chore(deps): update pnpm to v10.7.0#118
Closed
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [pnpm](https://pnpm.io) ([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) | [`10.5.2` -> `10.7.0`](https://renovatebot.com/diffs/npm/pnpm/10.5.2/10.7.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>pnpm/pnpm (pnpm)</summary> ### [`v10.7.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1070) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v10.6.5...v10.7.0) ##### Minor Changes - `pnpm config get` and `list` also show settings set in `pnpm-workspace.yaml` files [#​9316](https://redirect.github.com/pnpm/pnpm/pull/9316). - It should be possible to use env variables in `pnpm-workspace.yaml` setting names and value. - Add an ability to patch dependencies by version ranges. Exact versions override version ranges, which in turn override name-only patches. Version range `*` is the same as name-only, except that patch application failure will not be ignored. For example: ```yaml patchedDependencies: foo: patches/foo-1.patch foo@^2.0.0: patches/foo-2.patch [email protected]: patches/foo-3.patch ``` The above configuration would apply `patches/foo-3.patch` to `[email protected]`, `patches/foo-2.patch` to all `foo` versions which satisfy `^2.0.0` except `2.1.0`, and `patches/foo-1.patch` to the remaining `foo` versions. > \[!WARNING] > The version ranges should not overlap. If you want to specialize a sub range, make sure to exclude it from the other keys. For example: > > ```yaml > # pnpm-workspace.yaml > patchedDependencies: > # the specialized sub range > '[email protected]': patches/foo.2.2.0-2.8.0.patch > # the more general patch, excluding the sub range above > 'foo@>=2.0.0 <2.2.0 || >2.8.0': 'patches/foo.gte2.patch > ``` > > In most cases, however, it's sufficient to just define an exact version to override the range. - `pnpm config set --location=project` saves the setting to a `pnpm-workspace.yaml` file if no `.npmrc` file is present in the directory [#​9316](https://redirect.github.com/pnpm/pnpm/pull/9316). - Rename `pnpm.allowNonAppliedPatches` to `pnpm.allowUnusedPatches`. The old name is still supported but it would print a deprecation warning message. - Add `pnpm.ignorePatchFailures` to manage whether pnpm would ignore patch application failures. If `ignorePatchFailures` is not set, pnpm would throw an error when patches with exact versions or version ranges fail to apply, and it would ignore failures from name-only patches. If `ignorePatchFailures` is explicitly set to `false`, pnpm would throw an error when any type of patch fails to apply. If `ignorePatchFailures` is explicitly set to `true`, pnpm would print a warning when any type of patch fails to apply. ##### Patch Changes - Remove dependency paths from audit output to prevent out-of-memory errors [#​9280](https://redirect.github.com/pnpm/pnpm/issues/9280). ### [`v10.6.5`](https://redirect.github.com/pnpm/pnpm/compare/v10.6.4...v10.6.5) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v10.6.4...v10.6.5) ### [`v10.6.4`](https://redirect.github.com/pnpm/pnpm/releases/tag/v10.6.4): pnpm 10.6.4 [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v10.6.3...v10.6.4) #### Patch Changes - Fix `pnpm dlx` with `--allow-build` flag [#​9263](https://redirect.github.com/pnpm/pnpm/issues/9263). - Invalid Node.js version in `use-node-version` should not cause pnpm itself to break [#​9276](https://redirect.github.com/pnpm/pnpm/issues/9276). - The max amount of workers running for linking packages from the store has been reduced to 4 to achieve optimal results [#​9286](https://redirect.github.com/pnpm/pnpm/issues/9286). The workers are performing many file system operations, so increasing the number of CPUs doesn't help performance after some point. #### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/sanity.svg" width="180" alt="Bit"></a> </td> <td align="center" valign="middle"> <a href="https://syntax.fm/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/syntaxfm.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/syntaxfm_light.svg" /> <img src="https://pnpm.io/img/users/syntaxfm.svg" width="90" alt="Syntax" /> </picture> </a> </td> </tr> </tbody> </table> #### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://uscreen.de/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/uscreen.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/uscreen_light.svg" /> <img src="https://pnpm.io/img/users/uscreen.svg" width="180" alt="u|screen" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.jetbrains.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/jetbrains.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/jetbrains.svg" /> <img src="https://pnpm.io/img/users/jetbrains.svg" width="180" alt="JetBrains" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg?0" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg?0" /> <img src="https://pnpm.io/img/users/nx.svg" width="70" alt="Nx" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://route4me.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/route4me.svg" width="220" alt="Route4Me" /> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.6.3`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1063) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v10.6.2...v10.6.3) ##### Patch Changes - `pnpm install --prod=false` should not crash, when executed in a project with a `pnpm-workspace.yaml` file [#​9233](https://redirect.github.com/pnpm/pnpm/issues/9233). This fixes regression introduced via [#​9211](https://redirect.github.com/pnpm/pnpm/pull/9211). - Add the missing `node-options` config to `recursive run` [#​9180](https://redirect.github.com/pnpm/pnpm/issues/9180). - Removed a branching code path that only executed when `dedupe-peer-dependents=false`. We believe this internal refactor will not result in behavior changes, but we expect it to make future pnpm versions behave more consistently for projects that override `dedupe-peer-dependents` to false. There should be less unique bugs from turning off `dedupe-peer-dependents`. See details in [#​9259](https://redirect.github.com/pnpm/pnpm/pull/9259). ### [`v10.6.2`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1062) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v10.6.1...v10.6.2) ##### Patch Changes - `pnpm self-update` should always update the version in the `packageManager` field of `package.json`. - Fix running pnpm CLI from pnpm CLI on Windows when the CLI is bundled to an executable [#​8971](https://redirect.github.com/pnpm/pnpm/issues/8971). - `pnpm patch-commit` will now use the same filesystem as the store directory to compare and create patch files. - Don't show info output when `--loglevel=error` is used. - `peerDependencyRules` should be set in `pnpm-workspace.yaml` to take effect. ### [`v10.6.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1061) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v10.6.0...v10.6.1) ##### Patch Changes - The pnpm CLI process should not stay hanging, when `--silent` reporting is used. - When `--loglevel` is set to `error`, don't show installation summary, execution time, and big tarball download progress. - Don't ignore pnpm.patchedDependencies from `package.json` [#​9226](https://redirect.github.com/pnpm/pnpm/issues/9226). - When executing the `approve-builds` command, if package.json contains `onlyBuiltDependencies` or `ignoredBuiltDependencies`, the selected dependency package will continue to be written into `package.json`. - When a package version cannot be found in the package metadata, print the registry from which the package was fetched. ### [`v10.6.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1060) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v10.5.2...v10.6.0) ##### Minor Changes - `pnpm-workspace.yaml` can now hold all the settings that `.npmrc` accepts. The settings should use camelCase [#​9211](https://redirect.github.com/pnpm/pnpm/pull/9211). `pnpm-workspace.yaml` example: ```yaml verifyDepsBeforeRun: install optimisticRepeatInstall: true publicHoistPattern: - "*types*" - "!@​types/react" ``` - Projects using a `file:` dependency on a local tarball file (i.e. `.tgz`, `.tar.gz`, `.tar`) will see a performance improvement during installation. Previously, using a `file:` dependency on a tarball caused the lockfile resolution step to always run. The lockfile will now be considered up-to-date if the tarball is unchanged. ##### Patch Changes - `pnpm self-update` should not leave a directory with a broken pnpm installation if the installation fails. - `fast-glob` replace with `tinyglobby` to reduce the size of the pnpm CLI dependencies [#​9169](https://redirect.github.com/pnpm/pnpm/pull/9169). - `pnpm deploy` should not remove fields from the deployed package's `package.json` file [#​9215](https://redirect.github.com/pnpm/pnpm/issues/9215). - `pnpm self-update` should not read the pnpm settings from the `package.json` file in the current working directory. - Fix `pnpm deploy` creating a `package.json` without the `imports` and `license` field [#​9193](https://redirect.github.com/pnpm/pnpm/issues/9193). - `pnpm update -i` should list only packages that have newer versions [#​9206](https://redirect.github.com/pnpm/pnpm/issues/9206). - Fix a bug causing entries in the `catalogs` section of the `pnpm-lock.yaml` file to be removed when `dedupe-peer-dependents=false` on a filtered install. [#​9112](https://redirect.github.com/pnpm/pnpm/issues/9112) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/alexandernanberg/eslint-config-alexandernanberg). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by renovate[bot] and has received 1 comments.
Add a comment
Comment form would go here