turbo
turbo copied to clipboard
chore(deps): update pnpm to v7.9.0
This PR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
pnpm (source) | 7.2.1 -> 7.9.0 |
Release Notes
pnpm/pnpm
v7.9.0
Minor Changes
- When
ignore-dep-scripts
istrue
, ignore scripts of dependencies but run the scripts of the project. - When
ignore-compatibility-db
is set totrue
, the compatibility database will not be used to patch dependencies #5132. - Print the versions of packages in peer dependency warnings and errors.
- Support a new hook for passing a custom package importer to the store controller.
Patch Changes
- Don't print the same deprecation warning multiple times.
- On POSIX
pnpm setup
should suggest users to source the config instead of restarting the terminal. - Installing a package with
bin
that points to an.exe
file on Windows #5159. - Fix bug where the package manifest was not resolved if
verify-store-integrity
is set tofalse
. - Fix sorting of keys in lockfile to make it more deterministic and prevent unnecessary churn in the lockfile #5151.
- Don't create a separate bundle for pnpx.
Our Gold Sponsors
|
|
|
|
![]() |
|
|
v7.8.0
Minor Changes
- When
publishConfig.directory
is set, only symlink it to other workspace projects ifpublishConfig.linkDirectory
is set totrue
. Otherwise, only use it for publishing #5115.
Patch Changes
- Don't incorrectly identify a lockfile out-of-date when the package has a publishConfig.directory field #5124.
- Don't crash when a config file contains a setting with an env variable that doesn't exist #5093.
Our Gold Sponsors
|
|
|
|
![]() |
|
|
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.7.1...v7.8.0
v7.7.1
Patch Changes
- pnpm should not consider a lockfile out-of-date if
auto-install-peers
is set totrue
and the peer dependency is indevDependencies
oroptionalDependencies
#5080. - Don't incorrectly consider a lockfile out-of-date when
workspace:^
orworkspace:~
version specs are used in a workspace.
Our Gold Sponsors
|
|
|
|
![]() |
|
|
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.7.0...v7.7.1
v7.7.0
Minor Changes
-
Add experimental lockfile format that should merge conflict less in the
importers
section. Enabled by setting theuse-inline-specifiers-lockfile-format = true
feature flag in.npmrc
.If this feature flag is committed to a repo, we recommend setting the minimum allowed version of pnpm to this release in the
package.json
engines
field. Once this is set, older pnpm versions will throw on invalid lockfile versions. -
Add
publishDirectory
field to the lockfile and relink the project when it changes. -
verify-store-integrity=false
makes pnpm skip checking the integrities of files in the global content-addressable store. -
Allow to set
only-built-dependencies[]
through.npmrc
.
Patch Changes
- It should be possible to publish a package with local dependencies from a custom publish directory (set via
publishConfig.directory
) #3901. -
pnpm deploy
should inject local dependencies of all types (dependencies, optionalDependencies, devDependencies) #5078. - When a project in a workspace has a
publishConfig.directory
set, dependent projects should install the project from that directory #3901 - pnpm deploy: accept absolute paths and use cwd instead of workspaceDir for deploy target directory #4980.
-
pnpm setup should update
.zshrc
in the right directory when a$ZDOTDIR
is set.
Our Gold Sponsors
|
|
|
|
![]() |
|
|
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.6.0...v7.7.0
v7.6.0
Minor Changes
-
A new setting supported:
prefer-symlinked-executables
. Whentrue
, pnpm will create symlinks to executables innode_modules/.bin
instead of command shims (but on POSIX systems only).This setting is
true
by default whennode-linker
is set tohoisted
.Related issue: #4782.
-
When
lockfile-include-tarball-url
is set totrue
, every entry inpnpm-lock.yaml
will contain the full URL to the package's tarball #5054.
Patch Changes
-
pnpm deploy
should include all dependencies by default #5035. -
Don't print warnings about file verifications. Just print info messages instead.
-
pnpm publish --help
should print the--recursive
and--filter
options #5019. -
It should be possible to run exec/run/dlx with the
--use-node-version
option. -
pnpm deploy
should not modify the lockfile #5071 -
pnpm deploy
should not fail in CI #5071 -
When
auto-install-peers
is set totrue
, automatically install direct peer dependencies #5028.So if your project the next manifest:
{ "dependencies": { "lodash": "^4.17.21" }, "peerDependencies": { "react": "^18.2.0" } }
pnpm will install both lodash and react as a regular dependencies.
Our Gold Sponsors
|
|
|
|
![]() |
|
|
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.5.2...v7.6.0
v7.5.2
Patch Changes
- Don't print any info messages about .pnpmfile.cjs #5027.
- Do not print a package with unchanged version in the installation summary #5031.
Our Gold Sponsors
|
|
|
|
![]() |
|
|
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.5.1...v7.5.2
v7.5.1
Patch Changes
- Don't symlink the autoinstalled peer dependencies to the root of
node_modules
#4988. - Avoid retaining a copy of the contents of files deleted during patching #5003.
- Remove file reporter logging. Logged file is not useful #4949.
Our Gold Sponsors
|
|
|
|
![]() |
|
|
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.5.0...v7.5.1
v7.5.0
Minor Changes
-
A new value
rolling
for optionsave-workspace-protocol
. When selected, pnpm will save workspace versions using a rolling alias (e.g."foo": "workspace:^"
) instead of pinning the current version number (e.g."foo": "workspace:^1.0.0"
). Usage example, in the root of your workspace, create a.npmrc
with the following content:save-workspace-protocol=rolling
Patch Changes
-
pnpm remove <pkg>
should not fail in a workspace that has patches #4954 - The hash of the patch file should be the same on both Windows and POSIX #4961.
-
pnpm env use
should throw an error on a system that use the MUSL libc.
Our Gold Sponsors
|
|
|
|
![]() |
|
|
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.4.1...v7.5.0
v7.4.1
Patch Changes
-
pnpm install
in a workspace with patches should not fail when doing partial installation #4954. - Never skip lockfile resolution when the lockfile is not up-to-date and
--lockfile-only
is used. Even iffrozen-lockfile
istrue
#4951. - Never add an empty
patchedDependencies
field topnpm-lock.yaml
.
Our Gold Sponsors
|
|
|
![]() |
|
|
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.4.0...v7.4.1
v7.4.0
Minor Changes
-
Dependencies patching is possible via the
pnpm.patchedDependencies
field of thepackage.json
. To patch a package, the package name, exact version, and the relative path to the patch file should be specified. For instance:{ "pnpm": { "patchedDependencies": { "[email protected]": "./patches/[email protected]" } } }
-
Two new commands added:
pnpm patch
andpnpm patch-commit
.pnpm patch <pkg>
prepares a package for patching. For instance, if you want to patch express v1, run:pnpm patch [email protected]
pnpm will create a temporary directory with
[email protected]
that you can modify with your changes. Once you are read with your changes, run:pnpm patch-commit <path to temp folder>
This will create a patch file and write it to
<project>/patches/[email protected]
. Also, it will reference this new patch file from thepatchedDependencies
field inpackage.json
:{ "pnpm": { "patchedDependencies": { "[email protected]": "patches/[email protected]" } } }
-
A new experimental command added:
pnpm deploy
. The deploy command takes copies a project from a workspace and installs all of its production dependencies (even if some of those dependencies are other projects from the workspace).For example, the new command will deploy the project named
foo
to thedist
directory in the root of the workspace:pnpm --filter=foo deploy dist
-
package-import-method
supports a new option:clone-or-copy
. -
New setting added:
include-workspace-root
. When it is set totrue
, therun
,exec
,add
, andtest
commands will include the root package, when executed recursively #4906
Patch Changes
-
Don't crash when
pnpm update --interactive
is cancelled with Ctrl+c. -
The
use-node-version
setting should work with prerelease Node.js versions. For instance:use-node-version=18.0.0-rc.3
-
Return early when the lockfile is up-to-date.
-
Resolve native workspace path for case-insensitive file systems #4904.
-
Don't link local dev dependencies, when prod dependencies should only be installed.
-
pnpm audit --fix
should not add an override for a vulnerable package that has no fixes released. -
Update the compatibility database.
Our Gold Sponsors
|
|
|
![]() |
|
|
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.3.0...v7.4.0
v7.3.0
Minor Changes
-
A new setting added:
pnpm.peerDependencyRules.allowAny
.allowAny
is an array of package name patterns, any peer dependency matching the pattern will be resolved from any version, regardless of the range specified inpeerDependencies
. For instance:{ "pnpm": { "peerDependencyRules": { "allowAny": ["@​babel/*", "eslint"] } } }
The above setting will mute any warnings about peer dependency version mismatches related to
@babel/
packages oreslint
. -
The
pnpm.peerDependencyRules.ignoreMissing
setting may accept package name patterns. So you may ignore any missing@babel/*
peer dependencies, for instance:{ "pnpm": { "peerDependencyRules": { "ignoreMissing": ["@​babel/*"] } } }
-
Experimental. New settings added:
use-git-branch-lockfile
,merge-git-branch-lockfiles
,merge-git-branch-lockfiles-branch-pattern
#4475.
Patch Changes
- Packages that should be built are always cloned or copied from the store. This is required to prevent the postinstall scripts from modifying the original source files of the package.
Our Sponsors
|
|
![]() |
|
|
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.2.1...v7.3.0
Configuration
📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by Mend Renovate. View repository job log here.
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Updated |
---|---|---|---|
turbo-site | ✅ Ready (Inspect) | Visit Preview | Aug 29, 2022 at 2:20PM (UTC) |
Renovate Ignore Notification
As this PR has been closed unmerged, Renovate will now ignore this update (7.9.5). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps
array of your renovate config.
If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.