Skip to content

chore(renovate): fix lockfile-regen OOM blocking grouped dep PRs (#869)#872

Merged
AlemTuzlak merged 1 commit into
mainfrom
fix/renovate-oom-lockfile-869
Jul 1, 2026
Merged

chore(renovate): fix lockfile-regen OOM blocking grouped dep PRs (#869)#872
AlemTuzlak merged 1 commit into
mainfrom
fix/renovate-oom-lockfile-869

Conversation

@jherr

@jherr jherr commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Fixes #869

Problem

Renovate's renovate/artifacts step OOMs (heap limit, e.g. #719) while regenerating the lockfile, so the lockfile never updates and every --frozen-lockfile check cascades to red.

The root cause: group:allNonMajor bundles every non-major update into a single PR, so Renovate resolves the whole ~1.1MB lockfile across all workspace manifests in one pnpm pass — and postUpdateOptions: [pnpmDedupe] adds a full-lockfile dedupe on top.

Changes (.github/renovate.json)

  • Split group:allNonMajor into per-ecosystem groups. Removed the group:allNonMajor preset and added packageRules that group non-major updates by ecosystem: markdown/unified (the largest transitive cluster), AI provider SDKs, build & test tooling, lint & format, React/Vue/Angular/Solid/Svelte, Tailwind/icons, and @types. A catch-all rule keeps everything else bundled so we don't regress into one-PR-per-dependency. Each resulting PR touches far fewer manifests, shrinking every lockfile pass.
  • Dropped pnpmDedupe from postUpdateOptions — the full-lockfile dedupe pass was the main memory driver.
  • Added minimumReleaseAge: "1 day" to match pnpm's minimumReleaseAge: 1440 (minutes) in pnpm-workspace.yaml, so Renovate won't propose freshly-published versions that pnpm would refuse to install.

Follow-up (not in this repo)

Raising the runner heap (NODE_OPTIONS=--max-old-space-size=8192) has to be configured in the Mend hosted env — there's no renovate.json field for it. This PR reduces per-pass memory enough that it may not be needed, but it's the belt-and-suspenders knob if a group still grows large.

Validation

renovate-config-validator passes:

INFO: Validating .github/renovate.json
INFO: Config validated successfully

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Improved automated dependency update handling with more consistent grouping by category and ecosystem.
    • Non-major updates now arrive in consolidated batches, making upgrade review simpler.
    • Update timing was adjusted to wait a day before opening certain dependency changes.

The single `group:allNonMajor` group updated every dependency in one PR,
so Renovate's `renovate/artifacts` step regenerated the entire ~1.1MB
lockfile across all workspace manifests in a single pnpm pass — with
`pnpmDedupe` on top — and OOM'd on the heap limit (e.g. #719). The
lockfile then never updated and every `--frozen-lockfile` check went red.

- Drop `group:allNonMajor` in favor of smaller per-ecosystem groups
  (markdown/unified, ai provider sdks, build & test tooling, lint &
  format, framework ecosystems, @types, tailwind). A catch-all keeps the
  remainder bundled so we don't regress to one-PR-per-dep. Each PR now
  touches far fewer manifests, shrinking each lockfile pass.
- Drop `pnpmDedupe` from postUpdateOptions — the full-lockfile dedupe
  pass was the main memory driver.
- Add `minimumReleaseAge: "1 day"` to match pnpm's `minimumReleaseAge:
  1440` (minutes) in pnpm-workspace.yaml, so Renovate doesn't propose
  versions pnpm will refuse to install.

Note: raising the runner heap (NODE_OPTIONS=--max-old-space-size=8192)
must be set in the Mend hosted env — it can't live in renovate.json.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@jherr jherr requested a review from a team as a code owner July 1, 2026 00:27
@nx-cloud

nx-cloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

View your CI Pipeline Execution ↗ for commit 8b39305

Command Status Duration Result
nx run-many --targets=build --exclude=examples/... ✅ Succeeded 1s View ↗

☁️ Nx Cloud last updated this comment at 2026-07-01 00:28:42 UTC

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🚀 Changeset Version Preview

No changeset entries found. Merging this PR will not cause a version bump for any packages.

@pkg-pr-new

pkg-pr-new Bot commented Jul 1, 2026

Copy link
Copy Markdown

Open in StackBlitz

@tanstack/ai

npm i https://pkg.pr.new/@tanstack/ai@872

@tanstack/ai-acp

npm i https://pkg.pr.new/@tanstack/ai-acp@872

@tanstack/ai-angular

npm i https://pkg.pr.new/@tanstack/ai-angular@872

@tanstack/ai-anthropic

npm i https://pkg.pr.new/@tanstack/ai-anthropic@872

@tanstack/ai-bedrock

npm i https://pkg.pr.new/@tanstack/ai-bedrock@872

@tanstack/ai-claude-code

npm i https://pkg.pr.new/@tanstack/ai-claude-code@872

@tanstack/ai-client

npm i https://pkg.pr.new/@tanstack/ai-client@872

@tanstack/ai-code-mode

npm i https://pkg.pr.new/@tanstack/ai-code-mode@872

@tanstack/ai-code-mode-skills

npm i https://pkg.pr.new/@tanstack/ai-code-mode-skills@872

@tanstack/ai-codex

npm i https://pkg.pr.new/@tanstack/ai-codex@872

@tanstack/ai-devtools-core

npm i https://pkg.pr.new/@tanstack/ai-devtools-core@872

@tanstack/ai-elevenlabs

npm i https://pkg.pr.new/@tanstack/ai-elevenlabs@872

@tanstack/ai-event-client

npm i https://pkg.pr.new/@tanstack/ai-event-client@872

@tanstack/ai-fal

npm i https://pkg.pr.new/@tanstack/ai-fal@872

@tanstack/ai-gemini

npm i https://pkg.pr.new/@tanstack/ai-gemini@872

@tanstack/ai-grok

npm i https://pkg.pr.new/@tanstack/ai-grok@872

@tanstack/ai-grok-build

npm i https://pkg.pr.new/@tanstack/ai-grok-build@872

@tanstack/ai-groq

npm i https://pkg.pr.new/@tanstack/ai-groq@872

@tanstack/ai-isolate-cloudflare

npm i https://pkg.pr.new/@tanstack/ai-isolate-cloudflare@872

@tanstack/ai-isolate-node

npm i https://pkg.pr.new/@tanstack/ai-isolate-node@872

@tanstack/ai-isolate-quickjs

npm i https://pkg.pr.new/@tanstack/ai-isolate-quickjs@872

@tanstack/ai-mcp

npm i https://pkg.pr.new/@tanstack/ai-mcp@872

@tanstack/ai-mistral

npm i https://pkg.pr.new/@tanstack/ai-mistral@872

@tanstack/ai-ollama

npm i https://pkg.pr.new/@tanstack/ai-ollama@872

@tanstack/ai-openai

npm i https://pkg.pr.new/@tanstack/ai-openai@872

@tanstack/ai-opencode

npm i https://pkg.pr.new/@tanstack/ai-opencode@872

@tanstack/ai-openrouter

npm i https://pkg.pr.new/@tanstack/ai-openrouter@872

@tanstack/ai-preact

npm i https://pkg.pr.new/@tanstack/ai-preact@872

@tanstack/ai-react

npm i https://pkg.pr.new/@tanstack/ai-react@872

@tanstack/ai-react-ui

npm i https://pkg.pr.new/@tanstack/ai-react-ui@872

@tanstack/ai-sandbox

npm i https://pkg.pr.new/@tanstack/ai-sandbox@872

@tanstack/ai-sandbox-cloudflare

npm i https://pkg.pr.new/@tanstack/ai-sandbox-cloudflare@872

@tanstack/ai-sandbox-daytona

npm i https://pkg.pr.new/@tanstack/ai-sandbox-daytona@872

@tanstack/ai-sandbox-docker

npm i https://pkg.pr.new/@tanstack/ai-sandbox-docker@872

@tanstack/ai-sandbox-local-process

npm i https://pkg.pr.new/@tanstack/ai-sandbox-local-process@872

@tanstack/ai-sandbox-vercel

npm i https://pkg.pr.new/@tanstack/ai-sandbox-vercel@872

@tanstack/ai-solid

npm i https://pkg.pr.new/@tanstack/ai-solid@872

@tanstack/ai-solid-ui

npm i https://pkg.pr.new/@tanstack/ai-solid-ui@872

@tanstack/ai-svelte

npm i https://pkg.pr.new/@tanstack/ai-svelte@872

@tanstack/ai-utils

npm i https://pkg.pr.new/@tanstack/ai-utils@872

@tanstack/ai-vue

npm i https://pkg.pr.new/@tanstack/ai-vue@872

@tanstack/ai-vue-ui

npm i https://pkg.pr.new/@tanstack/ai-vue-ui@872

@tanstack/openai-base

npm i https://pkg.pr.new/@tanstack/openai-base@872

@tanstack/preact-ai-devtools

npm i https://pkg.pr.new/@tanstack/preact-ai-devtools@872

@tanstack/react-ai-devtools

npm i https://pkg.pr.new/@tanstack/react-ai-devtools@872

@tanstack/solid-ai-devtools

npm i https://pkg.pr.new/@tanstack/solid-ai-devtools@872

commit: 8b39305

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

This PR updates .github/renovate.json to remove the group:allNonMajor preset, replace postUpdateOptions: [pnpmDedupe] with minimumReleaseAge: "1 day", and add a packageRules array that groups non-major updates into smaller, ecosystem-specific categories.

Changes

Renovate Configuration Update

Layer / File(s) Summary
Timing and preset adjustments
.github/renovate.json
Removes group:allNonMajor from extends and replaces postUpdateOptions: [pnpmDedupe] with minimumReleaseAge: "1 day".
Per-ecosystem packageRules grouping
.github/renovate.json
Adds packageRules defining grouping for non-major updates split by ecosystem/tooling (lint/format, build/test, markdown, AI/provider SDKs, frontend frameworks, styling/icons, @types).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Renovate hopped through a lockfile maze,
Heap on fire, dependencies ablaze 🔥
Now split by kind, with room to breathe,
No more one giant PR to grieve.
Hop, hop, merge — a tidier day! 🐇

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly states the Renovate lockfile OOM fix and grouped dependency PR scope.
Description check ✅ Passed The description covers the change, motivation, follow-up, and validation, though it omits the template's checklist and release-impact sections.
Linked Issues check ✅ Passed The changes match #869 by splitting allNonMajor groups, removing pnpmDedupe, and adding the minimum release age alignment.
Out of Scope Changes check ✅ Passed The PR only updates Renovate config and stays focused on the lockfile OOM fix.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/renovate-oom-lockfile-869

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
.github/renovate.json (1)

17-17: 🧹 Nitpick | 🔵 Trivial

Consider scheduling periodic lockfile maintenance now that pnpmDedupe is removed.

Dropping pnpmDedupe fixes the OOM but means the lockfile will no longer be actively de-duplicated on every update, so redundant nested versions can accumulate over time. A scheduled lockFileMaintenance run (e.g. weekly/monthly, off the hot path) would let dedupe happen in a lower-memory-pressure, isolated pass instead of on every grouped update.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/renovate.json at line 17, Add a scheduled lockFileMaintenance job in
the Renovate configuration now that pnpmDedupe has been removed, so redundant
nested versions can still be cleaned up in an isolated maintenance pass. Update
the config alongside minimumReleaseAge in .github/renovate.json to run periodic
maintenance (for example weekly or monthly) rather than relying on grouped
updates, and keep the change scoped to the Renovate settings that control
maintenance scheduling.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/renovate.json:
- Around line 120-133: The React and Vue ecosystem group rules in the Renovate
config are missing the base packages, so updates for react and vue fall through
to the generic group. Update the matchPackageNames entries in the react
ecosystem and vue ecosystem objects to explicitly include react and vue
alongside the existing wildcard patterns, keeping the current groupName and
groupSlug values intact.

---

Nitpick comments:
In @.github/renovate.json:
- Line 17: Add a scheduled lockFileMaintenance job in the Renovate configuration
now that pnpmDedupe has been removed, so redundant nested versions can still be
cleaned up in an isolated maintenance pass. Update the config alongside
minimumReleaseAge in .github/renovate.json to run periodic maintenance (for
example weekly or monthly) rather than relying on grouped updates, and keep the
change scoped to the Renovate settings that control maintenance scheduling.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f6d56fcc-7009-4a70-915d-b9b3f0961783

📥 Commits

Reviewing files that changed from the base of the PR and between 1880999 and 8b39305.

📒 Files selected for processing (1)
  • .github/renovate.json

Comment thread .github/renovate.json
Comment on lines +120 to +133
{
"description": "React ecosystem",
"matchUpdateTypes": ["minor", "patch"],
"matchPackageNames": ["react-**", "@react-native/**", "react-native", "react-native-**"],
"groupName": "react ecosystem",
"groupSlug": "react-ecosystem"
},
{
"description": "Vue ecosystem",
"matchUpdateTypes": ["minor", "patch"],
"matchPackageNames": ["@vue/**", "vue-**"],
"groupName": "vue ecosystem",
"groupSlug": "vue-ecosystem"
},

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Add bare react and vue to the ecosystem groups.
react-** and vue-** don’t match the base packages, so updates to react or vue will fall back to the generic dependency group instead of staying with their ecosystems.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/renovate.json around lines 120 - 133, The React and Vue ecosystem
group rules in the Renovate config are missing the base packages, so updates for
react and vue fall through to the generic group. Update the matchPackageNames
entries in the react ecosystem and vue ecosystem objects to explicitly include
react and vue alongside the existing wildcard patterns, keeping the current
groupName and groupSlug values intact.

@AlemTuzlak AlemTuzlak merged commit 85d31a8 into main Jul 1, 2026
10 checks passed
@AlemTuzlak AlemTuzlak deleted the fix/renovate-oom-lockfile-869 branch July 1, 2026 08:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Renovate: fix lockfile-regen OOM blocking grouped dep PRs (#719)

4 participants