Skip to content

Update dependency @pnpm/types to ^8.10.0 #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mend-5034428 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency @pnpm/types to ^8.10.0 #19

mend-5034428 wants to merge 1 commit into from

Conversation

@mend-5034428
Copy link

@mend-5034428 mend-5034428 bot commented Oct 18, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@pnpm/types (source) ^8.4.0 -> ^8.10.0 age adoption passing confidence

Release Notes

pnpm/pnpm (@​pnpm/types)

v8.10.0

Compare Source

Minor Changes

  • Support for multiple architectures when installing dependencies #​5965.

    You can now specify architectures for which you'd like to install optional dependencies, even if they don't match the architecture of the system running the install. Use the supportedArchitectures field in package.json to define your preferences.

    For example, the following configuration tells pnpm to install optional dependencies for Windows x64:

    {
  "pnpm": {
    "supportedArchitectures": {
      "os": ["win32"],
      "cpu": ["x64"]
    }
  }
}

    Whereas this configuration will have pnpm install optional dependencies for Windows, macOS, and the architecture of the system currently running the install. It includes artifacts for both x64 and arm64 CPUs:

    {
  "pnpm": {
    "supportedArchitectures": {
      "os": ["win32", "darwin", "current"],
      "cpu": ["x64", "arm64"]
    }
  }
}

    Additionally, supportedArchitectures also supports specifying the libc of the system.

  • The pnpm licenses list command now accepts the --filter option to check the licenses of the dependencies of a subset of workspace projects #​5806.

Patch Changes

  • Allow scoped name as bin name #​7112.

  • When running scripts recursively inside a workspace, the logs of the scripts are grouped together in some CI tools. (Only works with --workspace-concurrency 1)

  • Print a warning when installing a dependency from a non-existent directory #​7159

  • Should fetch dependency from tarball url when patching dependency installed from git #​7196

  • pnpm setup should add a newline at the end of the updated shell config file #​7227.

  • Improved the performance of linking bins of hoisted dependencies to node_modules/.pnpm/node_modules/.bin #​7212.

  • Wrongful ELIFECYCLE error on program termination #​7164.

  • pnpm publish should not pack the same file twice sometimes #​6997.

    The fix was to update npm-packlist to the latest version.

Our Gold Sponsors

Our Silver Sponsors

v8.9.0

Compare Source

Minor Changes

  • 🚀Performance improvement: Use reflinks instead of hard links by default on macOS and Windows Dev Drives #​5001.

  • The list of packages that are allowed to run installation scripts now may be provided in a separate configuration file. The path to the file should be specified via the pnpm.onlyBuiltDependenciesFile field in package.json. For instance:

    {
  "dependencies": {
    "@​my-org/policy": "1.0.0"
  }
  "pnpm": {
    "onlyBuiltDependenciesFile": "node_modules/@​my-org/policy/allow-build.json"
  }
}

    In the example above, the list is loaded from a dependency. The JSON file with the list should contain an array of package names. For instance:

    ["esbuild", "@​reflink/reflink"]

    With the above list, only esbuild and @reflink/reflink will be allowed to run scripts during installation.

    Related issue: #​7137.

  • Add disallow-workspace-cycles option to error instead of warn about cyclic dependencies

  • Allow env rm to remove multiple node versions at once, and introduce env add for installing node versions without setting as default #​7155.

Patch Changes

  • Fix memory error in pnpm why when the dependencies tree is too big, the command will now prune the tree to just 10 end leafs and now supports --depth argument #​7122.
  • Use neverBuiltDependencies and onlyBuiltDependencies from the root package.json of the workspace, when shared-workspace-lockfile is set to false #​7141.
  • Optimize peers resolution to avoid out-of-memory exceptions in some rare cases, when there are too many circular dependencies and peer dependencies #​7149.
  • Instead of pnpm.overrides replacing resolutions, the two are now merged. This is intended to make it easier to migrate from Yarn by allowing one to keep using resolutions for Yarn, but adding additional changes just for pnpm using pnpm.overrides.

Our Gold Sponsors

Our Silver Sponsors

v8.8.0

Compare Source

Minor Changes

  • Add --reporter-hide-prefix option for run command to hide project name as prefix for lifecycle log outputs of running scripts #​7061.

Patch Changes

  • Pass through the --ignore-scripts command to install, when running pnpm dedupe --ignore-scripts #​7102.
  • Throw meaningful error for config sub commands#​7106.
  • When the node-linker is set to hoisted, the package.json files of the existing dependencies inside node_modules will be checked to verify their actual versions. The data in the node_modules/.modules.yaml and node_modules/.pnpm/lock.yaml may not be fully reliable, as an installation may fail after changes to dependencies were made but before those state files were updated #​7107.
  • Don't update git-hosted dependencies when adding an unrelated dependency #​7008.

Our Gold Sponsors

Our Silver Sponsors

v8.7.0

Compare Source

Minor Changes

  • Improve performance of installation by using a worker pool for extracting packages and writing them to the content-addressable store #​6850
  • The default value of the resolution-mode setting is changed to highest. This setting was changed to lowest-direct in v8.0.0 and some users were not happy with the change. A twitter poll concluded that most of the users want the old behaviour (resolution-mode set to highest by default). This is a semi-breaking change but should not affect users that commit their lockfile #​6463.

Patch Changes

  • Warn when linking a package with peerDependencies #​615.
  • Add support for npm lockfile v3 in pnpm import #​6233.
  • Override peerDependencies in pnpm.overrides #​6759.
  • Respect workspace alias syntax in pkg graph #​6922
  • Emit a clear error message when users attempt to specify an undownloadable node version #​6916.
  • pnpm patch should write patch files with a trailing newline #​6905.
  • Dedupe deps with the same alias in direct dependencies 6966
  • Don't prefix install output for the dlx command.
  • Performance optimizations. Package tarballs are now download directly to memory and built to an ArrayBuffer. Hashing and other operations are avoided until the stream has been fully received #​6819.

Our Gold Sponsors

Our Silver Sponsors

v8.6.0

Compare Source

Minor Changes

  • Some settings influence the structure of the lockfile, so we cannot reuse the lockfile if those settings change. As a result, we need to store such settings in the lockfile. This way we will know with which settings the lockfile has been created.

    A new field will now be present in the lockfile: settings. It will store the values of two settings: autoInstallPeers and excludeLinksFromLockfile. If someone tries to perform a frozen-lockfile installation and their active settings don't match the ones in the lockfile, then an error message will be thrown.

    The lockfile format version is bumped from v6.0 to v6.1.

    Related PR: #​6557
    Related issue: #​6312

  • A new setting, exclude-links-from-lockfile, is now supported. When enabled, specifiers of local linked dependencies won't be duplicated in the lockfile.

    This setting was primarily added for use by Bit CLI, which links core aspects to node_modules from external directories. As such, the locations may vary across different machines, resulting in the generation of lockfiles with differing locations.

Patch Changes

  • Don't print "Lockfile is up-to-date" message before finishing all the lockfile checks #​6544.
  • When updating dependencies, preserve the range prefix in aliased dependencies. So npm:foo@1.0.0 becomes npm:foo@1.1.0.
  • Print a meaningful error when a project referenced by the workspace: protocol is not found in the workspace #​4477.
  • pnpm rebuild should not fail when node-linker is set to hoisted and there are skipped optional dependencies #​6553.
  • Peers resolution should not fail when a linked in dependency resolves a peer dependency.
  • Build projects in a workspace in correct order #​6568.

Our Gold Sponsors

Our Silver Sponsors

v8.5.0

Compare Source

Minor Changes

  • pnpm patch-remove command added #​6521.

Patch Changes

  • pnpm link -g <pkg-name> should not modify the package.json file #​4341.
  • The deploy command should not ask for confirmation to purge the node_modules directory #​6510.
  • Show cyclic workspace dependency details #​5059.
  • Node.js range specified through the engines field should match prerelease versions #​6509.

Our Gold Sponsors

Our Silver Sponsors

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

@mend-5034428 mend-5034428 bot force-pushed the whitesource-remediate/pnpm-types-8.x branch from 1cd018a to 0795490 Compare September 2, 2025 01:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant