Skip to content

chore(deps): update pnpm to v8.11.0#9

Merged
Boshen merged 1 commit intomainfrom
renovate/pnpm-8.x
Dec 6, 2023
Merged

chore(deps): update pnpm to v8.11.0#9
Boshen merged 1 commit intomainfrom
renovate/pnpm-8.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 6, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pnpm (source) 8.2.0 -> 8.11.0 age adoption passing confidence

Release Notes

pnpm/pnpm (pnpm)

v8.11.0

Compare Source

Minor Changes

  • (IMPORTANT) When the package tarballs aren't hosted on the same domain on which the registry (the server with the package metadata) is, the dependency keys in the lockfile should only contain /<pkg_name>@&#8203;<pkg_version, not <domain>/<pkg_name>@&#8203;<pkg_version>.

    This change is a fix to avoid the same package from being added to node_modules/.pnpm multiple times. The change to the lockfile is backward compatible, so previous versions of pnpm will work with the fixed lockfile.

    We recommend that all team members update pnpm in order to avoid repeated changes in the lockfile.

    Related PR: #​7318.

Patch Changes

  • pnpm add a-module-already-in-dev-deps will show a message to notice the user that the package was not moved to "dependencies" #​926.
  • The modules directory should not be removed if the registry configuration has changed.
  • Fix missing auth tokens in registries with paths specified (e.g. //npm.pkg.github.com/pnpm). #​5970 #​2933

Our Gold Sponsors

Our Silver Sponsors

v8.10.5

Compare Source

Patch Changes

  • Don't fail on an empty pnpm-workspace.yaml file #​7307.

Our Gold Sponsors

Our Silver Sponsors

v8.10.4

Compare Source

Patch Changes

  • Fixed out-of-memory exception that was happening on dependencies with many peer dependencies, when node-linker was set to hoisted #​6227.

Our Gold Sponsors

Our Silver Sponsors

v8.10.3

Compare Source

Patch Changes

  • (Important) Increased the default amount of allowed concurrent network request on systems that have more than 16 CPUs #​7285.

  • pnpm patch should reuse existing patch when shared-workspace-file=false #​7252.

  • Don't retry fetching missing packages, since the retries will never work #​7276.

  • When using pnpm store prune --force alien directories are removed from the store #​7272.

  • Downgraded npm-packlist because the newer version significantly slows down the installation of local directory dependencies, making it unbearably slow.

    npm-packlist was upgraded in this PR to fix #​6997. We added our own file deduplication to fix the issue of duplicate file entries.

  • Fixed a performance regression on running installation on a project with an up to date lockfile #​7297.

  • Throw an error on invalid pnpm-workspace.yaml file #​7273.

Our Gold Sponsors

Our Silver Sponsors

v8.10.2

Compare Source

Patch Changes

  • Fixed a regression that was shipped with pnpm v8.10.0. Dependencies that were already built should not be rebuilt on repeat install. This issue was introduced via the changes related to supportedArchitectures. Related issue #​7268.

Our Gold Sponsors

Our Silver Sponsors

v8.10.1

Compare Source

Patch Changes

  • (Important) Tarball resolutions in pnpm-lock.yaml will no longer contain a registry field. This field has been unused for a long time. This change should not cause any issues besides backward compatible modifications to the lockfile #​7262.
  • Fix issue when trying to use pnpm dlx in the root of a Windows Drive #​7263.
  • Optional dependencies that do not have to be built will be reflinked (or hardlinked) to the store instead of copied #​7046.
  • If a package's tarball cannot be fetched, print the dependency chain that leads to the failed package #​7265.
  • After upgrading one of our dependencies, we started to sometimes have an error on publish. We have forked @npmcli/arborist to patch it with a fix #​7269.

Our Gold Sponsors

Our Silver Sponsors

v8.10.0

Compare Source

Minor Changes

  • Support for multiple architectures when installing dependencies #​5965.

    You can now specify architectures for which you'd like to install optional dependencies, even if they don't match the architecture of the system running the install. Use the supportedArchitectures field in package.json to define your preferences.

    For example, the following configuration tells pnpm to install optional dependencies for Windows x64:

    {
  "pnpm": {
    "supportedArchitectures": {
      "os": ["win32"],
      "cpu": ["x64"]
    }
  }
}

    Whereas this configuration will have pnpm install optional dependencies for Windows, macOS, and the architecture of the system currently running the install. It includes artifacts for both x64 and arm64 CPUs:

    {
  "pnpm": {
    "supportedArchitectures": {
      "os": ["win32", "darwin", "current"],
      "cpu": ["x64", "arm64"]
    }
  }
}

    Additionally, supportedArchitectures also supports specifying the libc of the system.

  • The pnpm licenses list command now accepts the --filter option to check the licenses of the dependencies of a subset of workspace projects #​5806.

Patch Changes

  • Allow scoped name as bin name #​7112.

  • When running scripts recursively inside a workspace, the logs of the scripts are grouped together in some CI tools. (Only works with --workspace-concurrency 1)

  • Print a warning when installing a dependency from a non-existent directory #​7159

  • Should fetch dependency from tarball url when patching dependency installed from git #​7196

  • pnpm setup should add a newline at the end of the updated shell config file #​7227.

  • Improved the performance of linking bins of hoisted dependencies to node_modules/.pnpm/node_modules/.bin #​7212.

  • Wrongful ELIFECYCLE error on program termination #​7164.

  • pnpm publish should not pack the same file twice sometimes #​6997.

    The fix was to update npm-packlist to the latest version.

Our Gold Sponsors
Our Silver Sponsors

v8.9.2

Compare Source

Patch Changes
  • Don't use reflink on Windows #​7186.
  • Do not run node-gyp rebuild if preinstall lifecycle script is present #​7206.
Our Gold Sponsors
Our Silver Sponsors

v8.9.1

Compare Source

Patch Changes
  • Optimize selection result output of pnpm update --interactive 7109
  • When shared-workspace-lockfile is set to false, read the pnpm settings from package.json files that are nested. This was broken in pnpm v8.9.0 #​7184.
  • Fix file cloning to node_modules on Windows Dev Drives #​7186. This is a fix to a regression that was shipped with v8.9.0.
  • pnpm dlx should ignore any settings that are in a package.json file found in the current working directory #​7198.
Our Gold Sponsors
Our Silver Sponsors

v8.9.0

Compare Source

Minor Changes

  • 🚀Performance improvement: Use reflinks instead of hard links by default on macOS and Windows Dev Drives #​5001.

  • The list of packages that are allowed to run installation scripts now may be provided in a separate configuration file. The path to the file should be specified via the pnpm.onlyBuiltDependenciesFile field in package.json. For instance:

    {
  "dependencies": {
    "@&#8203;my-org/policy": "1.0.0"
  }
  "pnpm": {
    "onlyBuiltDependenciesFile": "node_modules/@&#8203;my-org/policy/allow-build.json"
  }
}

    In the example above, the list is loaded from a dependency. The JSON file with the list should contain an array of package names. For instance:

    ["esbuild", "@&#8203;reflink/reflink"]

    With the above list, only esbuild and @reflink/reflink will be allowed to run scripts during installation.

    Related issue: #​7137.

  • Add disallow-workspace-cycles option to error instead of warn about cyclic dependencies

  • Allow env rm to remove multiple node versions at once, and introduce env add for installing node versions without setting as default #​7155.

Patch Changes

  • Fix memory error in pnpm why when the dependencies tree is too big, the command will now prune the tree to just 10 end leafs and now supports --depth argument #​7122.
  • Use neverBuiltDependencies and onlyBuiltDependencies from the root package.json of the workspace, when shared-workspace-lockfile is set to false #​7141.
  • Optimize peers resolution to avoid out-of-memory exceptions in some rare cases, when there are too many circular dependencies and peer dependencies #​7149.
  • Instead of pnpm.overrides replacing resolutions, the two are now merged. This is intended to make it easier to migrate from Yarn by allowing one to keep using resolutions for Yarn, but adding additional changes just for pnpm using pnpm.overrides.

Our Gold Sponsors

Our Silver Sponsors

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@codecov
Copy link

codecov bot commented Dec 6, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (5ab7554) 94.10% compared to head (014f4ff) 94.10%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main       #9   +/-   ##
=======================================
  Coverage   94.10%   94.10%           
=======================================
  Files          11       11           
  Lines        2258     2258           
=======================================
  Hits         2125     2125           
  Misses        133      133

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Boshen Boshen merged commit 7a15eb0 into main Dec 6, 2023
@Boshen Boshen deleted the renovate/pnpm-8.x branch December 6, 2023 09:08
This was referenced May 5, 2025
Closed
Merged
Boshen pushed a commit that referenced this pull request May 9, 2025
@oxc-bot
chore: release (#506)
a5b322c 
## 🤖 New release

* `oxc_resolver`: 8.0.0 -> 9.0.0 (⚠ API breaking changes)
* `oxc_napi_resolver`: 8.0.0

### ⚠ `oxc_resolver` breaking changes

```text
--- failure constructible_struct_adds_field: externally-constructible struct adds field ---

Description:
A pub struct constructible with a struct literal has a new pub field. Existing struct literals must be updated to include the new field.
        ref: https://doc.rust-lang.org/reference/expressions/struct-expr.html
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.40.0/src/lints/constructible_struct_adds_field.ron

Failed in:
  field ResolveOptions.modules in /tmp/.tmpTBvVad/oxc-resolver/src/options.rs:114

--- failure trait_method_added: pub trait method added ---

Description:
A non-sealed public trait added a new method without a default implementation, which breaks downstream implementations of the trait
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#trait-new-item-no-default
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.40.0/src/lints/trait_method_added.ron

Failed in:
  trait method oxc_resolver::CachedPath::module_directory in file /tmp/.tmpTBvVad/oxc-resolver/src/cache.rs:69
  trait method oxc_resolver::CachedPath::cached_node_modules in file /tmp/.tmpTBvVad/oxc-resolver/src/cache.rs:76
```

<details><summary><i><b>Changelog</b></i></summary><p>

## `oxc_resolver`

<blockquote>

##
[9.0.0](oxc_resolver-v8.0.0...oxc_resolver-v9.0.0)
- 2025-05-09

### <!-- 1 -->Bug Fixes

- hash import does not need to load from node_modules
([#501](#501))

### <!-- 7 -->Chore

- add `--tsconfig` to example
([#505](#505))
- publish `oxc_napi_resolver`
([#496](#496))
</blockquote>

## `oxc_napi_resolver`

<blockquote>

##
[8.0.0](https://github.com/oxc-project/oxc-resolver/releases/tag/oxc_napi_resolver-v8.0.0)
- 2025-05-09

### <!-- 0 -->Features

- *(napi)* add mimalloc
([#423](#423))
- [**breaking**] Rust Edition 2024
([#402](#402))
- expose `package_json_path`
([#376](#376))
- *(napi)* expose module type info in ResolveResult
([#223](#223))
- *(napi)* add tracing via `OXC_LOG:DEBUG`
([#202](#202))
- *(napi)* add async API
([#191](#191))
- add `imports_fields` option
([#138](#138))
- add more builder functions for options
([#110](#110))
- *(napi)* support wasi target
([#31](#31))
- add file_dependencies and missing_dependencies API
([#50](#50))
- *(napi)* expose cloneWithOptions and clearCache methods
([#40](#40))
- *(napi)* update the doc and type for tsconfig references
([#24](#24))
- *(napi)* add options
([#19](#19))
- *(resolver)* add tracing-subscriber feature
([#904](#904))
- *(resolver)* tsconfig project references
([#862](#862))
- *(resolver)* add thiserror
([#847](#847))
- *(resolver)* implement nested alias field
([#795](#795))
- *(resolver)* implement tsconfig-paths
([#750](#750))
- *(resolver)* implement configurable `exports_fields` option
([#733](#733))
- *(resolver)* implement `main_fields`
- *(resolver)* implement resolveToContext
([#694](#694))
- *(resolver)* implement restrictions (path only)
([#693](#693))
- *(resolver)* implement fully specified
([#687](#687))
- *(resolver)* imports field
([#681](#681))
- *(resolver)* finish most of exports field
([#674](#674))
- *(resolver)* port the rest of the exports field tests
([#659](#659))
- *(resolver)* implement symlinks
([#582](#582))
- *(resolver)* complete query and fragment parsing
([#579](#579))
- *(resolver)* add preferRelative and preferAbsolute
([#577](#577))
- *(resolver)* implement roots
([#576](#576))
- *(resolver)* implement fallback
([#572](#572))
- *(resolver)* implement enforceExtension
([#566](#566))
- *(resolver)* implement descriptionFiles option
([#565](#565))
- *(resolver)* implement the basics of path alias
([#564](#564))
- *(resolver)* accept different file system implementations
([#562](#562))
- *(resolver)* implement browser field
([#561](#561))
- *(resolver)* implement scoped packages
([#558](#558))
- *(resolver)* port incorrect description file test
([#557](#557))
- *(resolver)* implement extension_alias
([#556](#556))
- *(resolver)* port resolve tests
([#555](#555))
- *(resolver)* resolve extensions
([#549](#549))
- *(resolver)* add resolver test fixtures
([#542](#542))

### <!-- 1 -->Bug Fixes

- hash import does not need to load from node_modules
([#501](#501))
- *(napi)* `new ResolverFactory()` options should be optional
([#256](#256))
- *(napi)* update buggy NAPI-RS versions
([#225](#225))
- canonicalize is not supported on wasi target
([#124](#124))
- resolve "browser" field when "exports" is present
([#59](#59))

### <!-- 4 -->Refactor

- [**breaking**] remove `description_files` option
([#488](#488))
- [**breaking**] remove `modules` options
([#484](#484))
- vitest ([#380](#380))
- apply latest `cargo +nightly fmt`
([#281](#281))
- selectively parse package_json fields instead of parsing everything
([#103](#103))
- *(resolver)* clean up some code and tests
- *(resolver)* change internal funcs to non-pub by moving to unit tests
([#682](#682))

### <!-- 7 -->Chore

- publish `oxc_napi_resolver`
([#496](#496))
- *(napi)* make mimalloc optional to build
([#495](#495))
- *(README)* add wasm usage example
- *(README)* crates.io badge use recent downloads
- *(napi)* auto download wasm binding on webcontainer
([#471](#471))
- use root package.json for napi build
([#469](#469))
- *(deps)* update github-actions
([#444](#444))
- *(deps)* lock file maintenance npm packages
([#436](#436))
- bump napi
([#404](#404))
- *(deps)* lock file maintenance npm packages
([#391](#391))
- *(deps)* lock file maintenance rust crates
([#390](#390))
- *(README)* clarify Rust and node.js usages
- add dprint
([#326](#326))
- *(deps)* update napi-rs to 3.0.0-alpha
- `cargo upgrade` && `pnpm upgrade`
- *(deps)* update napi-rs to 3.0.0-alpha
- update napi changes
- *(deps)* update rust crate napi-derive to 3.0.0-alpha
- *(deps)* update rust crate napi to 3.0.0-alpha
- *(deps)* update napi-rs to 2.16.8
- *(napi)* make napi binary smaller with minimal tracing features
([#213](#213))
- *(napi)* remove tokio
([#212](#212))
- document directory is an absolute path for `resolve(directory,
specifier)`
([#206](#206))
- re-enable the wasi build
([#193](#193))
- use pnpm workspace
([#182](#182))
- *(deps)* update rust crates
([#176](#176))
- *(napi)* update NAPI-RS cli version and binding template
([#111](#111))
- update project github url
- *(deps)* update pnpm to v8.14.1
([#52](#52))
- *(deps)* update pnpm to v8.14.0
([#48](#48))
- *(deps)* update pnpm to v8.13.1
([#42](#42))
- remove FIXME comments
- *(napi)* align `*Fields` user options with enhanced-resolve
([#35](#35))
- *(deps)* update pnpm to v8.12.1
([#21](#21))
- add some doc for napi TsconfigOptions
([#20](#20))
- *(deps)* update pnpm to v8.12.0
([#18](#18))
- *(README)* adding debugging command from Rspack
- *(deps)* update pnpm to v8.11.0
([#9](#9))
- *(resolver)* remove tracing_subscriber
([#1362](https://github.com/oxc-project/oxc-resolver/pull/1362))
- *(resolver)* improve documentation
([#591](#591))

### <!-- 8 -->CI

- check for napi .d.index changes
([#491](#491))
- *(release-napi)* support `riscv64gc-unknown-linux-gnu` and
`s390x-unknown-linux-gnu`
([#451](#451))
</blockquote>


</p></details>

---
This PR was generated with
[release-plz](https://github.com/release-plz/release-plz/).
JounQin pushed a commit that referenced this pull request Jul 6, 2025
@SoonIter
chore: update deps (#9)
a19e20c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Boshen