Commit d7c4917
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
chore(deps): update npm packages (major) (#6)
> ℹ️ **Note**
>
> This PR body was truncated due to platform limits.
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Adoption](https://docs.renovatebot.com/merge-confidence/) |
[Passing](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|---|---|
| [pnpm](https://pnpm.io)
([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) |
[`9.7.0` →
`10.28.1`](https://renovatebot.com/diffs/npm/pnpm/9.7.0/10.28.1) |
|
|
|
|
| [vitest](https://vitest.dev)
([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest))
| [`^2.0.5` →
`^4.0.0`](https://renovatebot.com/diffs/npm/vitest/2.0.5/4.0.18) |
|
|
|
|
---
### Release Notes
<details>
<summary>pnpm/pnpm (pnpm)</summary>
###
[`v10.28.1`](https://redirect.github.com/pnpm/pnpm/compare/v10.28.0...v10.28.1)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.28.0...v10.28.1)
###
[`v10.28.0`](https://redirect.github.com/pnpm/pnpm/compare/v10.27.0...v10.28.0)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.27.0...v10.28.0)
###
[`v10.27.0`](https://redirect.github.com/pnpm/pnpm/compare/v10.26.2...v10.27.0)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.26.2...v10.27.0)
###
[`v10.26.2`](https://redirect.github.com/pnpm/pnpm/releases/tag/v10.26.2):
pnpm 10.26.2
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.26.1...v10.26.2)
#### Patch Changes
- Improve error message when a package version exists but does not meet
the `minimumReleaseAge` constraint. The error now clearly states that
the version exists and shows a human-readable time since release (e.g.,
"released 6 hours ago")
[#​10307](https://redirect.github.com/pnpm/pnpm/issues/10307).
- Fix installation of Git dependencies using annotated tags
[#​10335](https://redirect.github.com/pnpm/pnpm/issues/10335).
Previously, pnpm would store the annotated tag object's SHA in the
lockfile instead of the actual commit SHA. This caused
`ERR_PNPM_GIT_CHECKOUT_FAILED` errors because the checked-out commit
hash didn't match the stored tag object hash.
- Binaries of runtime engines (Node.js, Deno, Bun) are written to
`node_modules/.bin` before lifecycle scripts (install, postinstall,
prepare) are executed
[#​10244](https://redirect.github.com/pnpm/pnpm/issues/10244).
- Try to avoid making network calls with preferOffline
[#​10334](https://redirect.github.com/pnpm/pnpm/pull/10334).
#### Platinum Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes"
target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"
alt="Bit"></a>
</td>
</tr>
</tbody>
</table>
#### Gold Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/discord.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/discord_light.svg" />
<img src="https://pnpm.io/img/users/discord.svg" width="220"
alt="Discord" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a
href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/coderabbit.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/coderabbit_light.svg" />
<img src="https://pnpm.io/img/users/coderabbit.svg" width="220"
alt="CodeRabbit" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/workleap.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/workleap_light.svg" />
<img src="https://pnpm.io/img/users/workleap.svg" width="190"
alt="Workleap" />
</picture>
</a>
</td>
</tr>
<tr>
<td align="center" valign="middle">
<a
href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/stackblitz.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/stackblitz_light.svg" />
<img src="https://pnpm.io/img/users/stackblitz.svg" width="190"
alt="Stackblitz" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite">
</a>
</td>
</tr>
</tbody>
</table>
###
[`v10.26.1`](https://redirect.github.com/pnpm/pnpm/releases/tag/v10.26.1):
pnpm 10.26.1
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.26.0...v10.26.1)
#### Patch Changes
- Don't fail on `pnpm add`, when `blockExoticSubdeps` is set to `true`
[#​10324](https://redirect.github.com/pnpm/pnpm/issues/10324).
- Always resolve git references to full commits and ensure `HEAD` points
to the commit after checkout
[#​10310](https://redirect.github.com/pnpm/pnpm/pull/10310).
#### Platinum Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes"
target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"
alt="Bit"></a>
</td>
</tr>
</tbody>
</table>
#### Gold Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/discord.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/discord_light.svg" />
<img src="https://pnpm.io/img/users/discord.svg" width="220"
alt="Discord" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a
href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/coderabbit.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/coderabbit_light.svg" />
<img src="https://pnpm.io/img/users/coderabbit.svg" width="220"
alt="CodeRabbit" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/workleap.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/workleap_light.svg" />
<img src="https://pnpm.io/img/users/workleap.svg" width="190"
alt="Workleap" />
</picture>
</a>
</td>
</tr>
<tr>
<td align="center" valign="middle">
<a
href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/stackblitz.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/stackblitz_light.svg" />
<img src="https://pnpm.io/img/users/stackblitz.svg" width="190"
alt="Stackblitz" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite">
</a>
</td>
</tr>
</tbody>
</table>
###
[`v10.26.0`](https://redirect.github.com/pnpm/pnpm/compare/v10.25.0...v10.26.0)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.25.0...v10.26.0)
###
[`v10.25.0`](https://redirect.github.com/pnpm/pnpm/compare/v10.24.0...v10.25.0)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.24.0...v10.25.0)
###
[`v10.24.0`](https://redirect.github.com/pnpm/pnpm/compare/v10.23.0...v10.24.0)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.23.0...v10.24.0)
###
[`v10.23.0`](https://redirect.github.com/pnpm/pnpm/releases/tag/v10.23.0):
pnpm 10.23
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.22.0...v10.23.0)
#### Minor Changes
- Added `--lockfile-only` option to `pnpm list`
[#​10020](https://redirect.github.com/pnpm/pnpm/issues/10020).
#### Patch Changes
- `pnpm self-update` should download pnpm from the configured npm
registry
[#​10205](https://redirect.github.com/pnpm/pnpm/pull/10205).
- `pnpm self-update` should always install the non-executable pnpm
package (pnpm in the registry) and never the `@pnpm/exe` package, when
installing v11 or newer. We currently cannot ship `@pnpm/exe` as `pkg`
doesn't work with ESM
[#​10190](https://redirect.github.com/pnpm/pnpm/pull/10190).
- Node.js runtime is not added to "dependencies" on `pnpm add`, if
there's a `engines.runtime` setting declared in `package.json`
[#​10209](https://redirect.github.com/pnpm/pnpm/issues/10209).
- The installation should fail if an optional dependency cannot be
installed due to a trust policy check failure
[#​10208](https://redirect.github.com/pnpm/pnpm/issues/10208).
- `pnpm list` and `pnpm why` now display npm: protocol for aliased
packages (e.g., `foo npm:is-odd@3.0.1`)
[#​8660](https://redirect.github.com/pnpm/pnpm/issues/8660).
- Don't add an extra slash to the Node.js mirror URL
[#​10204](https://redirect.github.com/pnpm/pnpm/pull/10204).
- `pnpm store prune` should not fail if the store contains Node.js
packages
[#​10131](https://redirect.github.com/pnpm/pnpm/issues/10131).
#### Platinum Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes"
target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"
alt="Bit"></a>
</td>
</tr>
</tbody>
</table>
#### Gold Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/discord.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/discord_light.svg" />
<img src="https://pnpm.io/img/users/discord.svg" width="220"
alt="Discord" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a
href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/coderabbit.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/coderabbit_light.svg" />
<img src="https://pnpm.io/img/users/coderabbit.svg" width="220"
alt="CodeRabbit" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/workleap.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/workleap_light.svg" />
<img src="https://pnpm.io/img/users/workleap.svg" width="190"
alt="Workleap" />
</picture>
</a>
</td>
</tr>
<tr>
<td align="center" valign="middle">
<a
href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/stackblitz.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/stackblitz_light.svg" />
<img src="https://pnpm.io/img/users/stackblitz.svg" width="190"
alt="Stackblitz" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite">
</a>
</td>
</tr>
</tbody>
</table>
###
[`v10.22.0`](https://redirect.github.com/pnpm/pnpm/releases/tag/v10.22.0):
pnpm 10.22
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.21.0...v10.22.0)
#### Minor Changes
- Added support for `trustPolicyExclude`
[#​10164](https://redirect.github.com/pnpm/pnpm/issues/10164).
You can now list one or more specific packages or versions that pnpm
should allow to install, even if those packages don't satisfy the trust
policy requirement. For example:
```yaml
trustPolicy: no-downgrade
trustPolicyExclude:
- chokidar@4.0.3
- webpack@4.47.0 || 5.102.1
```
- Allow to override the `engines` field on publish by the
`publishConfig.engines` field.
#### Patch Changes
- Don't crash when two processes of pnpm are hardlinking the contents of
a directory to the same destination simultaneously
[#​10179](https://redirect.github.com/pnpm/pnpm/issues/10179).
#### Platinum Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes"
target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"
alt="Bit"></a>
</td>
</tr>
</tbody>
</table>
#### Gold Sponsors
<table>
<tbody>
<tr>
<td align="center" valign="middle">
<a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/discord.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/discord_light.svg" />
<img src="https://pnpm.io/img/users/discord.svg" width="220"
alt="Discord" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a
href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/coderabbit.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/coderabbit_light.svg" />
<img src="https://pnpm.io/img/users/coderabbit.svg" width="220"
alt="CodeRabbit" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/workleap.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/workleap_light.svg" />
<img src="https://pnpm.io/img/users/workleap.svg" width="190"
alt="Workleap" />
</picture>
</a>
</td>
</tr>
<tr>
<td align="center" valign="middle">
<a
href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<picture>
<source media="(prefers-color-scheme: light)"
srcset="https://pnpm.io/img/users/stackblitz.svg" />
<source media="(prefers-color-scheme: dark)"
srcset="https://pnpm.io/img/users/stackblitz_light.svg" />
<img src="https://pnpm.io/img/users/stackblitz.svg" width="190"
alt="Stackblitz" />
</picture>
</a>
</td>
<td align="center" valign="middle">
<a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes"
target="_blank">
<img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite">
</a>
</td>
</tr>
</tbody>
</table>
###
[`v10.21.0`](https://redirect.github.com/pnpm/pnpm/compare/v10.20.0...v10.21.0)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.20.0...v10.21.0)
###
[`v10.20.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10200)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.19.0...v10.20.0)
##### Minor Changes
- Support `--all` option in `pnpm --help` to list all commands
[#​8628](https://redirect.github.com/pnpm/pnpm/pull/8628).
##### Patch Changes
- When the `latest` version doesn't satisfy the maturity requirement
configured by `minimumReleaseAge`, pick the highest version that is
mature enough, even if it has a different major version
[#​10100](https://redirect.github.com/pnpm/pnpm/issues/10100).
- `create` command should not verify patch info.
- Set `managePackageManagerVersions` to `false`, when switching to a
different version of pnpm CLI, in order to avoid subsequent switches
[#​10063](https://redirect.github.com/pnpm/pnpm/issues/10063).
###
[`v10.19.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10190)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.18.3...v10.19.0)
##### Minor Changes
- You can now allow specific versions of dependencies to run postinstall
scripts. `onlyBuiltDependencies` now accepts package names with lists of
trusted versions. For example:
```yaml
onlyBuiltDependencies:
- nx@21.6.4 || 21.6.5
- esbuild@0.25.1
```
Related PR:
[#​10104](https://redirect.github.com/pnpm/pnpm/pull/10104).
- Added support for exact versions in `minimumReleaseAgeExclude`
[#​9985](https://redirect.github.com/pnpm/pnpm/issues/9985).
You can now list one or more specific versions that pnpm should allow to
install, even if those versions don’t satisfy the maturity requirement
set by `minimumReleaseAge`. For example:
```yaml
minimumReleaseAge: 1440
minimumReleaseAgeExclude:
- nx@21.6.5
- webpack@4.47.0 || 5.102.1
```
###
[`v10.18.3`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10183)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.18.2...v10.18.3)
##### Patch Changes
- Fix a bug where pnpm would infinitely recurse when using
`verifyDepsBeforeInstall: install` and pre/post install scripts that
called other pnpm scripts
[#​10060](https://redirect.github.com/pnpm/pnpm/issues/10060).
- Fixed scoped registry keys (e.g., `@scope:registry`) being parsed as
property paths in `pnpm config get` when `--location=project` is used
[#​9362](https://redirect.github.com/pnpm/pnpm/issues/9362).
- Remove pnpm-specific CLI options before passing to npm publish to
prevent "Unknown cli config" warnings
[#​9646](https://redirect.github.com/pnpm/pnpm/issues/9646).
- Fixed EISDIR error when bin field points to a directory
[#​9441](https://redirect.github.com/pnpm/pnpm/issues/9441).
- Preserve version and hasBin for variations packages
[#​10022](https://redirect.github.com/pnpm/pnpm/issues/10022).
- Fixed `pnpm config set --location=project` incorrectly handling keys
with slashes (auth tokens, registry settings)
[#​9884](https://redirect.github.com/pnpm/pnpm/issues/9884).
- When both `pnpm-workspace.yaml` and `.npmrc` exist, `pnpm config set
--location=project` now writes to `pnpm-workspace.yaml` (matching read
priority)
[#​10072](https://redirect.github.com/pnpm/pnpm/issues/10072).
- Prevent a table width error in `pnpm outdated --long`
[#​10040](https://redirect.github.com/pnpm/pnpm/issues/10040).
- Sync bin links after injected dependencies are updated by build
scripts. This ensures that binaries created during build processes are
properly linked and accessible to consuming projects
[#​10057](https://redirect.github.com/pnpm/pnpm/issues/10057).
###
[`v10.18.2`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10182)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.18.1...v10.18.2)
##### Patch Changes
- `pnpm outdated --long` should work
[#​10040](https://redirect.github.com/pnpm/pnpm/issues/10040).
- Replace ndjson with split2. Reduce the bundle size of pnpm CLI
[#​10054](https://redirect.github.com/pnpm/pnpm/pull/10054).
- `pnpm dlx` should request the full metadata of packages, when
`minimumReleaseAge` is set
[#​9963](https://redirect.github.com/pnpm/pnpm/issues/9963).
- pnpm version switching should work when the pnpm home directory is in
a symlinked directory
[#​9715](https://redirect.github.com/pnpm/pnpm/issues/9715).
- Fix `EPIPE` errors when piping output to other commands
[#​10027](https://redirect.github.com/pnpm/pnpm/issues/10027).
###
[`v10.18.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10181)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.18.0...v10.18.1)
##### Patch Changes
- Don't print a warning, when `--lockfile-only` is used
[#​8320](https://redirect.github.com/pnpm/pnpm/issues/8320).
- `pnpm setup` creates a command shim to the pnpm executable. This is
needed to be able to run `pnpm self-update` on Windows
[#​5700](https://redirect.github.com/pnpm/pnpm/issues/5700).
- When using pnpm catalogs and running a normal `pnpm install`, pnpm
produced false positive warnings for "*skip adding to the default
catalog because it already exists*". This warning now only prints when
using `pnpm add --save-catalog` as originally intended.
###
[`v10.18.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10180)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.17.1...v10.18.0)
##### Minor Changes
- Added network performance monitoring to pnpm by implementing warnings
for slow network requests, including both metadata fetches and tarball
downloads.
Added configuration options for warning thresholds: `fetchWarnTimeoutMs`
and `fetchMinSpeedKiBps`.
Warning messages are displayed when requests exceed time thresholds or
fall below speed minimums
Related PR:
[#​10025](https://redirect.github.com/pnpm/pnpm/pull/10025).
##### Patch Changes
- Retry filesystem operations on EAGAIN errors
[#​9959](https://redirect.github.com/pnpm/pnpm/pull/9959).
- Outdated command respects `minimumReleaseAge` configuration
[#​10030](https://redirect.github.com/pnpm/pnpm/pull/10030).
- Correctly apply the `cleanupUnusedCatalogs` configuration when
removing dependent packages.
- Don't fail with a meaningless error when `scriptShell` is set to
`false`
[#​8748](https://redirect.github.com/pnpm/pnpm/issues/8748).
- `pnpm dlx` should not fail when `minimumReleaseAge` is set
[#​10037](https://redirect.github.com/pnpm/pnpm/issues/10037).
###
[`v10.17.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10171)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.17.0...v10.17.1)
##### Patch Changes
- When a version specifier cannot be resolved because the versions don't
satisfy the `minimumReleaseAge` setting, print this information out in
the error message
[#​9974](https://redirect.github.com/pnpm/pnpm/pull/9974).
- Fix `state.json` creation path when executing `pnpm patch` in a
workspace project
[#​9733](https://redirect.github.com/pnpm/pnpm/pull/9733).
- When `minimumReleaseAge` is set and the `latest` tag is not mature
enough, prefer a non-deprecated version as the new `latest`
[#​9987](https://redirect.github.com/pnpm/pnpm/issues/9987).
###
[`v10.17.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10170)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.16.1...v10.17.0)
##### Minor Changes
- The `minimumReleaseAgeExclude` setting now supports patterns. For
instance:
```yaml
minimumReleaseAge: 1440
minimumReleaseAgeExclude:
- "@​eslint/*"
```
Related PR:
[#​9984](https://redirect.github.com/pnpm/pnpm/pull/9984).
##### Patch Changes
- Don't ignore the `minimumReleaseAge` check, when the package is
requested by exact version and the packument is loaded from cache
[#​9978](https://redirect.github.com/pnpm/pnpm/issues/9978).
- When `minimumReleaseAge` is set and the active version under a
dist-tag is not mature enough, do not downgrade to a prerelease version
in case the original version wasn't a prerelease one
[#​9979](https://redirect.github.com/pnpm/pnpm/issues/9979).
###
[`v10.16.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10161)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.16.0...v10.16.1)
##### Patch Changes
- The full metadata cache should be stored not at the same location as
the abbreviated metadata. This fixes a bug where pnpm was loading the
abbreviated metadata from cache and couldn't find the "time" field as a
result
[#​9963](https://redirect.github.com/pnpm/pnpm/issues/9963).
- Forcibly disable ANSI color codes when generating patch diff
[#​9914](https://redirect.github.com/pnpm/pnpm/pull/9914).
###
[`v10.16.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10160)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.15.1...v10.16.0)
##### Minor Changes
- There have been several incidents recently where popular packages were
successfully attacked. To reduce the risk of installing a compromised
version, we are introducing a new setting that delays the installation
of newly released dependencies. In most cases, such attacks are
discovered quickly and the malicious versions are removed from the
registry within an hour.
The new setting is called `minimumReleaseAge`. It specifies the number
of minutes that must pass after a version is published before pnpm will
install it. For example, setting `minimumReleaseAge: 1440` ensures that
only packages released at least one day ago can be installed.
If you set `minimumReleaseAge` but need to disable this restriction for
certain dependencies, you can list them under the
`minimumReleaseAgeExclude` setting. For instance, with the following
configuration pnpm will always install the latest version of webpack,
regardless of its release time:
```yaml
minimumReleaseAgeExclude:
- webpack
```
Related issue:
[#​9921](https://redirect.github.com/pnpm/pnpm/issues/9921).
- Added support for `finders`
[#​9946](https://redirect.github.com/pnpm/pnpm/pull/9946).
In the past, `pnpm list` and `pnpm why` could only search for
dependencies by **name** (and optionally version). For example:
```
pnpm why minimist
```
prints the chain of dependencies to any installed instance of
`minimist`:
```
verdaccio 5.20.1
├─┬ handlebars 4.7.7
│ └── minimist 1.2.8
└─┬ mv 2.1.1
└─┬ mkdirp 0.5.6
└── minimist 1.2.8
```
What if we want to search by **other properties** of a dependency, not
just its name? For instance, find all packages that have `react@17` in
their peer dependencies?
This is now possible with "finder functions". Finder functions can be
declared in `.pnpmfile.cjs` and invoked with the `--find-by=<function
name>` flag when running `pnpm list` or `pnpm why`.
Let's say we want to find any dependencies that have React 17 in peer
dependencies. We can add this finder to our `.pnpmfile.cjs`:
```js
module.exports = {
finders: {
react17: (ctx) => {
return ctx.readManifest().peerDependencies?.react === "^17.0.0";
},
},
};
```
Now we can use this finder function by running:
```
pnpm why --find-by=react17
```
pnpm will find all dependencies that have this React in peer
dependencies and print their exact locations in the dependency graph.
```
@​apollo/client 4.0.4
├── @​graphql-typed-document-node/core 3.2.0
└── graphql-tag 2.12.6
```
It is also possible to print out some additional information in the
output by returning a string from the finder. For example, with the
following finder:
```js
module.exports = {
finders: {
react17: (ctx) => {
const manifest = ctx.readManifest();
if (manifest.peerDependencies?.react === "^17.0.0") {
return `license: ${manifest.license}`;
}
return false;
},
},
};
```
Every matched package will also print out the license from its
`package.json`:
```
@​apollo/client 4.0.4
├── @​graphql-typed-document-node/core 3.2.0
│ license: MIT
└── graphql-tag 2.12.6
license: MIT
```
##### Patch Changes
- Fix deprecation warning printed when executing pnpm with Node.js 24
[#​9529](https://redirect.github.com/pnpm/pnpm/issues/9529).
- Throw an error if `nodeVersion` is not set to an exact semver version
[#​9934](https://redirect.github.com/pnpm/pnpm/issues/9934).
- `pnpm publish` should be able to publish a `.tar.gz` file
[#​9927](https://redirect.github.com/pnpm/pnpm/pull/9927).
- Canceling a running process with Ctrl-C should make `pnpm run` return
a non-zero exit code
[#​9626](https://redirect.github.com/pnpm/pnpm/issues/9626).
###
[`v10.15.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10151)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.15.0...v10.15.1)
##### Patch Changes
- Fix `.pnp.cjs` crash when importing subpath
[#​9904](https://redirect.github.com/pnpm/pnpm/issues/9904).
- When resolving peer dependencies, pnpm looks whether the peer
dependency is present in the root workspace project's dependencies. This
change makes it so that the peer dependency is correctly resolved even
from aliased npm-hosted dependencies or other types of dependencies
[#​9913](https://redirect.github.com/pnpm/pnpm/issues/9913).
###
[`v10.15.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10150)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.14.0...v10.15.0)
##### Minor Changes
- Added the `cleanupUnusedCatalogs` configuration. When set to `true`,
pnpm will remove unused catalog entries during installation
[#​9793](https://redirect.github.com/pnpm/pnpm/pull/9793).
- Automatically load pnpmfiles from config dependencies that are named
`@*/pnpm-plugin-*`
[#​9780](https://redirect.github.com/pnpm/pnpm/issues/9780).
- `pnpm config get` now prints an INI string for an object value
[#​9797](https://redirect.github.com/pnpm/pnpm/issues/9797).
- `pnpm config get` now accepts property paths (e.g. `pnpm config get
catalog.react`, `pnpm config get .catalog.react`, `pnpm config get
'packageExtensions["@​babel/parser"].peerDependencies["@​babel/types"]'`),
and `pnpm config set` now accepts dot-leading or subscripted keys (e.g.
`pnpm config set .ignoreScripts true`).
- `pnpm config get --json` now prints a JSON serialization of config
value, and `pnpm config set --json` now parses the input value as JSON.
##### Patch Changes
- **Semi-breaking.** When automatically installing missing peer
dependencies, prefer versions that are already present in the direct
dependencies of the root workspace package
[#​9835](https://redirect.github.com/pnpm/pnpm/pull/9835).
- When executing the `pnpm create` command, must verify whether the node
version is supported even if a cache already exists
[#​9775](https://redirect.github.com/pnpm/pnpm/pull/9775).
- When making requests for the non-abbreviated packument, add `*/*` to
the `Accept` header to avoid getting a 406 error on AWS CodeArtifact
[#​9862](https://redirect.github.com/pnpm/pnpm/issues/9862).
- The standalone exe version of pnpm works with glibc 2.26 again
[#​9734](https://redirect.github.com/pnpm/pnpm/issues/9734).
- Fix a regression in which `pnpm dlx pkg --help` doesn't pass `--help`
to `pkg`
[#​9823](https://redirect.github.com/pnpm/pnpm/issues/9823).
###
[`v10.14.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10140)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.13.1...v10.14.0)
##### Minor Changes
- **Added support for JavaScript runtime resolution**
Declare Node.js, Deno, or Bun in
[`devEngines.runtime`](https://redirect.github.com/openjs-foundation/package-metadata-interoperability-collab-space/issues/15)
(inside `package.json`) and let pnpm download and pin it automatically.
Usage example:
```json
{
"devEngines": {
"runtime": {
"name": "node",
"version": "^24.4.0",
"onFail": "download" (we only support the "download" value for now)
}
}
}
```
How it works:
1. `pnpm install` resolves your specified range to the latest matching
runtime version.
2. The exact version (and checksum) is saved in the lockfile.
3. Scripts use the local runtime, ensuring consistency across
environments.
Why this is better:
1. This new setting supports also Deno and Bun (vs. our Node-only
settings `useNodeVersion` and `executionEnv.nodeVersion`)
2. Supports version ranges (not just a fixed version).
3. The resolved version is stored in the pnpm lockfile, along with an
integrity checksum for future validation of the Node.js content's
validity.
4. It can be used on any workspace project (like
`executionEnv.nodeVersion`). So, different projects in a workspace can
use different runtimes.
5. For now `devEngines.runtime` setting will install the runtime
locally, which we will improve in future versions of pnpm by using a
shared location on the computer.
Related PR:
[#​9755](https://redirect.github.com/pnpm/pnpm/pull/9755).
- Add `--cpu`, `--libc`, and `--os` to `pnpm install`, `pnpm add`, and
`pnpm dlx` to customize `supportedArchitectures` via the CLI
[#​7510](https://redirect.github.com/pnpm/pnpm/issues/7510).
##### Patch Changes
- Fix a bug in which `pnpm add` downloads packages whose `libc` differ
from `pnpm.supportedArchitectures.libc`.
- The integrities of the downloaded Node.js artifacts are verified
[#​9750](https://redirect.github.com/pnpm/pnpm/pull/9750).
- Allow `dlx` to parse CLI flags and options between the `dlx` command
and the command to run or between the `dlx` command and `--`
[#​9719](https://redirect.github.com/pnpm/pnpm/issues/9719).
- `pnpm install --prod` should removing hoisted dev dependencies
[#​9782](https://redirect.github.com/pnpm/pnpm/issues/9782).
- Fix an edge case bug causing local tarballs to not re-link into the
virtual store. This bug would happen when changing the contents of the
tarball without renaming the file and running a filtered install.
- Fix a bug causing `pnpm install` to incorrectly assume the lockfile is
up to date after changing a local tarball that has peers dependencies.
###
[`v10.13.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10131)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.13.0...v10.13.1)
##### Patch Changes
- Run user defined pnpmfiles after pnpmfiles of plugins.
###
[`v10.13.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10130)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.12.4...v10.13.0)
##### Minor Changes
- Added the possibility to load multiple pnpmfiles. The `pnpmfile`
setting can now accept a list of pnpmfile locations
[#​9702](https://redirect.github.com/pnpm/pnpm/pull/9702).
- pnpm will now automatically load the `pnpmfile.cjs` file from any
[config dependency](https://pnpm.io/config-dependencies) named
`@pnpm/plugin-*` or `pnpm-plugin-*`
[#​9729](https://redirect.github.com/pnpm/pnpm/pull/9729).
The order in which config dependencies are initialized should not matter
— they are initialized in alphabetical order. If a specific order is
needed, the paths to the `pnpmfile.cjs` files in the config dependencies
can be explicitly listed using the `pnpmfile` setting in
`pnpm-workspace.yaml`.
##### Patch Changes
- When patching dependencies installed via `pkg.pr.new`, treat them as
Git tarball URLs
[#​9694](https://redirect.github.com/pnpm/pnpm/pull/9694).
- Prevent conflicts between local projects' config and the global config
in `dangerouslyAllowAllBuilds`, `onlyBuiltDependencies`,
`onlyBuiltDependenciesFile`, and `neverBuiltDependencies`
[#​9628](https://redirect.github.com/pnpm/pnpm/issues/9628).
- Sort keys in `pnpm-workspace.yaml` with deep
[#​9701](https://redirect.github.com/pnpm/pnpm/pull/9701).
- The `pnpm rebuild` command should not add pkgs included in
`ignoredBuiltDependencies` to `ignoredBuilds` in
`node_modules/.modules.yaml`
[#​9338](https://redirect.github.com/pnpm/pnpm/issues/9338).
- Replaced `shell-quote` with `shlex` for quoting command arguments
[#​9381](https://redirect.github.com/pnpm/pnpm/issues/9381).
###
[`v10.12.4`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10124)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.12.3...v10.12.4)
##### Patch Changes
- Fix `pnpm licenses` command for local dependencies
[#​9583](https://redirect.github.com/pnpm/pnpm/pull/9583).
- Fix a bug in which `pnpm ls --filter=not-exist --json` prints nothing
instead of an empty array
[#​9672](https://redirect.github.com/pnpm/pnpm/issues/9672).
- Fix a deadlock that sometimes happens during peer dependency
resolution
[#​9673](https://redirect.github.com/pnpm/pnpm/issues/9673).
- Running `pnpm install` after `pnpm fetch` should hoist all
dependencies that need to be hoisted.
Fixes a regression introduced in \[v10.12.2] by
\[[#​9648](https://redirect.github.com/pnpm/pnpm/issues/9648)];
resolves
\[[#​9689](https://redirect.github.com/pnpm/pnpm/issues/9689)].
\[v10.12.2]: <https://github.com/pnpm/pnpm/releases/tag/v10.12.2Add>
commentMore actions
\[[#​9648](https://redirect.github.com/pnpm/pnpm/issues/9648)]:
[#​9648](https://redirect.github.com/pnpm/pnpm/pull/9648)
\[[#​9689](https://redirect.github.com/pnpm/pnpm/issues/9689)]:
[#​9689](https://redirect.github.com/pnpm/pnpm/issues/9689)
###
[`v10.12.3`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10123)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.12.2...v10.12.3)
##### Patch Changes
- Restore hoisting of optional peer dependencies when installing with an
outdated lockfile.
Regression introduced in [v10.12.2] by [#​9648]; resolves
[#​9685].
[v10.12.2]: https://redirect.github.com/pnpm/pnpm/releases/tag/v10.12.2
[#​9648]: https://redirect.github.com/pnpm/pnpm/pull/9648
[#​9685]: https://redirect.github.com/pnpm/pnpm/issues/9685
###
[`v10.12.2`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10122)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.12.1...v10.12.2)
##### Patch Changes
- Fixed hoisting with `enableGlobalVirtualStore` set to `true`
[#​9648](https://redirect.github.com/pnpm/pnpm/pull/9648).
- Fix the `--help` and `-h` flags not working as expected for the `pnpm
create` command.
- The dependency package path output by the `pnpm licenses list --json`
command is incorrect.
- Fix a bug in which `pnpm deploy` fails due to overridden dependencies
having peer dependencies causing `ERR_PNPM_OUTDATED_LOCKFILE`
[#​9595](https://redirect.github.com/pnpm/pnpm/issues/9595).
###
[`v10.12.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10121)
##### Minor Changes
- **Experimental.** Added support for global virtual stores. When
enabled, `node_modules` contains only symlinks to a central virtual
store, rather to `node_modules/.pnpm`. By default, this central store is
located at `<store-path>/links` (you can find the store path by running
`pnpm store path`).
In the central virtual store, each package is hard linked into a
directory whose name is the hash of its dependency graph. This allows
multiple projects on the system to symlink shared dependencies from this
central location, significantly improving installation speed when a warm
cache is available.
> This is conceptually similar to how [NixOS manages
packages](https://nixos.org/guides/how-nix-works/), using dependency
graph hashes to create isolated and reusable package directories.
To enable the global virtual store, set `enableGlobalVirtualStore: true`
in your root `pnpm-workspace.yaml`, or globally via:
```sh
pnpm config -g set enable-global-virtual-store true
```
NOTE: In CI environments, where caches are typically cold, this setting
may slow down installation. pnpm automatically disables the global
virtual store when running in CI.
Related PR:
[#​8190](https://redirect.github.com/pnpm/pnpm/pull/8190)
* The `pnpm update` command now supports updating `catalog:` protocol
dependencies and writes new specifiers to `pnpm-workspace.yaml`.
* Added two new CLI options (`--save-catalog` and
`--save-catalog-name=<name>`) to `pnpm add` to save new dependencies as
catalog entries. `catalog:` or `catalog:<name>` will be added to
`package.json` and the package specifier will be added to the `catalogs`
or `catalog[<name>]` object in `pnpm-workspace.yaml`
[#​9425](https://redirect.github.com/pnpm/pnpm/issues/9425).
* **Semi-breaking.** The keys used for side-effects caches have changed.
If you have a side-effects cache generated by a previous version of
pnpm, the new version will not use it and will create a new cache
instead [#​9605](https://redirect.github.com/pnpm/pnpm/pull/9605).
* Added a new setting called `ci` for explicitly telling pnpm if the
current environment is a CI or not.
##### Patch Changes
- Sort versions printed by `pnpm patch` using semantic versioning rules.
- Improve the way the error message displays mismatched specifiers. Show
differences instead of 2 whole objects
[#​9598](https://redirect.github.com/pnpm/pnpm/pull/9598).
- Revert [#​9574](https://redirect.github.com/pnpm/pnpm/pull/9574)
to fix a regression
[#​9596](https://redirect.github.com/pnpm/pnpm/issues/9596).
###
[`v10.11.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10111)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.11.0...v10.11.1)
##### Patch Changes
- Fix an issue in which `pnpm deploy --legacy` creates unexpected
directories when the root `package.json` has a workspace package as a
peer dependency
[#​9550](https://redirect.github.com/pnpm/pnpm/issues/9550).
- Dependencies specified via a URL that redirects will only be locked to
the target if it is immutable, fixing a regression when installing from
GitHub releases.
([#​9531](https://redirect.github.com/pnpm/pnpm/issues/9531))
- Installation should not exit with an error if `strictPeerDependencies`
is `true` but all issues are ignored by `peerDependencyRules`
[#​9505](https://redirect.github.com/pnpm/pnpm/pull/9505).
- Use `pnpm_config_` env variables instead of `npm_config_`
[#​9571](https://redirect.github.com/pnpm/pnpm/pull/9571).
- Fix a regression (in v10.9.0) causing the `--lockfile-only` flag on
`pnpm update` to produce a different `pnpm-lock.yaml` than an update
without the flag.
- Let `pnpm deploy` work in repos with `overrides` when
`inject-workspace-packages=true`
[#​9283](https://redirect.github.com/pnpm/pnpm/issues/9283).
- Fixed the problem of path loss caused by parsing URL address. Fixes a
regression shipped in pnpm v10.11 via
[#​9502](https://redirect.github.com/pnpm/pnpm/pull/9502).
- `pnpm -r --silent run` should not print out section
[#​9563](https://redirect.github.com/pnpm/pnpm/issues/9563).
###
[`v10.11.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10110)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.10.0...v10.11.0)
##### Minor Changes
- A new setting added for `pnpm init` to create a `package.json` with
`type=module`, when `init-type` is `module`. Works as a flag for the
init command too
[#​9463](https://redirect.github.com/pnpm/pnpm/pull/9463).
- Added support for Nushell to `pnpm setup`
[#​6476](https://redirect.github.com/pnpm/pnpm/issues/6476).
- Added two new flags to the `pnpm audit` command, `--ignore` and
`--ignore-unfixable`
[#​8474](https://redirect.github.com/pnpm/pnpm/pull/8474).
Ignore all vulnerabilities that have no solution:
```shell
> pnpm audit --ignore-unfixable
```
Provide a list of CVE's to ignore those specifically, even if they have
a resolution.
```shell
> pnpm audit --ignore=CVE-2021-1234 --ignore=CVE-2021-5678
```
- Added support for recursively running pack in every project of a
workspace
[#​4351](https://redirect.github.com/pnpm/pnpm/issues/4351).
Now you can run `pnpm -r pack` to pack all packages in the workspace.
##### Patch Changes
- pnpm version management should work, when `dangerouslyAllowAllBuilds`
is set to `true`
[#​9472](https://redirect.github.com/pnpm/pnpm/issues/9472).
- `pnpm link` should work from inside a workspace
[#​9506](https://redirect.github.com/pnpm/pnpm/issues/9506).
- Set the default `workspaceConcurrency` to
`Math.min(os.availableParallelism(), 4)`
[#​9493](https://redirect.github.com/pnpm/pnpm/pull/9493).
- Installation should not exit with an error if `strictPeerDependencies`
is `true` but all issues are ignored by `peerDependencyRules`
[#​9505](https://redirect.github.com/pnpm/pnpm/pull/9505).
- Read `updateConfig` from `pnpm-workspace.yaml`
[#​9500](https://redirect.github.com/pnpm/pnpm/issues/9500).
- Add support for `recursive pack`
- Remove `url.parse` usage to fix warning on Node.js 24
[#​9492](https://redirect.github.com/pnpm/pnpm/issues/9492).
- `pnpm run` should be able to run commands from the workspace root, if
`ignoreScripts` is set tot `true`
[#​4858](https://redirect.github.com/pnpm/pnpm/issues/4858).
###
[`v10.10.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#10100)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.9.0...v10.10.0)
##### Minor Changes
- Allow loading the `preResolution`, `importPackage`, and `fetchers`
hooks from local pnpmfile.
##### Patch Changes
- Fix `cd` command, when `shellEmulator` is `true`
[#​7838](https://redirect.github.com/pnpm/pnpm/issues/7838).
- Sort keys in `pnpm-workspace.yaml`
[#​9453](https://redirect.github.com/pnpm/pnpm/pull/9453).
- Pass the `npm_package_json` environment variable to the executed
scripts
[#​9452](https://redirect.github.com/pnpm/pnpm/issues/9452).
- Fixed a mistake in the description of the `--reporter=silent` option.
###
[`v10.9.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1090)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.8.1...v10.9.0)
##### Minor Changes
- **Added support for installing JSR packages.** You can now install JSR
packages using the following syntax:
```
pnpm add jsr:<pkg_name>
```
or with a version range:
```
pnpm add jsr:<pkg_name>@​<range>
```
For example, running:
```
pnpm add jsr:@​foo/bar
```
will add the following entry to your `package.json`:
```json
{
"dependencies": {
"@​foo/bar": "jsr:^0.1.2"
}
}
```
When publishing, this entry will be transformed into a format compatible
with npm, older versions of Yarn, and previous pnpm versions:
```json
{
"dependencies": {
"@​foo/bar": "npm:@​jsr/foo__bar@^0.1.2"
}
}
```
Related issue:
[#​8941](https://redirect.github.com/pnpm/pnpm/issues/8941).
Note: The `@jsr` scope defaults to <https://npm.jsr.io/> if the
`@jsr:registry` setting is not defined.
- Added a new setting, `dangerouslyAllowAllBuilds`, for automatically
running any scripts of dependencies without the need to approve any
builds. It was already possible to allow all builds by adding this to
`pnpm-workspace.yaml`:
```yaml
neverBuiltDependencies: []
```
`dangerouslyAllowAllBuilds` has the same effect but also allows to be
set globally via:
```
pnpm config set dangerouslyAllowAllBuilds true
```
It can also be set when running a command:
```
pnpm install --dangerously-allow-all-builds
```
##### Patch Changes
- Fix a false negative in `verifyDepsBeforeRun` when `nodeLinker` is
`hoisted` and there is a workspace package without dependencies and
`node_modules` directory
[#​9424](https://redirect.github.com/pnpm/pnpm/issues/9424).
- Explicitly drop `verifyDepsBeforeRun` support for `nodeLinker: pnp`.
Combining `verifyDepsBeforeRun` and `nodeLinker: pnp` will now print a
warning.
###
[`v10.8.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1081)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.8.0...v10.8.1)
##### Patch Changes
- Removed bright white highlighting, which didn't look good on some
light themes
[#​9389](https://redirect.github.com/pnpm/pnpm/pull/9389).
- If there is no pnpm related configuration in `package.json`,
`onlyBuiltDependencies` will be written to `pnpm-workspace.yaml` file
[#​9404](https://redirect.github.com/pnpm/pnpm/pull/9404).
###
[`v10.8.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1080)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.7.1...v10.8.0)
##### Minor Changes
- **Experimental.** A new hook is supported for updating configuration
settings. The hook can be provided via `.pnpmfile.cjs`. For example:
```js
module.exports = {
hooks: {
updateConfig: (config) => ({
...config,
nodeLinker: "hoisted",
}),
},
};
```
- Now you can use the `pnpm add` command with the `--config` flag to
install new configurational dependencies
[#​9377](https://redirect.github.com/pnpm/pnpm/pull/9377).
##### Patch Changes
- Do not hang indefinitely, when there is a glob that starts with `!/`
in `pnpm-workspace.yaml`. This fixes a regression introduced by
[#​9169](https://redirect.github.com/pnpm/pnpm/pull/9169).
- `pnpm audit --fix` should update the overrides in
`pnpm-workspace.yaml`.
- `pnpm link` should update overrides in `pnpm-workspace.yaml`, not in
`package.json`
[#​9365](https://redirect.github.com/pnpm/pnpm/pull/9365).
###
[`v10.7.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1071)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.7.0...v10.7.1)
##### Patch Changes
- `pnpm config set` should convert the settings to their correct type
before adding them to `pnpm-workspace.yaml`
[#​9355](https://redirect.github.com/pnpm/pnpm/issues/9355).
- `pnpm config get` should read auth related settings via npm CLI
[#​9345](https://redirect.github.com/pnpm/pnpm/issues/9345).
- Replace leading `~/` in a path in `.npmrc` with the home directory
[#​9217](https://redirect.github.com/pnpm/pnpm/issues/9217).
###
[`v10.7.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1070)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.6.5...v10.7.0)
##### Minor Changes
- `pnpm config get` and `list` also show settings set in
`pnpm-workspace.yaml` files
[#​9316](https://redirect.github.com/pnpm/pnpm/pull/9316).
- It should be possible to use env variables in `pnpm-workspace.yaml`
setting names and value.
- Add an ability to patch dependencies by version ranges. Exact versions
override version ranges, which in turn override name-only patches.
Version range `*` is the same as name-only, except that patch
application failure will not be ignored.
For example:
```yaml
patchedDependencies:
foo: patches/foo-1.patch
foo@^2.0.0: patches/foo-2.patch
foo@2.1.0: patches/foo-3.patch
```
The above configuration would apply `patches/foo-3.patch` to
`foo@2.1.0`, `patches/foo-2.patch` to all `foo` versions which satisfy
`^2.0.0` except `2.1.0`, and `patches/foo-1.patch` to the remaining
`foo` versions.
> \[!WARNING]
> The version ranges should not overlap. If you want to specialize a sub
range, make sure to exclude it from the other keys. For example:
>
> ```yaml
> # pnpm-workspace.yaml
> patchedDependencies:
> # the specialized sub range
> 'foo@2.2.0-2.8.0': patches/foo.2.2.0-2.8.0.patch
> # the more general patch, excluding the sub range above
> 'foo@>=2.0.0 <2.2.0 || >2.8.0': 'patches/foo.gte2.patch
> ```
>
> In most cases, however, it's sufficient to just define an exact
version to override the range.
- `pnpm config set --location=project` saves the setting to a
`pnpm-workspace.yaml` file if no `.npmrc` file is present in the
directory
[#​9316](https://redirect.github.com/pnpm/pnpm/pull/9316).
- Rename `pnpm.allowNonAppliedPatches` to `pnpm.allowUnusedPatches`. The
old name is still supported but it would print a deprecation warning
message.
- Add `pnpm.ignorePatchFailures` to manage whether pnpm would ignore
patch application failures.
If `ignorePatchFailures` is not set, pnpm would throw an error when
patches with exact versions or version ranges fail to apply, and it
would ignore failures from name-only patches.
If `ignorePatchFailures` is explicitly set to `false`, pnpm would throw
an error when any type of patch fails to apply.
If `ignorePatchFailures` is explicitly set to `true`, pnpm would print a
warning when any type of patch fails to apply.
##### Patch Changes
- Remove dependency paths from audit output to prevent out-of-memory
errors
[#​9280](https://redirect.github.com/pnpm/pnpm/issues/9280).
###
[`v10.6.5`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1065)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.6.4...v10.6.5)
##### Patch Changes
- Remove warnings after having explicitly approved no builds
[#​9296](https://redirect.github.com/pnpm/pnpm/issues/9296).
- When installing different dependency packages, should retain the
`ignoredBuilds` field in the `.modules.yaml` file
[#​9240](https://redirect.github.com/pnpm/pnpm/issues/9240).
- Fix usages of the [`catalog:` protocol](https://pnpm.io/catalogs) in
[injected local workspace
packages](https://pnpm.io/package_json#dependenciesmetainjected). This
previously errored with `ERR_PNPM_SPEC_NOT_SUPPORTED_BY_ANY_RESOLVER`.
[#​8715](https://redirect.github.com/pnpm/pnpm/issues/8715)
- Setting `workspace-concurrency` to less than or equal to 0 should work
[#​9297](https://redirect.github.com/pnpm/pnpm/issues/9297).
###
[`v10.6.4`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1064)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v10.6.3...v10.6.4)
##### Patch Changes
- Fix `pnpm dlx` with `--allow-build` flag
[#​9263](https://redirect.github.com/pnpm/pnpm/issues/9263).
- Invalid Node.js version in `use-node-version` should not cause pnpm
itself to break
[#​9276](https://redirect.github.com/pnpm/pnpm/issues/9276).
- The max amount of workers running for linking packages from the store
has been reduced to 4 to achieve optimal results
[#​9286](https://redirect.github.com/pnpm/pnpm/issues/9286). The
workers are performing many file system operations, so increasing the
number of CPUs doesn't help perform
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 10am on monday" in timezone
Asia/Shanghai, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/rolldown/rolldown-plugin-node-polyfills).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent 6b1ee59 commit d7c4917
2 files changed
Lines changed: 619 additions & 617 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
31 | | - | |
| 31 | + | |
32 | 32 | | |
33 | 33 | | |
34 | 34 | | |
35 | 35 | | |
36 | | - | |
| 36 | + | |
37 | 37 | | |
38 | 38 | | |
0 commit comments