chore(deps): update pnpm to v9.15.9 [skip ci]
This MR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| pnpm (source) | 9.6.0 -> 9.15.9 |
 |
|
Release Notes
pnpm/pnpm (pnpm)
v9.15.9: pnpm 9.15.9
Patch Changes
- Fix running pnpm CLI from pnpm CLI on Windows when the CLI is bundled to an executable #8971.
Platinum Sponsors
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
v9.15.8: pnpm 9.15.8
Patch Changes
-
pnpm self-updateshould always update the version in thepackageManagerfield ofpackage.json. - The pnpm CLI process should not stay hanging, when
--silentreporting is used. - When
--loglevelis set toerror, don't show installation summary, execution time, and big tarball download progress. - Don't show info output when
--loglevel=erroris used.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
v9.15.7: pnpm 9.15.7
Patch Changes
-
pnpm self-updateshould not leave a directory with a broken pnpm installation if the installation fails. - Allow scope registry CLI option without
--config.prefix such as--@​scope:registry=https://scope.example.com/npm#9089. -
pnpm self-updateshould not read the pnpm settings from thepackage.jsonfile in the current working directory. -
pnpm update -ishould list only packages that have newer versions #9206. - Fix a bug causing entries in the
catalogssection of thepnpm-lock.yamlfile to be removed whendedupe-peer-dependents=falseon a filtered install. #9112
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
v9.15.6: pnpm 9.15.6
Patch Changes
- Fix instruction for updating pnpm with corepack #9101.
- Print pnpm's version after the execution time at the end of the console output.
- The pnpm version specified by
packageManagercannot start withv. - Fix a bug causing catalog snapshots to be removed from the
pnpm-lock.yamlfile when using--fix-lockfileand--filter. #8639 - Fix a bug causing catalog protocol dependencies to not re-resolve on a filtered install #8638.
v9.15.5: pnpm 9.15.5
Patch Changes
- Verify that the package name is valid when executing the publish command.
- When running
pnpm install, thepreprepareandpostpreparescripts of the project should be executed #8989. - Quote args for scripts with shell-quote to support new lines (on POSIX only) #8980.
- Proxy settings should be respected, when resolving Git-hosted dependencies #6530.
- Replace
strip-ansiwith the built-inutil.stripVTControlCharacters#9009.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
|
v9.15.4: pnpm 9.15.4
Patch Changes
- Ensure that recursive
pnpm update --latest <pkg>updates only the specified package, withdedupe-peer-dependents=true.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
|
|
v9.15.3: pnpm 9.15.3
Patch Changes
- Fixed the Regex used to find the package manifest during packing #8938.
-
pnpm update --filter <pattern> --latest <pkg>should only change the specified package for the specified workspace, whendedupe-peer-dependentsis set totrue#8877. - Exclude
.DS_Storefile atpatch-commit#8922. - Fix a bug in which
pnpm patchis unable to bring back old patch without specifying@versionsuffix #8919.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
|
|
v9.15.2: pnpm 9.15.2
Patch Changes
- Fixed
publish/packerror with workspace dependencies with relative paths #8904. It was broken inv9.4.0(398472c). - Use double quotes in the command suggestion by
pnpm patchon Windows #7546. - Do not fall back to SSH, when resolving a git-hosted package if
git ls-remoteworks via HTTPS #8906. - Improve how packages with blocked lifecycle scripts are reported during installation. Always print the list of ignored scripts at the end of the output. Include a hint about how to allow the execution of those packages.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
|
|
v9.15.1: pnpm 9.15.1
Patch Changes
-
pnpm removeshould not link dependencies from the workspace, whenlink-workspace-packagesis set tofalse#7674. - Installation with hoisted
node_modulesshould not fail, when a dependency has itself in its own peer dependencies #8854.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
v9.15.0: pnpm 9.15
Minor Changes
- Metadata directory version bumped to force fresh cache after we shipped a fix to the metadata write function. This change is backward compatible as install doesn't require a metadata cache.
Patch Changes
-
pnpm update --globalshould not crash if there are no any global packages installed #7898. - Fix an exception when running
pnpm update --interactiveif catalogs are used.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
v9.14.4: pnpm 9.14.4
Patch Changes
- Don't ever save mutated metadata to the metadata cache.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
Silver Sponsors
|
|
|
|
|
|
|
|
|
v9.14.3: pnpm 9.14.3
Patch Changes
- Some commands should ignore the
packageManagerfield check ofpackage.json#7959.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
Silver Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
|
|
v9.14.2
Patch Changes
-
pnpm publish --jsonshould work #8788.
Platinum Sponsors
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
v9.14.1
Minor Changes
- Added support for
pnpm pack --jsonto print packed tarball and contents in JSON format #8765.
Patch Changes
-
pnpm execshould print a meaningful error message when no command is provided #8752. -
pnpm setupshould remove the CLI from the target location before moving the new binary #8173. - Fix
ERR_PNPM_TARBALL_EXTRACTerror while installing a dependency from GitHub having a slash in branch name #7697. - Don't crash if the
use-node-versionsetting is used and the system has no Node.js installed #8769. - Convert settings in local
.npmrcfiles to their correct types. For instance,child-concurrencyshould be a number, not a string #5075. - pnpm should fail if a project requires a different package manager even if
manage-package-manager-versionsis set totrue. -
pnpm initshould respect the--diroption #8768.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
v9.14.0
v9.13.2: pnpm 9.13.2
Patch Changes
- Detection of circular peer dependencies should not crash with aliased dependencies #8759. Fixes a regression introduced in the previous version.
- Fix race condition of symlink creations caused by multiple parallel
dlxprocesses.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
Silver Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
|
|
v9.13.1: pnpm 9.13.1
Patch Changes
- Fixed some edge cases where resolving circular peer dependencies caused a dead lock #8720.
Platinum Sponsors
|
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
Silver Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
v9.13.0: pnpm 9.13
Minor Changes
-
The
self-updatenow accepts a version specifier to install a specific version of pnpm. E.g.:pnpm self-update 9.5.0or
pnpm self-update next-10
Patch Changes
- Fix
Cannot read properties of undefined (reading 'name')that is printed while trying to render the missing peer dependencies warning message #8538.
Platinum Sponsors
|
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
Silver Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
v9.12.3
Patch Changes
- Don't purge
node_modules, when typing "n" in the prompt that asks whether to removenode_modulesbefore installation #8655. - Fix a bug causing pnpm to infinitely spawn itself when
manage-package-manager-versions=trueis set and the.toolsdirectory is corrupt. - Use
crypto.hash, when available, for improved performance #8629. - Fixed a race condition in temporary file creation in the store by including worker thread ID in filename. Previously, multiple worker threads could attempt to use the same temporary file. Temporary files now include both process ID and thread ID for uniqueness #8703.
- All commands should read settings from the
package.jsonat the root of the workspace #8667. - When
manage-package-manager-versionsis set totrue, errors spawning a self-managed version ofpnpmwill now be shown (instead of being silent). - Pass the find command to npm, it is an alias for npm search
- Fixed an issue in which
pnpm deploy --prodfails due to missingdevDependencies#8778.
v9.12.2
Patch Changes
- When checking whether a file in the store has executable permissions, the new approach checks if at least one of the executable bits (owner, group, and others) is set to 1. Previously, a file was incorrectly considered executable only when all the executable bits were set to 1. This fix ensures that files with any executable permission, regardless of the user class, are now correctly identified as executable #8546.
v9.12.1
Patch Changes
-
pnpm update --latestshould not update the automatically installed peer dependencies #6657. -
pnpm publishshould be able to publish from a local tarball #7950. - The pnpx command should work correctly on Windows, when pnpm is installed via the standalone installation script #8608.
- Prevent
EBUSYerrors caused by creating symlinks in paralleldlxprocesses #8604. - Fix maximum call stack size exceeded error related to circular workspace dependencies #8599.
v9.12.0
Minor Changes
-
Fix peer dependency resolution dead lock #8570. This change might change some of the keys in the
snapshotsfield insidepnpm-lock.yamlbut it should happen very rarely. -
pnpm outdatedcommand supports now a--sort-by=nameoption for sorting outdated dependencies by package name #8523. -
Added the ability for
overridesto remove dependencies by specifying"-"as the field value #8572. For example, to removelodashfrom the dependencies, use this configuration inpackage.json:{ "pnpm": { "overrides": { "lodash": "-" } } }
Patch Changes
- Fixed an issue where
pnpm list --json pkgshowed"private": falsefor a private package #8519. - Packages with
libcthat differ frompnpm.supportedArchitectures.libcare not downloaded #7362. - Prevent
ENOENTerrors caused by runningstore prunein parallel #8586. - Add issues alias to
pnpm bugs#8596.
v9.11.0
Minor Changes
- Experimental: added
pnpm cachecommands for inspecting the metadata cache #8512.
Patch Changes
- Fix a regression in which
pnpm deploywithnode-linker=hoistedproduces an emptynode_modulesdirectory #6682. - Don't print a warning when linking packages globally #4761.
-
pnpm deployshould work in workspace withshared-workspace-lockfile=false#8475.
v9.10.0
Minor Changes
-
Support for a new CLI flag,
--exclude-peers, added to thelistandwhycommands. When--exclude-peersis used, peer dependencies are not printed in the results, but dependencies of peer dependencies are still scanned #8506. -
Added a new setting to
package.jsonatpnpm.auditConfig.ignoreGhsasfor ignoring vulnerabilities by their GHSA code #6838.For instance:
{ "pnpm": { "auditConfig": { "ignoreGhsas": [ "GHSA-42xw-2xvc-qx8m", "GHSA-4w2v-q235-vp99", "GHSA-cph5-m8f7-6c5x", "GHSA-vh95-rmgr-6w4m" ] } } }
Patch Changes
- Throw an exception if pnpm switches to the same version of itself.
- Reduce memory usage during peer dependencies resolution.
v9.9.0
Minor Changes
-
Minor breaking change. This change might result in resolving your peer dependencies slightly differently but we don't expect it to introduce issues.
We had to optimize how we resolve peer dependencies in order to fix some infinite loops and out-of-memory errors during peer dependencies resolution.
When a peer dependency is a prod dependency somewhere in the dependency graph (with the same version), pnpm will resolve the peers of that peer dependency in the same way across the subgraph.
For example, we have
react-domin the peer deps of theformandbuttonpackages.cardhasreact-domandreactas regular dependencies andcardis a dependency ofform.These are the direct dependencies of our example project:
form react@16 react-dom@16These are the dependencies of card:
button react@17 react-dom@16When resolving peers, pnpm will not re-resolve
react-domforcard, even thoughcardshadowsreact@16from the root withreact@17. So, all 3 packages (form,card, andbutton) will usereact-dom@16, which in turn usesreact@16.formwill usereact@16, whilecardandbuttonwill usereact@17.Before this optimization
react-dom@16was duplicated for thecard, so thatcardandbuttonwould use areact-dom@16instance that usesreact@17.Before the change:
form -> react-dom@16(react@16) -> react@16 card -> react-dom@16(react@17) -> react@17 button -> react-dom@16(react@17) -> react@17After the change
form -> react-dom@16(react@16) -> react@16 card -> react-dom@16(react@16) -> react@17 button -> react-dom@16(react@16) -> react@17
Patch Changes
-
pnpm deployshould write thenode_modules/.modules.yamlto thenode_modulesdirectory within the deploy directory #7731. - Don't override a symlink in
node_modulesif it already points to the right location pnpm/symlink-dir#54.
v9.8.0
Minor Changes
-
Added a new command for upgrading pnpm itself when it isn't managed by Corepack:
pnpm self-update. This command will work, when pnpm was installed via the standalone script from the pnpm installation page #8424.When executed in a project that has a
packageManagerfield in itspackage.jsonfile, pnpm will update its version in thepackageManagerfield.
Patch Changes
-
CLI tools installed in the root of the workspace should be added to the PATH, when running scripts and
use-node-versionis set. -
pnpm setupshould never switch to another version of pnpm.This fixes installation with the standalone script from a directory that has a
package.jsonwith thepackageManagerfield. pnpm was installing the version of pnpm specified in thepackageManagerfield due to this issue. -
Ignore non-string value in the os, cpu, libc fields, which checking optional dependencies #8431.
-
Remember the state of edit dir, allow running
pnpm patch-committhe second time without having to re-runpnpm patch.
v9.7.1
Patch Changes
- Fixed passing
public-hoist-patternandhoist-patternvia env variables #8339. -
pnpm setupno longer creates Batch/Powershell scripts on Linux and macOS #8418. - When dlx uses cache, use the real directory path not the symlink to the cache #8421.
-
pnpm execnow supports executionEnv #8356. - Remove warnings for non-root
pnpmfield, add warnings for non-rootpnpmsubfields that aren'texecutionEnv#8143. - Replace semver in "peerDependency" with workspace protocol #8355.
- Fix a bug in
patch-commitin which relative path is rejected #8405. - Update Node.js in
@pnpm/exeto v20.
v9.7.0
Minor Changes
-
Added pnpm version management to pnpm. If the
manage-package-manager-versionssetting is set totrue, pnpm will switch to the version specified in thepackageManagerfield ofpackage.json#8363. This is the same field used by Corepack. Example:{ "packageManager": "pnpm@9.3.0" } -
Added the ability to apply patch to all versions: If the key of
pnpm.patchedDependenciesis a package name without a version (e.g.pkg), pnpm will attempt to apply the patch to all versions of the package. Failures will be skipped. If it is a package name and an exact version (e.g.pkg@x.y.z), pnpm will attempt to apply the patch to that exact version only. Failures will cause pnpm to fail.If there's only one version of
pkginstalled,pnpm patch pkgand subsequentpnpm patch-commit $edit_dirwill create an entry namedpkginpnpm.patchedDependencies. And pnpm will attempt to apply this patch to other versions ofpkgin the future.If there are multiple versions of
pkginstalled,pnpm patch pkgwill ask which version to edit and whether to attempt to apply the patch to all. If the user chooses to apply the patch to all,pnpm patch-commit $edit_dirwould create apkgentry inpnpm.patchedDependencies. If the user chooses not to apply the patch to all,pnpm patch-commit $edit_dirwould create apkg@x.y.zentry inpnpm.patchedDependencieswithx.y.zbeing the version the user chose to edit.If the user runs
pnpm patch pkg@x.y.zwithx.y.zbeing the exact version ofpkgthat has been installed,pnpm patch-commit $edit_dirwill always create apkg@x.y.zentry inpnpm.patchedDependencies. -
Change the default edit dir location when running
pnpm patchfrom a temporary directory tonode_modules/.pnpm_patches/pkg[@​version]to allow the code editor to open the edit dir in the same file tree as the main project. -
Substitute environment variables in config keys #6679.
Patch Changes
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.