Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update pnpm to v8.12.0 #261

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update pnpm to v8.12.0 #261

wants to merge 2 commits into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 24, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pnpm (source) 8.6.11 -> 8.12.0 age adoption passing confidence

Release Notes

pnpm/pnpm (pnpm)

v8.12.0

Compare Source

Minor Changes

  • Add support for basic authorization header #​7371.

Patch Changes

  • Fix a bug where pnpm incorrectly passes a flag to a run handler as a fallback command #​7244.
  • When dedupe-direct-deps is set to true, commands of dependencies should be deduplicated #​7359.

Our Gold Sponsors

Our Silver Sponsors

v8.11.0

Compare Source

Minor Changes

  • (IMPORTANT) When the package tarballs aren't hosted on the same domain on which the registry (the server with the package metadata) is, the dependency keys in the lockfile should only contain /<pkg_name>@&#8203;<pkg_version, not <domain>/<pkg_name>@&#8203;<pkg_version>.

    This change is a fix to avoid the same package from being added to node_modules/.pnpm multiple times. The change to the lockfile is backward compatible, so previous versions of pnpm will work with the fixed lockfile.

    We recommend that all team members update pnpm in order to avoid repeated changes in the lockfile.

    Related PR: #​7318.

Patch Changes

  • pnpm add a-module-already-in-dev-deps will show a message to notice the user that the package was not moved to "dependencies" #​926.
  • The modules directory should not be removed if the registry configuration has changed.
  • Fix missing auth tokens in registries with paths specified (e.g. //npm.pkg.github.com/pnpm). #​5970 #​2933

Our Gold Sponsors

Our Silver Sponsors

v8.10.5

Compare Source

Patch Changes

  • Don't fail on an empty pnpm-workspace.yaml file #​7307.

Our Gold Sponsors

Our Silver Sponsors

v8.10.4

Compare Source

Patch Changes

  • Fixed out-of-memory exception that was happening on dependencies with many peer dependencies, when node-linker was set to hoisted #​6227.

Our Gold Sponsors

Our Silver Sponsors

v8.10.3

Compare Source

Patch Changes

  • (Important) Increased the default amount of allowed concurrent network request on systems that have more than 16 CPUs #​7285.

  • pnpm patch should reuse existing patch when shared-workspace-file=false #​7252.

  • Don't retry fetching missing packages, since the retries will never work #​7276.

  • When using pnpm store prune --force alien directories are removed from the store #​7272.

  • Downgraded npm-packlist because the newer version significantly slows down the installation of local directory dependencies, making it unbearably slow.

    npm-packlist was upgraded in this PR to fix #​6997. We added our own file deduplication to fix the issue of duplicate file entries.

  • Fixed a performance regression on running installation on a project with an up to date lockfile #​7297.

  • Throw an error on invalid pnpm-workspace.yaml file #​7273.

Our Gold Sponsors

Our Silver Sponsors

v8.10.2

Compare Source

Patch Changes

  • Fixed a regression that was shipped with pnpm v8.10.0. Dependencies that were already built should not be rebuilt on repeat install. This issue was introduced via the changes related to supportedArchitectures. Related issue #​7268.

Our Gold Sponsors

Our Silver Sponsors

v8.10.1

Compare Source

Patch Changes

  • (Important) Tarball resolutions in pnpm-lock.yaml will no longer contain a registry field. This field has been unused for a long time. This change should not cause any issues besides backward compatible modifications to the lockfile #​7262.
  • Fix issue when trying to use pnpm dlx in the root of a Windows Drive #​7263.
  • Optional dependencies that do not have to be built will be reflinked (or hardlinked) to the store instead of copied #​7046.
  • If a package's tarball cannot be fetched, print the dependency chain that leads to the failed package #​7265.
  • After upgrading one of our dependencies, we started to sometimes have an error on publish. We have forked @npmcli/arborist to patch it with a fix #​7269.

Our Gold Sponsors

Our Silver Sponsors

v8.10.0

Compare Source

Minor Changes
  • Support for multiple architectures when installing dependencies #​5965.

    You can now specify architectures for which you'd like to install optional dependencies, even if they don't match the architecture of the system running the install. Use the supportedArchitectures field in package.json to define your preferences.

    For example, the following configuration tells pnpm to install optional dependencies for Windows x64:

    {
      "pnpm": {
        "supportedArchitectures": {
          "os": ["win32"],
          "cpu": ["x64"]
        }
      }
    }

    Whereas this configuration will have pnpm install optional dependencies for Windows, macOS, and the architecture of the system currently running the install. It includes artifacts for both x64 and arm64 CPUs:

    {
      "pnpm": {
        "supportedArchitectures": {
          "os": ["win32", "darwin", "current"],
          "cpu": ["x64", "arm64"]
        }
      }
    }

    Additionally, supportedArchitectures also supports specifying the libc of the system.

  • The pnpm licenses list command now accepts the --filter option to check the licenses of the dependencies of a subset of workspace projects #​5806.

Patch Changes
  • Allow scoped name as bin name #​7112.

  • When running scripts recursively inside a workspace, the logs of the scripts are grouped together in some CI tools. (Only works with --workspace-concurrency 1)

  • Print a warning when installing a dependency from a non-existent directory #​7159

  • Should fetch dependency from tarball url when patching dependency installed from git #​7196

  • pnpm setup should add a newline at the end of the updated shell config file #​7227.

  • Improved the performance of linking bins of hoisted dependencies to node_modules/.pnpm/node_modules/.bin #​7212.

  • Wrongful ELIFECYCLE error on program termination #​7164.

  • pnpm publish should not pack the same file twice sometimes #​6997.

    The fix was to update npm-packlist to the latest version.

Our Gold Sponsors
Our Silver Sponsors

v8.9.2

Compare Source

Patch Changes
  • Don't use reflink on Windows #​7186.
  • Do not run node-gyp rebuild if preinstall lifecycle script is present #​7206.
Our Gold Sponsors
Our Silver Sponsors

v8.9.1

Compare Source

Patch Changes
  • Optimize selection result output of pnpm update --interactive 7109
  • When shared-workspace-lockfile is set to false, read the pnpm settings from package.json files that are nested. This was broken in pnpm v8.9.0 #​7184.
  • Fix file cloning to node_modules on Windows Dev Drives #​7186. This is a fix to a regression that was shipped with v8.9.0.
  • pnpm dlx should ignore any settings that are in a package.json file found in the current working directory #​7198.
Our Gold Sponsors
Our Silver Sponsors
Mend Renovate. View repository job log here.

@renovate renovate bot added the renovate By renovate bot label Nov 24, 2023
Copy link
Contributor Author

renovate bot commented Nov 24, 2023

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: frontend/dashboard/yarn.lock
error This project's package.json defines "packageManager": "yarn@[email protected]". However the current global version of Yarn is 1.22.21.

Presence of the "packageManager" field indicates that the project is meant to be used with Corepack, a tool included by default with all official Node.js distributions starting from 16.9 and 14.19.
Corepack must currently be enabled by running corepack enable in your terminal. For more information, check out https://yarnpkg.com/corepack.

@github-actions github-actions bot added the backend バックエンド関連 label Nov 24, 2023
@renovate renovate bot force-pushed the renovate/pnpm-8.x branch from 40cf41d to c621665 Compare November 24, 2023 23:53
@renovate renovate bot changed the title Update pnpm to v8.10.5 Update pnpm to v8.11.0 Nov 24, 2023
@renovate renovate bot force-pushed the renovate/pnpm-8.x branch from c621665 to c466fd5 Compare November 25, 2023 02:15
@renovate renovate bot force-pushed the renovate/pnpm-8.x branch from c466fd5 to 6154e09 Compare December 9, 2023 00:58
@renovate renovate bot changed the title Update pnpm to v8.11.0 Update pnpm to v8.12.0 Dec 9, 2023
Copy link
Contributor Author

renovate bot commented Dec 9, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backend バックエンド関連 renovate By renovate bot
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants