Files
wehub-resource-sync 70bf21e064
Handle Changesets / Handle Changesets (push) Waiting to run
Semgrep OSS scan / semgrep-oss (push) Waiting to run
Deploy (to testing) and Test Playground Preview Worker / Deploy Playground Preview Worker (testing) (push) Has been skipped
Deploy Workers Shared Staging / Deploy Workers Shared Staging (push) Failing after 0s
Prerelease / build (push) Has been skipped
chore: import upstream snapshot with attribution
2026-07-13 12:30:11 +08:00

138 lines
6.7 KiB
YAML
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
packages:
- "packages/*"
- "packages/vite-plugin-cloudflare/playground/*"
- "packages/vite-plugin-cloudflare/playground"
- "fixtures/*"
- "tools"
# We update various dependencies on an infrequent recurring basis.
# This table describes what is updated and how often.
#
# Process | Frequency | Notes
# --------------------|---------------|---------------------------------------
# DevTools update | Every quarter | Update our fork of Chrome DevTools
# Esbuild update | Every quarter | Bump esbuild dependency in workers-sdk
# Node update | Every 2 years | Bump node dependency in workers-sdk
# Quick Editor update | Every quarter | Update VSCode dependency and patches
# ──────────────────────────────────────────────────────────────────────────────
# Settings (migrated from .npmrc in pnpm 10)
# ──────────────────────────────────────────────────────────────────────────────
gitChecks: false
# ──────────────────────────────────────────────────────────────────────────────
# Supply chain security
# See: https://pnpm.io/supply-chain-security
# ──────────────────────────────────────────────────────────────────────────────
# Prevent transitive dependencies from pulling code from git repos or tarball
# URLs. Only direct dependencies may use exotic sources.
blockExoticSubdeps: true
# Require packages to be at least 24 hours old before they can be installed.
# This mitigates supply-chain attacks where a malicious version is published and
# yanked quickly, by ensuring there is a window for detection before adoption.
# Value is in minutes (1440 = 24 hours).
minimumReleaseAge: 1440
# First-party Cloudflare packages are exempt from the cooldown so they can be
# adopted same-day.
minimumReleaseAgeExclude:
- "workerd"
# Platform-specific workerd binaries published in lock-step with workerd.
- "@cloudflare/workerd-*"
- "@cloudflare/workers-types"
# The below is to install the rosie-skills package and remove the problematic
# wasm module it brings as soon as possible
# TODO(dario): remove in a few days
- "rosie-skills"
# ──────────────────────────────────────────────────────────────────────────────
# Build scripts
# pnpm 10 blocks lifecycle scripts by default. Only the packages listed here
# are allowed to run install/postinstall scripts.
# ──────────────────────────────────────────────────────────────────────────────
allowBuilds:
esbuild: true
workerd: true
sharp: true
playwright-chromium: true
prisma: true
# Explicitly silence warnings for packages whose postinstall scripts are not
# required for correct operation.
protobufjs: false # version-scheme diagnostic warning only
msw: false # copies mockServiceWorker.js to msw.workerDirectory — unused in this repo
core-js: false # telemetry
core-js-pure: false # telemetry
# ──────────────────────────────────────────────────────────────────────────────
# Dependency resolution (migrated from package.json "pnpm" field in pnpm 10)
# ──────────────────────────────────────────────────────────────────────────────
overrides:
"@types/react-dom@18>@types/react": "^18"
"@types/react-tabs>@types/react": "^18"
"@types/react-transition-group>@types/react": "^18"
"@cloudflare/elements>@types/react": "^18"
"@types/node": "$@types/node"
"@types/node>undici-types": "catalog:default"
peerDependencyRules:
allowedVersions:
react: "18"
react-dom: "18"
"@types/react": "18"
"@types/react-dom": "18"
patchedDependencies:
"@cloudflare/component-listbox@1.10.6": "patches/@cloudflare__component-listbox@1.10.6.patch"
"toucan-js@4.0.0": "patches/toucan-js@4.0.0.patch"
"postal-mime": "patches/postal-mime.patch"
"youch@4.1.0-beta.10": "patches/youch@4.1.0-beta.10.patch"
"@netlify/build-info": "patches/@netlify__build-info.patch"
"buffer-equal-constant-time@1.0.1": "patches/buffer-equal-constant-time@1.0.1.patch"
# ──────────────────────────────────────────────────────────────────────────────
# Catalog
# ──────────────────────────────────────────────────────────────────────────────
catalog:
chalk: "5.3.0"
command-exists: "1.2.9"
dotenv: "16.3.1"
"@hey-api/openapi-ts": "0.94.0"
"@types/node": "22.15.17"
"@vitest/runner": 4.1.0
"@vitest/snapshot": 4.1.0
"@vitest/ui": 4.1.0
typescript: "5.8.3"
undici: "7.28.0"
# Override undici-types from @types/node so that the Cloudflare SDK typings match our installed
# version of Undici
undici-types: "7.28.0"
vitest: "4.1.0"
vite: "8.0.13"
"ws": "8.21.0"
esbuild: "0.28.1"
"@playwright/test": "1.60.0"
playwright-chromium: "1.60.0"
"@cloudflare/workers-types": "^5.20260708.1"
workerd: "1.20260708.1"
jsonc-parser: "3.2.0"
smol-toml: "1.5.2"
msw: 2.12.4
tinyglobby: "0.2.16"
"tree-kill": "1.2.2"
"capnp-es": "0.0.14"
"capnweb": "0.5.0"
"ci-info": "4.4.0"
"open": "11.0.0"
"signal-exit": "4.1.0"
# CAUTION: Most usage of @cloudflare/vitest-pool-workers in this monorepo should use workspace:* instead of this catalog version
# However, some packages (pages-shared, workers-shared, etc...) need to be tested using vitest-pool-workers but are themselves
# ultimately included in vitest-pool-workers (through Wrangler), causing a circular dependency.
"@cloudflare/vitest-pool-workers": "0.13.3"