close #9369

…lify (#9364)

## Summary

Pin `packageManager` back to `[email protected]` to unblock Netlify docs deploys.

## Context

After #9347 bumped pnpm `10.23.0` → `10.33.4`, every Netlify deploy started failing during `pnpm install` with:

```
ERR_PNPM_LOCKFILE_CONFIG_MISMATCH  Cannot proceed with the frozen installation.
The current "catalogs" configuration doesn't match the value found in the lockfile
Update your lockfile using "pnpm install --no-frozen-lockfile"
```

Root cause: pnpm **10.24.0** added a strict catalog comparison for `--frozen-lockfile` mode via [pnpm/pnpm#10231](pnpm/pnpm#10231). The comparison logic (`allCatalogsAreUpToDate`) is buggy — it reports a mismatch even though the workspace catalog and lockfile snapshot are identical, and `pnpm install --no-frozen-lockfile` locally produces zero diff.

This is the same issue [sapphi-red](https://github.com/sapphi-red) already filed against pnpm using this repo as the reproduction: [pnpm/pnpm#10258](pnpm/pnpm#10258) (still open, no comments from maintainers).

`#9343` (the npm packages renovate PR that changed `valibot` and `vitepress-plugin-graphviz` in the catalog) only made the failure visible — the regression was introduced by the pnpm bump.

…lify (#9364)

## Summary

Pin `packageManager` back to `[email protected]` to unblock Netlify docs deploys.

## Context

After #9347 bumped pnpm `10.23.0` → `10.33.4`, every Netlify deploy started failing during `pnpm install` with:

```
ERR_PNPM_LOCKFILE_CONFIG_MISMATCH  Cannot proceed with the frozen installation.
The current "catalogs" configuration doesn't match the value found in the lockfile
Update your lockfile using "pnpm install --no-frozen-lockfile"
```

Root cause: pnpm **10.24.0** added a strict catalog comparison for `--frozen-lockfile` mode via [pnpm/pnpm#10231](pnpm/pnpm#10231). The comparison logic (`allCatalogsAreUpToDate`) is buggy — it reports a mismatch even though the workspace catalog and lockfile snapshot are identical, and `pnpm install --no-frozen-lockfile` locally produces zero diff.

This is the same issue [sapphi-red](https://github.com/sapphi-red) already filed against pnpm using this repo as the reproduction: [pnpm/pnpm#10258](pnpm/pnpm#10258) (still open, no comments from maintainers).

`#9343` (the npm packages renovate PR that changed `valibot` and `vitepress-plugin-graphviz` in the catalog) only made the failure visible — the regression was introduced by the pnpm bump.

…atch bug (#9471)

## Summary

- Adds `PNPM_FLAGS = "--no-frozen-lockfile"` to `docs/netlify.toml` `[build.environment]`.
- Works around [pnpm/pnpm#10258](pnpm/pnpm#10258) — pnpm >=10.24 (incl. 11.x) spuriously throws `ERR_PNPM_LOCKFILE_CONFIG_MISMATCH` on Netlify under `--frozen-lockfile`, even when the workspace catalog and lockfile snapshot are byte-for-byte equivalent.

## Context

#9447 bumped `packageManager` from `[email protected]` → `[email protected]` and removed the pin from #9364. pnpm 11.x carries the same buggy `allCatalogsAreUpToDate` check introduced in pnpm 10.24.0 ([pnpm/pnpm#10231](pnpm/pnpm#10231)), so Netlify deploys started failing again with the same false-positive catalog mismatch.

I confirmed locally that `pnpm install --frozen-lockfile` on this commit with pnpm 11.1.2 + Node 24.12.0 succeeds clean — the bug only fires inside Netlify's build sandbox. The upstream issue is still open with no maintainer activity and this repo as the reproduction.

## Approach

The failure occurs in Netlify's **pre-install stage** (before the project's build `command` runs), so any flag we put inside the build command is too late. Netlify forwards `PNPM_FLAGS` directly to that pre-install `pnpm install` invocation, so setting `PNPM_FLAGS = "--no-frozen-lockfile"` is enough to skip the buggy guard at the right step.

Earlier attempts to disable frozen mode via `NPM_CONFIG_FROZEN_LOCKFILE` / `PNPM_CONFIG_FROZEN_LOCKFILE` and to pin the workspace root via `NPM_CONFIG_WORKSPACE_DIR` were dropped — they either weren't honored by pnpm 11 (the v11 migration changed which prefixes settings are read from) or didn't address the pre-install stage at all. `PNPM_FLAGS` is Netlify's intended hook for this and turns out to be the minimal fix.

Scope is intentionally narrow:
- Only the Netlify env gets the flag (via `docs/netlify.toml`, not `.npmrc`).
- GitHub Actions CI keeps frozen-lockfile, so genuine drift is still caught upstream.
- `packageManager` stays on pnpm 11.1.2 — no rollback of #9447.
- The docs build `command` is unchanged; Netlify's own pre-install handles dependencies and the `--no-frozen-lockfile` flag rides along through `PNPM_FLAGS`.

---------

Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
Co-authored-by: shulaoda <[email protected]>

…atch bug (rolldown#9471)

## Summary

- Adds `PNPM_FLAGS = "--no-frozen-lockfile"` to `docs/netlify.toml` `[build.environment]`.
- Works around [pnpm/pnpm#10258](pnpm/pnpm#10258) — pnpm >=10.24 (incl. 11.x) spuriously throws `ERR_PNPM_LOCKFILE_CONFIG_MISMATCH` on Netlify under `--frozen-lockfile`, even when the workspace catalog and lockfile snapshot are byte-for-byte equivalent.

## Context

rolldown#9447 bumped `packageManager` from `[email protected]` → `[email protected]` and removed the pin from rolldown#9364. pnpm 11.x carries the same buggy `allCatalogsAreUpToDate` check introduced in pnpm 10.24.0 ([pnpm/pnpm#10231](pnpm/pnpm#10231)), so Netlify deploys started failing again with the same false-positive catalog mismatch.

I confirmed locally that `pnpm install --frozen-lockfile` on this commit with pnpm 11.1.2 + Node 24.12.0 succeeds clean — the bug only fires inside Netlify's build sandbox. The upstream issue is still open with no maintainer activity and this repo as the reproduction.

## Approach

The failure occurs in Netlify's **pre-install stage** (before the project's build `command` runs), so any flag we put inside the build command is too late. Netlify forwards `PNPM_FLAGS` directly to that pre-install `pnpm install` invocation, so setting `PNPM_FLAGS = "--no-frozen-lockfile"` is enough to skip the buggy guard at the right step.

Earlier attempts to disable frozen mode via `NPM_CONFIG_FROZEN_LOCKFILE` / `PNPM_CONFIG_FROZEN_LOCKFILE` and to pin the workspace root via `NPM_CONFIG_WORKSPACE_DIR` were dropped — they either weren't honored by pnpm 11 (the v11 migration changed which prefixes settings are read from) or didn't address the pre-install stage at all. `PNPM_FLAGS` is Netlify's intended hook for this and turns out to be the minimal fix.

Scope is intentionally narrow:
- Only the Netlify env gets the flag (via `docs/netlify.toml`, not `.npmrc`).
- GitHub Actions CI keeps frozen-lockfile, so genuine drift is still caught upstream.
- `packageManager` stays on pnpm 11.1.2 — no rollback of rolldown#9447.
- The docs build `command` is unchanged; Netlify's own pre-install handles dependencies and the `--no-frozen-lockfile` flag rides along through `PNPM_FLAGS`.

---------

Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
Co-authored-by: shulaoda <[email protected]>