chore(renovate): fix lockfile-regen OOM blocking grouped dep PRs (#869)#872
Conversation
The single `group:allNonMajor` group updated every dependency in one PR, so Renovate's `renovate/artifacts` step regenerated the entire ~1.1MB lockfile across all workspace manifests in a single pnpm pass — with `pnpmDedupe` on top — and OOM'd on the heap limit (e.g. #719). The lockfile then never updated and every `--frozen-lockfile` check went red. - Drop `group:allNonMajor` in favor of smaller per-ecosystem groups (markdown/unified, ai provider sdks, build & test tooling, lint & format, framework ecosystems, @types, tailwind). A catch-all keeps the remainder bundled so we don't regress to one-PR-per-dep. Each PR now touches far fewer manifests, shrinking each lockfile pass. - Drop `pnpmDedupe` from postUpdateOptions — the full-lockfile dedupe pass was the main memory driver. - Add `minimumReleaseAge: "1 day"` to match pnpm's `minimumReleaseAge: 1440` (minutes) in pnpm-workspace.yaml, so Renovate doesn't propose versions pnpm will refuse to install. Note: raising the runner heap (NODE_OPTIONS=--max-old-space-size=8192) must be set in the Mend hosted env — it can't live in renovate.json. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
View your CI Pipeline Execution ↗ for commit 8b39305
☁️ Nx Cloud last updated this comment at |
🚀 Changeset Version PreviewNo changeset entries found. Merging this PR will not cause a version bump for any packages. |
@tanstack/ai
@tanstack/ai-acp
@tanstack/ai-angular
@tanstack/ai-anthropic
@tanstack/ai-bedrock
@tanstack/ai-claude-code
@tanstack/ai-client
@tanstack/ai-code-mode
@tanstack/ai-code-mode-skills
@tanstack/ai-codex
@tanstack/ai-devtools-core
@tanstack/ai-elevenlabs
@tanstack/ai-event-client
@tanstack/ai-fal
@tanstack/ai-gemini
@tanstack/ai-grok
@tanstack/ai-grok-build
@tanstack/ai-groq
@tanstack/ai-isolate-cloudflare
@tanstack/ai-isolate-node
@tanstack/ai-isolate-quickjs
@tanstack/ai-mcp
@tanstack/ai-mistral
@tanstack/ai-ollama
@tanstack/ai-openai
@tanstack/ai-opencode
@tanstack/ai-openrouter
@tanstack/ai-preact
@tanstack/ai-react
@tanstack/ai-react-ui
@tanstack/ai-sandbox
@tanstack/ai-sandbox-cloudflare
@tanstack/ai-sandbox-daytona
@tanstack/ai-sandbox-docker
@tanstack/ai-sandbox-local-process
@tanstack/ai-sandbox-vercel
@tanstack/ai-solid
@tanstack/ai-solid-ui
@tanstack/ai-svelte
@tanstack/ai-utils
@tanstack/ai-vue
@tanstack/ai-vue-ui
@tanstack/openai-base
@tanstack/preact-ai-devtools
@tanstack/react-ai-devtools
@tanstack/solid-ai-devtools
commit: |
📝 WalkthroughWalkthroughThis PR updates ChangesRenovate Configuration Update
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/renovate.json (1)
17-17: 🧹 Nitpick | 🔵 TrivialConsider scheduling periodic lockfile maintenance now that
pnpmDedupeis removed.Dropping
pnpmDedupefixes the OOM but means the lockfile will no longer be actively de-duplicated on every update, so redundant nested versions can accumulate over time. A scheduledlockFileMaintenancerun (e.g. weekly/monthly, off the hot path) would let dedupe happen in a lower-memory-pressure, isolated pass instead of on every grouped update.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/renovate.json at line 17, Add a scheduled lockFileMaintenance job in the Renovate configuration now that pnpmDedupe has been removed, so redundant nested versions can still be cleaned up in an isolated maintenance pass. Update the config alongside minimumReleaseAge in .github/renovate.json to run periodic maintenance (for example weekly or monthly) rather than relying on grouped updates, and keep the change scoped to the Renovate settings that control maintenance scheduling.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/renovate.json:
- Around line 120-133: The React and Vue ecosystem group rules in the Renovate
config are missing the base packages, so updates for react and vue fall through
to the generic group. Update the matchPackageNames entries in the react
ecosystem and vue ecosystem objects to explicitly include react and vue
alongside the existing wildcard patterns, keeping the current groupName and
groupSlug values intact.
---
Nitpick comments:
In @.github/renovate.json:
- Line 17: Add a scheduled lockFileMaintenance job in the Renovate configuration
now that pnpmDedupe has been removed, so redundant nested versions can still be
cleaned up in an isolated maintenance pass. Update the config alongside
minimumReleaseAge in .github/renovate.json to run periodic maintenance (for
example weekly or monthly) rather than relying on grouped updates, and keep the
change scoped to the Renovate settings that control maintenance scheduling.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
| { | ||
| "description": "React ecosystem", | ||
| "matchUpdateTypes": ["minor", "patch"], | ||
| "matchPackageNames": ["react-**", "@react-native/**", "react-native", "react-native-**"], | ||
| "groupName": "react ecosystem", | ||
| "groupSlug": "react-ecosystem" | ||
| }, | ||
| { | ||
| "description": "Vue ecosystem", | ||
| "matchUpdateTypes": ["minor", "patch"], | ||
| "matchPackageNames": ["@vue/**", "vue-**"], | ||
| "groupName": "vue ecosystem", | ||
| "groupSlug": "vue-ecosystem" | ||
| }, |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Add bare react and vue to the ecosystem groups.
react-** and vue-** don’t match the base packages, so updates to react or vue will fall back to the generic dependency group instead of staying with their ecosystems.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/renovate.json around lines 120 - 133, The React and Vue ecosystem
group rules in the Renovate config are missing the base packages, so updates for
react and vue fall through to the generic group. Update the matchPackageNames
entries in the react ecosystem and vue ecosystem objects to explicitly include
react and vue alongside the existing wildcard patterns, keeping the current
groupName and groupSlug values intact.
Fixes #869
Problem
Renovate's
renovate/artifactsstep OOMs (heap limit, e.g. #719) while regenerating the lockfile, so the lockfile never updates and every--frozen-lockfilecheck cascades to red.The root cause:
group:allNonMajorbundles every non-major update into a single PR, so Renovate resolves the whole ~1.1MB lockfile across all workspace manifests in one pnpm pass — andpostUpdateOptions: [pnpmDedupe]adds a full-lockfile dedupe on top.Changes (
.github/renovate.json)group:allNonMajorinto per-ecosystem groups. Removed thegroup:allNonMajorpreset and addedpackageRulesthat group non-major updates by ecosystem: markdown/unified (the largest transitive cluster), AI provider SDKs, build & test tooling, lint & format, React/Vue/Angular/Solid/Svelte, Tailwind/icons, and@types. A catch-all rule keeps everything else bundled so we don't regress into one-PR-per-dependency. Each resulting PR touches far fewer manifests, shrinking every lockfile pass.pnpmDedupefrompostUpdateOptions— the full-lockfile dedupe pass was the main memory driver.minimumReleaseAge: "1 day"to match pnpm'sminimumReleaseAge: 1440(minutes) inpnpm-workspace.yaml, so Renovate won't propose freshly-published versions that pnpm would refuse to install.Follow-up (not in this repo)
Raising the runner heap (
NODE_OPTIONS=--max-old-space-size=8192) has to be configured in the Mend hosted env — there's norenovate.jsonfield for it. This PR reduces per-pass memory enough that it may not be needed, but it's the belt-and-suspenders knob if a group still grows large.Validation
renovate-config-validatorpasses:🤖 Generated with Claude Code
Summary by CodeRabbit