Keep pnpm current: run pnpm self-update/corepack prepare, align packageManager in package.json, and bump pnpm/action-setup + pinned pnpm versions in .github/workflows to the latest release. Use this when refreshing the pnpm toolchain manually or in automation.
Use these steps to update pnpm and CI pins without blunt search/replace.
Update pnpm locally
pnpm self-update; if pnpm is missing or self-update fails, run corepack prepare pnpm@latest --activate.PNPM_VERSION=$(pnpm -v).Align package.json
package.json and set packageManager to pnpm@${PNPM_VERSION} (preserve trailing newline and formatting).Find latest pnpm/action-setup tag
curl -fsSL https://api.github.com/repos/pnpm/action-setup/releases/latest | jq -r .tag_name.GITHUB_TOKEN/GH_TOKEN if available for higher rate limits.ACTION_TAG (e.g., v4.2.0). Abort if missing.Resolve the action tag to an immutable commit SHA
git ls-remote https://github.com/pnpm/action-setup "refs/tags/${ACTION_TAG}^{}"ACTION_SHAgit ls-remote https://github.com/pnpm/action-setup "refs/tags/${ACTION_TAG}".ACTION_SHA is empty.Update workflows carefully (no broad regex)
.github/workflows/ that uses pnpm/action-setup.uses: pnpm/action-setup@${ACTION_SHA}.with: version: field exists, set it to ${PNPM_VERSION} (keep quoting style/indent).Verify
pnpm -v and confirm it matches packageManager.git diff to ensure only intended workflow/package.json changes.Follow-up
$code-change-verification; otherwise, a light check is enough.chore: upgrade pnpm toolchain and open a PR (automation may do this).curl, jq, node, pnpm/corepack. Install if missing.