Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update pnpm to v10.0.0-beta.0 #1025

Merged
merged 1 commit into from
Nov 28, 2024
Merged

chore(deps): update pnpm to v10.0.0-beta.0 #1025

merged 1 commit into from
Nov 28, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 28, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pnpm (source) 10.0.0-alpha.4+sha512.a766482ed7e5802db8966144e1de4918a71bc6b0f11d65d21fc719ce23fe6af38f527ae3b97e826f2378126f620b4d8950d1a990862c8666506cff017ee1d4cc -> 10.0.0-beta.0 age adoption passing confidence

Release Notes

pnpm/pnpm (pnpm)

v10.0.0-beta.0

Compare Source

Major Changes
  • The pnpm link command adds overrides to the root package.json. In a workspace the override is added to the root of the workspace, so it links the dependency to all projects in a workspace.

    To link a package globally, just run pnpm link from the package's directory. Previously, the command pnpm link -g was required to link a package globally.

    Related PR: #​8653.

  • Use sha256 for hashing long paths inside node_modules/.pnpm.

  • Using SHA256 instead of md5 for hashing long peer dependency hashes in the lockfile. Should not affect a lot of users as the hashing is used for really long keys in the lockfile.

  • pnpm will now manage it's own versions according to the packageManager filed of package.json. To disable this, set manage-package-manager-versions to false.

  • pnpm test should pass all the params after the test keyword to the underlying script. This is similar to how pnpm run test works #​8619.

  • Changed the hash stored in the packageExtensionsChecksum field of pnpm-lock.yaml to SHA256.

  • Use an SHA256 hash for the side effects cache keys.

  • Do not hoist to the root of node_modules packages that contain the word eslint or prettier in their name. Changed the default value of the public-hoist-pattern setting #​8378.

  • Update the compatibility database (@yarnpkg/extensions to v2.0.3). This might change your lockfile.

  • Use SHA256 for storing the pnpmfile checksum in the lockfile #​8530.

  • Some registries allow identical content to be published under different package names or versions. To accommodate this, index files in the store are now stored using both the content hash and package identifier.

    This approach ensures that we can:

    1. Validate that the integrity in the lockfile corresponds to the correct package,
      which might not be the case after a poorly resolved Git conflict.
    2. Allow the same content to be referenced by different packages or different versions of the same package.

    Related PR: #​8510
    Related issue: #​8204

  • Allow passing CLI flags and options to pnpm test without -- #​4821.

  • Changed the structure of the index files in the store to store side effects cache information more efficiently. In the new version, side effects do not list all the files of the package but just the differences #​8636.

  • The default value of virtual-store-dir-max-length on Windows reduced to 60 characters.

  • Escape the # character in directory names within the virtual store (node_modules/.pnpm) #​8557.

  • Store version bumped to v10. The new store layout has a different directory called "index" for storing the package content mappings. Previously these files were stored in the same directory where the package contents are (in "files"). The new store has also a new format for storing the mappings for side-effects cache.

  • pnpm add --global pnpm or (pnpm add --global @​pnpm/exe) fails with an error suggesting to use pnpm self-update #​8728.

Minor Changes
  • Added a new setting called verify-deps-before-run for checking the state of dependencies before running scripts #​8585. The verify-deps-before-run setting supports the following values:

    • install - Automatically runs install if node_modules are not up to date.
    • warn - Prints a warning if node_modules is not up to date.
    • prompt - Prompts the user for permission to run install if node_modules is not up to date.
    • error - Throws an error if node_modules is not up to date.
    • false - Disables dependency checks.
Patch Changes
  • The dlx command should always resolve packages to their exact versions and use those exact versions to create a cache key. This way dlx will always install the newest versions of the directly requested packages #​8811.
  • Don't validate (and possibly purge) node_modules in commands which should not modify it (e.g. pnpm install --lockfile-only) #​8657.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot merged commit 4fddd74 into v2 Nov 28, 2024
11 checks passed
@renovate renovate bot deleted the renovate/pnpm-10.x branch November 28, 2024 16:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

0 participants