This PR contains the following updates:
Release Notes
pnpm/pnpm (pnpm)
Compare Source
Patch Changes
- When checking whether a file in the store has executable permissions, the new approach checks if at least one of the executable bits (owner, group, and others) is set to 1. Previously, a file was incorrectly considered executable only when all the executable bits were set to 1. This fix ensures that files with any executable permission, regardless of the user class, are now correctly identified as executable #8546.
Platinum Sponsors
Gold Sponsors
Our Silver Sponsors
Compare Source
Patch Changes
-
pnpm update --latest should not update the automatically installed peer dependencies #6657.
-
pnpm publish should be able to publish from a local tarball #7950.
- The pnpx command should work correctly on Windows, when pnpm is installed via the standalone installation script #8608.
- Prevent
EBUSY errors caused by creating symlinks in parallel dlx processes #8604.
- Fix maximum call stack size exceeded error related to circular workspace dependencies #8599.
Platinum Sponsors
Gold Sponsors
Our Silver Sponsors
Compare Source
Minor Changes
-
Fix peer dependency resolution dead lock #8570. This change might change some of the keys in the snapshots field inside pnpm-lock.yaml but it should happen very rarely.
-
pnpm outdated command supports now a --sort-by=name option for sorting outdated dependencies by package name #8523.
-
Added the ability for overrides to remove dependencies by specifying "-" as the field value #8572. For example, to remove lodash from the dependencies, use this configuration in package.json:
{
"pnpm": {
"overrides": {
"lodash": "-"
}
}
}
Patch Changes
- Fixed an issue where
pnpm list --json pkg showed "private": false for a private package #8519.
- Packages with
libc that differ from pnpm.supportedArchitectures.libc are not downloaded #7362.
- Prevent
ENOENT errors caused by running store prune in parallel #8586.
- Add issues alias to
pnpm bugs #8596.
Platinum Sponsors
Gold Sponsors
Our Silver Sponsors
Compare Source
Compare Source
Minor Changes
-
Support for a new CLI flag, --exclude-peers, added to the list and why commands. When --exclude-peers is used, peer dependencies are not printed in the results, but dependencies of peer dependencies are still scanned #8506.
-
Added a new setting to package.json at pnpm.auditConfig.ignoreGhsas for ignoring vulnerabilities by their GHSA code #6838.
For instance:
{
"pnpm": {
"auditConfig": {
"ignoreGhsas": [
"GHSA-42xw-2xvc-qx8m",
"GHSA-4w2v-q235-vp99",
"GHSA-cph5-m8f7-6c5x",
"GHSA-vh95-rmgr-6w4m"
]
}
}
}
Patch Changes
- Throw an exception if pnpm switches to the same version of itself.
- Reduce memory usage during peer dependencies resolution.
Platinum Sponsors
Gold Sponsors
Our Silver Sponsors
Compare Source
Compare Source
Compare Source
Compare Source
Minor Changes
-
Added pnpm version management. If the manage-package-manager-versions setting is set to true, pnpm will switch to the version specified in the packageManager field of package.json #8363. This is the same field used by Corepack. Example:
{
"packageManager": "[email protected]"
}
-
Added the ability to apply patch to all versions #8337.
If the key of pnpm.patchedDependencies is a package name without a version (e.g. pkg), pnpm will attempt to apply the patch to all versions of the package. Failures will be skipped. If there's only one version of pkg installed, pnpm patch pkg and subsequent pnpm patch-commit $edit_dir will create an entry named pkg in pnpm.patchedDependencies. And pnpm will attempt to apply this patch to other versions of pkg in the future.
-
Change the default edit dir location when running pnpm patch from a temporary directory to node_modules/.pnpm_patches/pkg[@​version] to allow the code editor to open the edit dir in the same file tree as the main project #8379.
-
Substitute environment variables in config keys #6679.
Patch Changes
-
pnpm install should run node-gyp rebuild if the project has a binding.gyp file even if the project doesn't have an install script #8293.
- Print warnings to stderr #8342.
- Peer dependencies of optional peer dependencies should be automatically installed #8323.
Platinum Sponsors
Gold Sponsors
Our Silver Sponsors
Compare Source
Minor Changes
- Support specifying node version (via
pnpm.executionEnv.nodeVersion in package.json) for running lifecycle scripts per each package in a workspace #6720.
- Overrides now support the
catalogs: protocol #8303.
Patch Changes
- The
pnpm deploy command now supports the catalog: protocol #8298.
- The
pnpm outdated command now supports the catalog: protocol #8304.
- Correct the error message when trying to run
pnpm patch without node_modules/.modules.yaml #8257.
- Silent reporting fixed with the
pnpm exec command #7608.
- Add registries information to the calculation of dlx cache hash #8299.
Platinum Sponsors
Gold Sponsors
Our Silver Sponsors
Compare Source
Compare Source
Compare Source
Minor Changes
-
Semi-breaking. Dependency key names in the lockfile are shortened if they are longer than 1000 characters. We don't expect this change to affect many users. Affected users most probably can't run install successfully at the moment. This change is required to fix some edge cases in which installation fails with an out-of-memory error or "Invalid string length (RangeError: Invalid string length)" error. The max allowed length of the dependency key can be controlled with the
peers-suffix-max-length setting #8177.
Patch Changes
- Set
reporter-hide-prefix to true by default for pnpm exec. In order to show prefix, the user now has to explicitly set reporter-hide-prefix=false #8174.
Platinum Sponsors
Gold Sponsors
Our Silver Sponsors
data copied to clipboard
emberjs
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}