ci(security): harden CI/CD supply chain and bump pnpm to 11.1.1#436
Merged
Conversation
Bumps the corepack-managed pnpm version across the root and the four Angular example workspaces. pnpm 11 refuses to run install scripts by default; declare a minimal allowBuilds allowlist in pnpm-workspace.yaml so only the two packages whose postinstalls the build actually needs (esbuild, nx) are permitted. The other eight transitively-pulled postinstalls (sharp, lmdb, workerd, etc.) all fall back to JS paths or are unused during build, and are explicitly denied. Also pin the preinstall guard to only-allow@1.2.2 so it no longer resolves a floating tag from npm on every install.
Replaces every mutable workflow reference (@main, @v1, @V3, @v4, @v6.0.2) with a 40-char commit SHA + version comment so Renovate can keep them current. Composite actions in TanStack/config — previously pinned to @main — are the highest-impact change: a force-push or compromised commit there would have given an attacker the npm OIDC publishing identity plus contents/issues/PR write tokens on the next push to main. Other changes in this commit: - release.yml: set cancel-in-progress: false so a re-push cannot abort changesets/action mid-publish and leave partial versions on npm. Add environment: release so required reviewers can be configured in repo settings for an explicit human gate before publish. - triage-agent.yml: add a "SECURITY: Untrusted input" preamble to the Warp agent prompt. The agent reads attacker-controlled issue text, so it must treat that text strictly as data and refuse instructions embedded inside it. Also corrected the bug-report template path (bug-report.yml -> bug_report.yml) that the agent was failing to load. - check-skills.yml / validate-skills.yml: pin @tanstack/intent to a specific version; npm install -g without a version was floating. - pr.yml preview job: pin pkg-pr-new to a specific version; pnpx without a version was floating. - .github/renovate.json: drop :automergeMinor. Combined with floating versions this could have landed a malicious patch without review. - .github/CODEOWNERS (new): require owner review on workflows, package manifests, lockfile, .npmrc, and renovate config. Adjust the owner handle to a team once one exists. - .github/workflows/dependency-review.yml (new): runs actions/dependency-review-action on every PR with fail-on-severity: high to block PRs that introduce known-vulnerable transitive dependencies.
The original `||`-chained preinstall printed "Skipping preinstall..." in CI but then ran only-allow anyway because `process.exit(1)` triggers the `||` operator. CI happened to pass when only-allow was unpinned (npx resolved it differently), but pinning to @1.2.2 forced a fresh registry resolve in which only-allow strictly checks npm_config_user_agent — which, when invoked via npx-inside-pnpm, is npm's, not pnpm's — and rejects. The fix matches the script's stated intent: when CI=true, exit 0 so the `||` does not trigger and only-allow is genuinely skipped. Local installs continue to fall through and enforce pnpm via only-allow as before.
Contributor
🚀 Changeset Version Preview3 package(s) bumped directly, 11 bumped as dependents. 🟨 Minor bumps
🟩 Patch bumps
|
More templates
@tanstack/angular-devtools
@tanstack/devtools
@tanstack/devtools-a11y
@tanstack/devtools-client
@tanstack/devtools-ui
@tanstack/devtools-utils
@tanstack/devtools-vite
@tanstack/devtools-event-bus
@tanstack/devtools-event-client
@tanstack/preact-devtools
@tanstack/react-devtools
@tanstack/solid-devtools
@tanstack/vue-devtools
commit: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two related changes bundled together because the pnpm 11 bump is itself a supply-chain hardening (postinstall scripts are denied by default and require an explicit allowlist).
chore(deps): upgrade pnpm to 11.1.1packageManagerin the root + the four Angular examplepackage.jsons.allowBuilds:allowlist inpnpm-workspace.yaml— onlyesbuildandnxare permitted to run postinstall scripts. The other eight transitively-pulled scripts (sharp,lmdb,workerd,@parcel/watcher,msgpackr-extract,protobufjs,unrs-resolver,vue-demi) are explicitly denied; verified that build / test / typecheck all still pass without them.preinstallguard toonly-allow@1.2.2(was floating vianpx -y only-allow).ci(security): pin actions to SHAs and harden CI/CD supply chainThe most impactful issue:
TanStack/config/.github/setup@mainwas used in three workflows includingrelease.yml(which carriesid-token: writefor npm OIDC). A force-push or compromise there would have meant control of the npm publishing identity on the next merge tomain. All composite-action and third-party-action refs are now SHA-pinned with# versioncomments so Renovate can keep them current.TanStack/config/.github/*@main(3 workflows)actions/checkout,setup-node,nrwl/nx-set-shas,danielroe/provenance-action,changesets/action,peter-evans/repository-dispatch,warpdotdev/warp-agent-actionrelease.ymlcancel-in-progress: truefalseso a re-push cannot abortchangesets/actionmid-publishrelease.ymlno human gateenvironment: release— configure required reviewers in repo settings to actually enforcetriage-agent.ymlprompt injection via issue bodytriage-agent.ymltemplate path typobug-report.yml→bug_report.yml(pre-existing functional bug found while hardening)npm install -g @tanstack/intentfloating@0.0.41pnpx pkg-pr-newfloating@0.0.71:automergeMinor+ floating versions:automergeMinorremoved; updates now require human review.github/CODEOWNERScovering workflows, manifests, lockfile,.npmrc, renovate config.github/workflows/dependency-review.yml(fail-on-severity: high)Not done in this PR — require GitHub UI configuration
releaseEnvironment.INTENT_NOTIFY_TOKENPAT scopes to the minimum needed.mainrequiring CODEOWNERS review.NX_CLOUD_ACCESS_TOKEN-during-untrusted-install risk).@tannerlinsleyto a team once one exists.Test plan
pnpm --versionreports11.1.1pnpm installcompletes clean with the minimalallowBuildsallowlistpnpm run build:allsucceeds for all 32 projects,size-limitchecks passpnpm run test:ci— every Nx target passes (test:eslint,test:sherif,test:lib,test:types,test:build,build) exceptroot:test:knip, which I verified is a pre-existing failure onmain(stashed all my changes, ran knip, same 6 unused files + 3 unused devDeps reported)allowBuildsdenylist for any package they actually want to run scripts (current minimum is intentionally aggressive)releaseEnvironment for the gating to take effect