Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
8.15.9
->9.12.3
Release Notes
pnpm/pnpm (pnpm)
v9.12.3
Compare Source
Patch Changes
node_modules
, when typing "n" in the prompt that asks whether to removenode_modules
before installation #8655.manage-package-manager-versions=true
is set and the.tools
directory is corrupt.crypto.hash
, when available, for improved performance #8629.package.json
at the root of the workspace #8667.manage-package-manager-versions
is set totrue
, errors spawning a self-managed version ofpnpm
will now be shown (instead of being silent).v9.12.2
Compare Source
Patch Changes
v9.12.1
Compare Source
Patch Changes
pnpm update --latest
should not update the automatically installed peer dependencies #6657.pnpm publish
should be able to publish from a local tarball #7950.EBUSY
errors caused by creating symlinks in paralleldlx
processes #8604.v9.12.0
Compare Source
Minor Changes
Fix peer dependency resolution dead lock #8570. This change might change some of the keys in the
snapshots
field insidepnpm-lock.yaml
but it should happen very rarely.pnpm outdated
command supports now a--sort-by=name
option for sorting outdated dependencies by package name #8523.Added the ability for
overrides
to remove dependencies by specifying"-"
as the field value #8572. For example, to removelodash
from the dependencies, use this configuration inpackage.json
:Patch Changes
pnpm list --json pkg
showed"private": false
for a private package #8519.libc
that differ frompnpm.supportedArchitectures.libc
are not downloaded #7362.ENOENT
errors caused by runningstore prune
in parallel #8586.pnpm bugs
#8596.v9.11.0
Compare Source
Minor Changes
pnpm cache
commands for inspecting the metadata cache #8512.Patch Changes
pnpm deploy
withnode-linker=hoisted
produces an emptynode_modules
directory #6682.pnpm deploy
should work in workspace withshared-workspace-lockfile=false
#8475.v9.10.0
Compare Source
Minor Changes
Support for a new CLI flag,
--exclude-peers
, added to thelist
andwhy
commands. When--exclude-peers
is used, peer dependencies are not printed in the results, but dependencies of peer dependencies are still scanned #8506.Added a new setting to
package.json
atpnpm.auditConfig.ignoreGhsas
for ignoring vulnerabilities by their GHSA code #6838.For instance:
Patch Changes
v9.9.0
Compare Source
Minor Changes
Minor breaking change. This change might result in resolving your peer dependencies slightly differently but we don't expect it to introduce issues.
We had to optimize how we resolve peer dependencies in order to fix some infinite loops and out-of-memory errors during peer dependencies resolution.
When a peer dependency is a prod dependency somewhere in the dependency graph (with the same version), pnpm will resolve the peers of that peer dependency in the same way across the subgraph.
For example, we have
react-dom
in the peer deps of theform
andbutton
packages.card
hasreact-dom
andreact
as regular dependencies andcard
is a dependency ofform
.These are the direct dependencies of our example project:
These are the dependencies of card:
When resolving peers, pnpm will not re-resolve
react-dom
forcard
, even thoughcard
shadowsreact@16
from the root withreact@17
. So, all 3 packages (form
,card
, andbutton
) will usereact-dom@16
, which in turn usesreact@16
.form
will usereact@16
, whilecard
andbutton
will usereact@17
.Before this optimization
react-dom@16
was duplicated for thecard
, so thatcard
andbutton
would use areact-dom@16
instance that usesreact@17
.Before the change:
After the change
Patch Changes
pnpm deploy
should write thenode_modules/.modules.yaml
to thenode_modules
directory within the deploy directory #7731.node_modules
if it already points to the right location pnpm/symlink-dir#54.v9.8.0
Compare Source
Minor Changes
Added a new command for upgrading pnpm itself when it isn't managed by Corepack:
pnpm self-update
. This command will work, when pnpm was installed via the standalone script from the pnpm installation page #8424.When executed in a project that has a
packageManager
field in itspackage.json
file, pnpm will update its version in thepackageManager
field.Patch Changes
CLI tools installed in the root of the workspace should be added to the PATH, when running scripts and
use-node-version
is set.pnpm setup
should never switch to another version of pnpm.This fixes installation with the standalone script from a directory that has a
package.json
with thepackageManager
field. pnpm was installing the version of pnpm specified in thepackageManager
field due to this issue.Ignore non-string value in the os, cpu, libc fields, which checking optional dependencies #8431.
Remember the state of edit dir, allow running
pnpm patch-commit
the second time without having to re-runpnpm patch
.v9.7.1
Compare Source
Patch Changes
public-hoist-pattern
andhoist-pattern
via env variables #8339.pnpm setup
no longer creates Batch/Powershell scripts on Linux and macOS #8418.pnpm exec
now supports executionEnv #8356.pnpm
field, add warnings for non-rootpnpm
subfields that aren'texecutionEnv
#8143.patch-commit
in which relative path is rejected #8405.@pnpm/exe
to v20.v9.7.0
Compare Source
Minor Changes
Added pnpm version management to pnpm. If the
manage-package-manager-versions
setting is set totrue
, pnpm will switch to the version specified in thepackageManager
field ofpackage.json
#8363. This is the same field used by Corepack. Example:Added the ability to apply patch to all versions:
If the key of
pnpm.patchedDependencies
is a package name without a version (e.g.pkg
), pnpm will attempt to apply the patch to all versions ofthe package. Failures will be skipped.
If it is a package name and an exact version (e.g.
[email protected]
), pnpm will attempt to apply the patch to that exact version only. Failures willcause pnpm to fail.
If there's only one version of
pkg
installed,pnpm patch pkg
and subsequentpnpm patch-commit $edit_dir
will create an entry namedpkg
inpnpm.patchedDependencies
. And pnpm will attempt to apply this patch to other versions ofpkg
in the future.If there are multiple versions of
pkg
installed,pnpm patch pkg
will ask which version to edit and whether to attempt to apply the patch to all.If the user chooses to apply the patch to all,
pnpm patch-commit $edit_dir
would create apkg
entry inpnpm.patchedDependencies
.If the user chooses not to apply the patch to all,
pnpm patch-commit $edit_dir
would create a[email protected]
entry inpnpm.patchedDependencies
withx.y.z
being the version the user chose to edit.If the user runs
pnpm patch [email protected]
withx.y.z
being the exact version ofpkg
that has been installed,pnpm patch-commit $edit_dir
will alwayscreate a
[email protected]
entry inpnpm.patchedDependencies
.Change the default edit dir location when running
pnpm patch
from a temporary directory tonode_modules/.pnpm_patches/pkg[@​version]
to allow the code editor to open the edit dir in the same file tree as the main project.Substitute environment variables in config keys #6679.
Patch Changes
pnpm install
should runnode-gyp rebuild
if the project has abinding.gyp
file even if the project doesn't have an install script #8293.v9.6.0
Compare Source
Minor Changes
pnpm.executionEnv.nodeVersion
inpackage.json
) for running lifecycle scripts per each package in a workspace #6720.catalogs:
protocol #8303.Patch Changes
pnpm deploy
command now supports thecatalog:
protocol #8298.pnpm outdated
command now supports thecatalog:
protocol #8304.pnpm patch
withoutnode_modules/.modules.yaml
#8257.pnpm exec
command #7608.v9.5.0
Compare Source
Minor Changes
Added support for catalogs 8122.
Catalogs may be declared in the
pnpm-workspace.yaml
file. For example:v9.4.0
Compare Source
Minor Changes
strict-store-pkg-content-check
setting tofalse
#4724.Patch Changes
package-manager-strict-version
missing in config #8195.v9.3.0
Compare Source
Minor Changes
peers-suffix-max-length
setting #8177.Patch Changes
reporter-hide-prefix
totrue
by default forpnpm exec
. In order to show prefix, the user now has to explicitly setreporter-hide-prefix=false
#8174.v9.2.0
Compare Source
Minor Changes
package-manager-strict-version
is set totrue
, pnpm will fail if its version doesn't exactly match the version in the "packageManager" field ofpackage.json
.Patch Changes
@yarnpkg/pnp
to the latest version, fixing issue withnode:
imports #8161.package.json
#8087.exec
now also streams prefixed output when--recursive
or--parallel
is specified just asrun
does #8065.v9.1.4
Compare Source
Patch Changes
v9.1.3
Compare Source
Patch Changes
optional=false
#8066.v9.1.2
Compare Source
Patch Changes
pnpm licenses
output are not misplaced anymore #8071.v9.1.1
Compare Source
Patch Changes
link:
now preserve absolute path #8053.file:
overrides for workspace package #8053.resolution-mode
is set totime-based
and the registry fails to return the"time"
field in the package's metadata.v9.1.0
Compare Source
Minor Changes
virtual-store-dir-max-length
added to modify the maximum allowed length of the directories insidenode_modules/.pnpm
. The default length is set to 120 characters. This setting is particularly useful on Windows, where there is a limit to the maximum length of a file path #7355.Patch Changes
pnpm outdated
output are wrapped correctly #8037.Cannot read properties of undefined (reading 'missingPeersOfChildren')
exception that happens on install #8041.publish
orpack
whenbundledDependencies
is set butnode-linker
isn'thoisted
.pnpm update
should not fail when there's an aliased local workspace dependency #7975.v9.0.6
Compare Source
Patch Changes
pnpm install --frozen-lockfile
#7991.v9.0.5
Compare Source
Patch Changes
v9.0.4
Compare Source
Patch Changes
engines.pnpm
field in thepackage.json
files of dependencies should be ignored #7965.v9.0.3
Compare Source
Patch Changes
script-shell
option is configured to a.bat
/.cmd
file on Windows, pnpm will now error withERR_PNPM_INVALID_SCRIPT_SHELL_WINDOWS
. Newer versions of Node.js released in April 2024 do not support executing these files directly without behavior differences. If thescript-shell
option is necessary for your use-case, please set a.exe
file instead.package-manager-strict
setting, when pnpm doesn't match the version specified in thepackageManager
field inpackage.json
.pnpm completion
command should work in the standalone version of pnpm #7948.v9.0.2
Compare Source
Patch Changes
node_modules
#7943.v9.0.1
Compare Source
Patch Changes
pnpm install --frozen-lockfile
should work with lockfiles generated by pnpm v8, if they don't need updates #7934.v9.0.0
Compare Source
Major Changes
Node.js v16 support discontinued
If you still require Node.js 16, don't worry. We ship pnpm bundled with Node.js. This means that regardless of which Node.js version you've installed, pnpm will operate using the necessary Node.js runtime. For this to work you need to install pnpm either using the standalone script or install the
@pnpm/exe
package.Configuration updates:
dedupe-injected-deps
: enabled by default.link-workspace-packages
: disabled by default. This means that by default, dependencies will be linked from workspace packages only when they are specified using the workspace protocol.hoist-workspace-packages
: enabled by default.enable-pre-post-scripts
: enabled by default.~/.local/state/pnpm
).package.json
file for apackageManager
field. If this field is present and specifies a different package manager or a different version of pnpm than the one you're currently using, pnpm will not proceed. This ensures that you're always using the correct package manager and version that the project requires.Lockfile changes:
Dependency resolution changes:
Related issue: #7444.
Related PR: #7606.
pnpm licenses list
prints license information of all versions of the same package in case different versions use different licenses. The format of thepnpm licenses list --json
output has been changed #7528.A new command added for printing completion code to the console:
pnpm completion [shell]
. The old command that modified the user's shell dotfiles has been removed #3083.When installing git-hosted dependencies, only pick the files that would be packed with the package #7638.
Minor Changes
It is now possible to install only a subdirectory from a Git repository.
For example,
pnpm add github:user/repo#path:packages/foo
will add a dependency from thepackages/foo
subdirectory.This new parameter may be combined with other supported parameters separated by
&
. For instance, the next command will install the same package from thedev
branch:pnpm add github:user/repo#dev&path:packages/bar
.Related issue: #4765.
Related PR: #7487.
node-gyp
updated to version 10.PowerShell completion support added #7597.
Support
node-options
option inside.npmrc
file when running scripts #7596.Added support for registry-scoped SSL configurations (cert, key, and ca). Three new settings supported:
<registryURL>:certfile
,<registryURL>:keyfile
, and<registryURL>:ca
. For instance:Related issue: #7427.
Related PR: #7626.
Add a field named
ignoredOptionalDependencies
. This is an array of strings. If an optional dependency has its name included in this array, it will be skipped #7714.The checksum of the
.pnpmfile.cjs
is saved into the lockfile. If the pnpmfile gets modified, the lockfile is reanalyzed to apply the changes #7662.Added cache for
pnpm dlx
#5277.Patch Changes
--lockfile-only
installation #1328.pnpm dlx
should not read settings from the current working directory #7916.Configuration
📅 Schedule: Branch creation - "before 5am on Monday" in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.