:08:53 INFO Results:
updater | Dependabot encountered '20' error(s) during execution, please check the logs for more details.
updater | +--------------------------------------------------+
updater | |          Dependencies failed to update           |
updater | +----------------------------------+---------------+
updater | | svelte-persisted-store           | unknown_error |
updater | | svelte                           | unknown_error |
updater | | @playwright/test                 | unknown_error |
updater | | @inlang/paraglide-sveltekit      | unknown_error |
updater | | typescript-eslint                | unknown_error |
updater | | svelte-ux                        | unknown_error |
updater | | globals                          | unknown_error |
updater | | bits-ui                          | unknown_error |
updater | | @sentry/sveltekit                | unknown_error |
updater | | drizzle-kit                      | unknown_error |
updater | | postcss-nesting                  | unknown_error |
updater | | @inlang/cli                      | unknown_error |
updater | | arctic                           | unknown_error |
updater | | @inlang/paraglide-js             | unknown_error |
updater | | lucide-svelte                    | unknown_error |
updater | | postcss-preset-env               | unknown_error |
updater | | eslint-plugin-jsdoc              | unknown_error |
updater | | @typescript-eslint/eslint-plugin | unknown_error |
updater | | @internationalized/date          | unknown_error |
updater | | tsx                              | unknown_error |
updater | +----------------------------------+---------------+
updater | time="2024-05-24T10:08:53Z" level=info msg="task complete" container_id=job-832552953-updater exit_code=0 job_id=832552953 step=updater

Refs:

• Use pnpm@9 for lockfile >= 9.0 #9668
• PNPM lockfileVersion reverted back from 9.0 to 6.0 #9684
• Improve support for PNPM 9 #9687
• Dependabot::SharedHelpers::HelperSubprocessFailed:  ERR_PNPM_UNSUPPORTED_PLATFORM  Unsupported platform for registry.npmjs.org/@swc/core-darwin-x64/... #9321

[fallemand]

We were able to fix the issue by adding the packageManager field with the desired version of pnpm you wish to use.
We don't use corepack, but adding this will help Dependabot install the correct version.
This solution was commented on another issue.

  "engines": {
    "node": ">=20.6.0",
    "pnpm": "^9.3.0"
  },
  "packageManager": "pnpm@9.3.0",

[abdulapopoola]

@deivid-rodriguez fix here should address this, please let us know if it still doesn't work

[fallemand]

Fix works 👍