Skip to content

chore(deps): update pnpm to v9.10.0

Renovate Bot a demandé de fusionner renovate/pnpm-9.x vers main

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
pnpm (source) 9.7.0+sha512.dc09430156b427f5ecfc79888899e1c39d2d690f004be70e05230b72cb173d96839587545d09429b55ac3c429c801b4dc3c0e002f653830a420fa2dd4e3cf9cf -> 9.10.0 age adoption passing confidence

Release Notes

pnpm/pnpm (pnpm)

v9.10.0: pnpm 9.10

Compare Source

Minor Changes

  • Support for a new CLI flag, --exclude-peers, added to the list and why commands. When --exclude-peers is used, peer dependencies are not printed in the results, but dependencies of peer dependencies are still scanned #​8506.

  • Added a new setting to package.json at pnpm.auditConfig.ignoreGhsas for ignoring vulnerabilities by their GHSA code #​6838.

    For instance:

    {
  "pnpm": {
    "auditConfig": {
      "ignoreGhsas": [
        "GHSA-42xw-2xvc-qx8m",
        "GHSA-4w2v-q235-vp99",
        "GHSA-cph5-m8f7-6c5x",
        "GHSA-vh95-rmgr-6w4m"
      ]
    }
  }
}

Patch Changes

  • Throw an exception if pnpm switches to the same version of itself.
  • Reduce memory usage during peer dependencies resolution.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v9.9.0: pnpm 9.9

Compare Source

Minor Changes

  • Minor breaking change. This change might result in resolving your peer dependencies slightly differently but we don't expect it to introduce issues.

    We had to optimize how we resolve peer dependencies in order to fix some infinite loops and out-of-memory errors during peer dependencies resolution.

    When a peer dependency is a prod dependency somewhere in the dependency graph (with the same version), pnpm will resolve the peers of that peer dependency in the same way across the subgraph.

    For example, we have react-dom in the peer deps of the form and button packages. card has react-dom and react as regular dependencies and card is a dependency of form.

    These are the direct dependencies of our example project:

    form
react@16
react-dom@16

    These are the dependencies of card:

    button
react@17
react-dom@16

    When resolving peers, pnpm will not re-resolve react-dom for card, even though card shadows react@16 from the root with react@17. So, all 3 packages (form, card, and button) will use react-dom@16, which in turn uses react@16. form will use react@16, while card and button will use react@17.

    Before this optimization react-dom@16 was duplicated for the card, so that card and button would use a react-dom@16 instance that uses react@17.

    Before the change:

    form
-> react-dom@16(react@16)
-> react@16
card
-> react-dom@16(react@17)
-> react@17
button
-> react-dom@16(react@17)
-> react@17

    After the change

    form
-> react-dom@16(react@16)
-> react@16
card
-> react-dom@16(react@16)
-> react@17
button
-> react-dom@16(react@16)
-> react@17

Patch Changes

  • pnpm deploy should write the node_modules/.modules.yaml to the node_modules directory within the deploy directory #​7731.
  • Don't override a symlink in node_modules if it already points to the right location pnpm/symlink-dir#54.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v9.8.0: pnpm 9.8

Compare Source

Minor Changes

  • Added a new command for upgrading pnpm itself when it isn't managed by Corepack: pnpm self-update. This command will work, when pnpm was installed via the standalone script from the pnpm installation page #​8424.

    When executed in a project that has a packageManager field in its package.json file, pnpm will update its version in the packageManager field.

Patch Changes

  • CLI tools installed in the root of the workspace should be added to the PATH, when running scripts and use-node-version is set.

  • pnpm setup should never switch to another version of pnpm.

    This fixes installation with the standalone script from a directory that has a package.json with the packageManager field. pnpm was installing the version of pnpm specified in the packageManager field due to this issue.

  • Ignore non-string value in the os, cpu, libc fields, which checking optional dependencies #​8431.

  • Remember the state of edit dir, allow running pnpm patch-commit the second time without having to re-run pnpm patch.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v9.7.1: pnpm 9.7.1

Compare Source

Patch Changes

  • Fixed passing public-hoist-pattern and hoist-pattern via env variables #​8339.
  • pnpm setup no longer creates Batch/Powershell scripts on Linux and macOS #​8418.
  • When dlx uses cache, use the real directory path not the symlink to the cache #​8421.
  • pnpm exec now supports executionEnv #​8356.
  • Remove warnings for non-root pnpm field, add warnings for non-root pnpm subfields that aren't executionEnv #​8143.
  • Replace semver in "peerDependency" with workspace protocol #​8355.
  • Fix a bug in patch-commit in which relative path is rejected #​8405.
  • Update Node.js in @pnpm/exe to v20.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Rapports de requête de fusion