ivx · brerx · Jun 5, 2026 · Jun 4, 2026 · Jun 4, 2026 · Jun 4, 2026
@@ -1,20 +1,32 @@
 version: 2
 
-multi-ecosystem-groups:
-  security:
+updates:
+  - package-ecosystem: 'bundler'
+    directory: '/'
     schedule:
       interval: 'daily'
-    open-pull-requests-limit: 0 # disables version-update PRs; security PRs unaffected
-    pull-request-branch-name:
-      separator: '-'
+    open-pull-requests-limit: 0
+    groups:
+      security:
+        applies-to: security-updates
+        patterns: ['*']
 
-updates:
-  - package-ecosystem: 'bundler'
+  - package-ecosystem: 'npm'
     directory: '/'
-    patterns: ['*']
-    multi-ecosystem-group: 'security'
+    schedule:
+      interval: 'daily'
+    open-pull-requests-limit: 0
+    groups:
+      security:
+        applies-to: security-updates
+        patterns: ['*']
 
   - package-ecosystem: 'github-actions'
     directory: '/'
-    patterns: ['*']
-    multi-ecosystem-group: 'security'
+    schedule:
+      interval: 'daily'
+    open-pull-requests-limit: 0
+    groups:
-    groups:
+    groups:      
+      all:
+        patterns:
+          - '*'
-    groups:
+    groups:      
+      all:
+        patterns:
+          - '*'
+      security:
+        applies-to: security-updates
+        patterns: ['*']
@@ -21,11 +21,15 @@ jobs:
         with:
           ruby-version: ${{ matrix.ruby-version }}
           bundler-cache: true
+      - uses: pnpm/action-setup@v6
+        with:
+          run_install: false
       - uses: actions/setup-node@v6
         with:
           node-version: '24'
+          cache: pnpm
       - name: Run prettier
-        run: npm ci && npm run lint
+        run: pnpm install --frozen-lockfile && pnpm run lint
       - name: Run Rubocop
         run: bundle exec rubocop
       - name: Run tests

@@ -0,0 +1 @@
+pnpm-lock.yaml
@@ -9,20 +9,22 @@ Ruby gem for building RabbitMQ consumers using Bunny.
 - **connection_pool** ~> 3.0 — thread-safe channel pools for publishers
 - **json** >= 2.9.0 — JSON serialization in middleware
 - Dev tools: RSpec, RuboCop (rubocop-rspec, rubocop-rake), SimpleCov, YARD, Prettier (via Node)
+- **Node tooling**: pnpm v11+ (pinned in `package.json#packageManager`). The JS toolchain is dev-only (Prettier on Ruby files); nothing JS ships at runtime.
 
 ## Common Commands
 
 ```bash
 # Install deps
 bundle install
-npm install
+pnpm install --frozen-lockfile
 
 # Tests
 bundle exec rspec
 
 # Lint / format
 bundle exec rubocop
-npm run lint          # Prettier on Ruby files
+pnpm run lint         # Prettier on Ruby files
+pnpm run format       # Prettier --write
 
 # Autofix rubocop
 bundle exec rubocop -A

@@ -19,6 +19,6 @@ RuboCop::RakeTask.new(:rubocop) do |task|
 end
 
 desc 'Run Prettier'
-task(:prettier) { sh 'npm run lint' }
+task(:prettier) { sh 'pnpm run lint' }
 
 task default: %i[spec rubocop prettier]
@@ -1,10 +1,11 @@
 {
   "name": "ears",
   "private": true,
+  "packageManager": "pnpm@11.5.1",
   "scripts": {
-    "prettify": "prettier \"**/*.{ru,rb,yml,yaml,md,gemspec,json}\" --ignore-path=\".gitignore\"",
-    "lint": "npm run prettify -- --check",
-    "format": "npm run prettify -- --write"
+    "prettify": "prettier \"**/*.{ru,rb,yml,yaml,md,gemspec,json}\"",
+    "lint": "pnpm run prettify --check",
+    "format": "pnpm run prettify --write"
   },
   "devDependencies": {
     "@invisionag/prettier-config": "^2.1.3",