Bump pnpm to version 11.9.0

[k-taro56]

This pull request updates the repository’s pinned version of pnpm from 11.6.0 to 11.9.0 across the codebase and documentation. This ensures consistency with the latest supported pnpm features, improves compatibility, and keeps the supply-chain tooling up-to-date.

Dependency and Tooling Updates:

• Updated the packageManager field in package.json to pin pnpm at version 11.9.0.
• Updated references in .github/workflows/ci.yaml and .github/workflows/build.yaml to use pnpm 11.9.0 for all CI/CD steps, including action setup, matrix activation, and documentation comments. [1] [2] [3] [4] [5]

Documentation Updates:

• Updated the SBOM generation documentation in AGENTS.md to reflect the new pnpm 11.9.0 pin.
• Updated compatibility/tested versions in scaffold.ts comments to include pnpm 11.9.0.

Summary by CodeRabbit

• Chores
  • Updated the pinned pnpm version across build and CI configuration from 11.6.0 to 11.9.0.
  • Aligned the workspace package manager setting with pnpm 11.9.0, including the updated integrity reference.
  • Refreshed related guidance and comments to match the new pinned version.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[github-code-quality]

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/arkor

The overall coverage remains at 99%, unchanged from the main branch.

TypeScript / code-coverage/create-arkor

The overall coverage remains at 56%, unchanged from the main branch.

TypeScript / code-coverage/cli-internal

The overall coverage remains at 97%, unchanged from the main branch.

TypeScript / code-coverage/studio-app

The overall coverage remains at 53%, unchanged from the main branch.

---

_{Updated June 29, 2026 04:05 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}

[coderabbitai]

Warning

Review limit reached

@k-taro56, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 27 minutes and 21 seconds. Learn how PR review limits work.

To continue reviewing without waiting, enable usage-based billing in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: d8767cca-865f-47f8-9d7a-44b53863b747

📥 Commits

Reviewing files that changed from the base of the PR and between 489c7a8 and a5d27e2.

📒 Files selected for processing (1)

• .github/workflows/ci.yaml

Walkthrough

Bumps the pinned pnpm version from 11.6.0 to 11.9.0 across the repository: updates the packageManager field in package.json (with new sha512 hash), the corepack prepare command in ci.yaml, inline comments in both CI workflows, the Release SBOMs guidance in AGENTS.md, and a tested-version comment in scaffold.ts.

Changes

pnpm version bump to 11.9.0

Layer / File(s)	Summary
packageManager field and corepack prepare update package.json, .github/workflows/ci.yaml	packageManager pin changed to pnpm@11.9.0 with updated sha512 hash; corepack prepare pnpm@11.9.0 --activate updated for the pnpm-11 matrix entry.
CI/build workflow comment updates .github/workflows/ci.yaml, .github/workflows/build.yaml	All inline comments referencing 11.6.0 updated to 11.9.0, including build job notes, install-matrix comments, and "Confirm pm version" step explanations.
Docs and source comment updates AGENTS.md, packages/cli-internal/src/scaffold.ts	Release SBOMs section in AGENTS.md and the pnpm-tested-version comment in scaffold.ts updated from 11.6.0 to 11.9.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• arkorlab/arkor#171: Same set of files updated with a pnpm version bump (11.3.0 → 11.5.0), establishing the identical pattern used here.
• arkorlab/arkor#178: Direct predecessor bump (to 11.6.0) across the same files, same structure.

Suggested reviewers

• soleil-colza

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely states the primary change: bumping pnpm to version 11.9.0.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch eng-835

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch eng-835

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[qodo-code-review]

PR Summary by Qodo

Bump pinned pnpm version to 11.9.0
⚙️ Configuration changes 📝 Documentation 🕐 10-20 Minutes

Description

• Pin pnpm 11.9.0 in package.json for consistent local and CI tooling.
• Align CI/build workflows’ pnpm-11 matrix and comments with the new pin.
• Update internal docs/scaffold notes referencing the repo’s tested pnpm version.

Diagram

graph TD
  ci["CI workflow"] --> pnpm["pnpm 11.9.0"]
  build["Build workflow"] --> pnpm --> pkg["package.json packageManager"]
  docs["AGENTS.md"] --> pkg
  scaffold["scaffold.ts (comments)"] --> pkg

Loading

High-Level Assessment

Keeping a single authoritative pnpm pin in package.json and updating CI/docs to match is the right approach. Alternatives like pinning pnpm directly via pnpm/action-setup’s version input are already noted as problematic due to mismatches with the full packageManager string (including the sha512).

Files changed (5) +10 / -10

Documentation (2) +2 / -2

AGENTS.mdRefresh SBOM documentation to reference pnpm 11.9.0 +1/-1

Refresh SBOM documentation to reference pnpm 11.9.0

• Updates the Release SBOMs guidance to reflect the repository’s pnpm pin moving to 11.9.0, maintaining accurate tooling prerequisites in documentation.

AGENTS.md

scaffold.tsUpdate scaffold comment for tested pnpm 11 version +1/-1

Update scaffold comment for tested pnpm 11 version

• Adjusts the scaffold documentation comment to indicate testing against pnpm 11.9.0 (alongside pnpm 9/10). No runtime scaffold behavior changes.

packages/cli-internal/src/scaffold.ts

Other (3) +8 / -8

build.yamlUpdate build workflow comments to pnpm 11.9.0 pin +1/-1

Update build workflow comments to pnpm 11.9.0 pin

• Updates the release-builder workflow documentation comment to reflect that the repo pins pnpm 11.9.0 (relevant to OIDC publish behavior expectations). No behavioral workflow changes beyond documentation alignment.

.github/workflows/build.yaml

ci.yamlBump pnpm-11 corepack activation and CI comments to 11.9.0 +6/-6

Bump pnpm-11 corepack activation and CI comments to 11.9.0

• Updates CI comments and the install-matrix pnpm-11 lane to activate pnpm@11.9.0 via corepack. Keeps explanatory notes consistent with the root packageManager pin to avoid confusion during matrix debugging.

.github/workflows/ci.yaml

package.jsonPin packageManager to pnpm@11.9.0 (+sha512) +1/-1

Pin packageManager to pnpm@11.9.0 (+sha512)

• Updates the root packageManager field from pnpm 11.6.0 to 11.9.0, including the corresponding integrity suffix. This is the canonical pnpm version pin consumed by corepack and CI.

package.json

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Great, no issues found!

Qodo reviewed your code and found no material issues that require review

[Copilot]

Pull request overview

This PR bumps the repo’s pinned pnpm version from 11.6.0 to 11.9.0, updating both the root packageManager pin and the corresponding CI/workflow references and documentation to keep the toolchain consistent.

Changes:

• Updated root packageManager pin to pnpm@11.9.0 (including the integrity hash).
• Updated GitHub Actions workflows to reference pnpm 11.9.0 in comments and the corepack matrix activation.
• Updated internal/docs commentary to reflect the new tested/pinned pnpm version.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
packages/cli-internal/src/scaffold.ts	Updates scaffold documentation comment to include pnpm 11.9.0 in the tested versions list.
package.json	Bumps the root packageManager pin to pnpm 11.9.0 with updated sha512 integrity.
AGENTS.md	Updates SBOM tooling documentation to reflect pnpm 11.9.0 being pinned.
.github/workflows/ci.yaml	Updates CI workflow comments and corepack matrix preparation to use pnpm 11.9.0.
.github/workflows/build.yaml	Updates workflow documentation comment to reflect pnpm 11.9.0 being pinned.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.