You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: detect reverted catalog entries on install (#12438)
* fix: detect reverted catalog entries on install
After an update bumped a catalog entry in pnpm-workspace.yaml, the workspace
state cache stored the pre-update catalog versions, so reverting the entry back
to its original version was reported as "Already up to date" instead of
reinstalling the previous version.
Fold the catalogs written during the install into the catalogs recorded in the
workspace state so a later install detects the reverted entry as outdated.
Closes#12418
* fix: harden catalog merge against prototype pollution and entry loss
Address review feedback on the catalog-merge helper:
- mergeCatalogs now builds null-prototype records and copies entries with
Object.defineProperty, so a catalog or dependency name like __proto__
(which can flow in from parsed pnpm-workspace.yaml) becomes an ordinary
own property instead of corrupting the result's prototype.
- The recursive per-project install path now accumulates updatedCatalogs
with mergeCatalogs instead of a shallow Object.assign, so two projects
updating different entries of the same catalog no longer clobber each
other.
Fix `pnpm install` reporting "Already up to date" after a catalog entry in `pnpm-workspace.yaml` was reverted to a previous version. After an update modified a catalog, the workspace state cache stored the pre-update catalog versions, so reverting the entry back to its original version was not detected as an outdated state [#12418](https://github.com/pnpm/pnpm/issues/12418).
0 commit comments