fix: update pnpm to 11.1.1

[mungodewar]

Updates the bundled pnpm to v11.1.1.

Generated by running:

• node scripts/update-bootstrap.mjs 11.1.1
• pnpm run build

Summary by CodeRabbit

• Chores
  • Updated the packaged installer and package manager components to newer releases, improving installation reliability and cross-platform stability (Linux, macOS, Windows) and reducing platform-specific install issues.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 47f9e138-5356-4a40-8339-d72038b7afd4

📥 Commits

Reviewing files that changed from the base of the PR and between 3e83581 and b2823a8.

⛔ Files ignored due to path filters (1)

• dist/index.js is excluded by !**/dist/**

📒 Files selected for processing (2)

• src/install-pnpm/bootstrap/exe-lock.json
• src/install-pnpm/bootstrap/pnpm-lock.json

📜 Recent review details

🔇 Additional comments (3)

src/install-pnpm/bootstrap/pnpm-lock.json (1)

8-14: Lockfile bump is internally consistent.

Root dependency and node_modules/pnpm metadata are aligned to 11.1.1 (version, resolved, integrity) with no drift in this segment.

src/install-pnpm/bootstrap/exe-lock.json (2)

8-14: Version and integrity refresh looks coherent across the lockfile.

@pnpm/exe and its listed platform packages are consistently bumped to 11.1.1, with matching resolved and integrity updates.

Also applies to: 31-37, 41-145

---

30-37: Confirm Intel macOS support gap: @pnpm/macos-x64 is missing from upstream @pnpm/exe@11.1.1.

The absence of @pnpm/macos-x64 in the optionalDependencies (line 35) is confirmed against the published npm package. Only @pnpm/macos-arm64 is available. This creates a bootstrap gap for Intel macOS systems—verify whether this is an intentional shift to ARM64-only macOS support or an upstream packaging gap that could regress the action on Intel Macs. Contact upstream maintainers or investigate mitigation if x64 Darwin bootstrap is a requirement.
Also applies to: 110-125

---

📝 Walkthrough

Walkthrough

Bump pnpm and bundled @pnpm/exe from 11.0.4 to 11.1.1 in bootstrap lockfiles; update resolved URLs and integrity hashes for platform-specific exe packages and remove the macos-x64 exe entry.

Changes

pnpm Bootstrap Upgrade

Layer / File(s)	Summary
pnpm root lock update src/install-pnpm/bootstrap/pnpm-lock.json	Root pnpm dependency and node_modules/pnpm metadata updated to 11.1.1 (version, resolved, integrity).
@pnpm/exe root and optionalDependencies src/install-pnpm/bootstrap/exe-lock.json	@pnpm/exe root dependency and optionalDependencies platform mapping bumped to 11.1.1; corresponding root node_modules/@pnpm/exe metadata updated.
Platform-specific exe package entries src/install-pnpm/bootstrap/exe-lock.json	Platform package entries updated to 11.1.1 for linux-arm64, linux-x64, linuxstatic-arm64, linuxstatic-x64, macos-arm64, win-arm64, and win-x64; macos-x64 entry removed.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• pnpm/action-setup#254: Updates the same bootstrap lockfiles to bump bundled @pnpm/exe/pnpm versions.

Poem

I’m a rabbit with a tiny build cap,
Hopped through lockfiles, gave versions a tap,
From eleven dot zero four we now run,
Eleven point one point one — the upgrade is done! 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: updating pnpm from 11.0.4 to 11.1.1, which is reflected in both lock files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[zkochan]

why do you need to update pnpm in the action? This action will install any pnpm version that you specify in your project.

[djmurphy32]

@zkochan it doesn't use the specified version in the package.json in v6 of the action, it only uses the bootstrapped version. You can see the error in this dbot run in one of my repos. The action is using pnpm 11.0.0-rc.5 despite 11.0.7 being configured in the package.json.

Pinning to v5 of the action and using packageManaer in the package.json works. I have opened a PR #246 to address the issue in v6 of the action, any feedback on it is welcome

[zkochan]

Try adding "onFail": "download" to:

https://github.com/djmurphy32/peter-smith/blob/91009ef513880804c62f5aafda93a752da103995/package.json#L8-L11

"devEngines": {
    "packageManager": {
      "name": "pnpm",
      "version": "11.0.7",
      "onFail": "download"
    }
  },

[djmurphy32]

That does resolve the issue. But I think it is not correct that I must configure that in my package.json to accomodate the CI pipeline instead of the pipeline selecting based on the package.json which it did previously.

It is not documented behaviour and is a breaking change from v5 to v6 that is not captured anywhere, so if this is the direction the action is taking can the readme please be updated to reflect this. However I do think it would be better to have the action resolve the version based on the selected version in the package.json instead of having required CI config in the package.json which could conflict with how teams currently use the onFail option.

Also, does this mean that the action is dropping support for selecting the version based on packageManager?

[mungodewar]

👋 Hello!

I think I'm suffering from the same issue as @djmurphy32 has pointed out. My failure result is a little different:

  "packageManager": "pnpm@11.0.6",

• 11.0.4 used as pnpm version (as @djmurphy32 demonstrates)
• Due to PNPM_CONFIG_USERCONFIG doesn't work pnpm#11465 contacting internal registry fails authentication

I assumed that the right course of action was to update the version within the action, but perhaps the real fix is as @djmurphy32 mentions. In the meantime I will try both the suggestion for the devEngines.packageMangager and the revert to v5.

Thanks both.

[yangmingshan]

- uses: pnpm/action-setup@v6
  with:
    version: latest

This will work