search

mainmatter / ember-hotspots

Create interactive prototypes from scratch and design mockups using little code but the full power of the Ember.js ecosystem.
https://simplabs.github.io/ember-hotspots/
MIT License
5 stars 0 forks source link

Update dependency pnpm to v7 - autoclosed #38

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pnpm (source) 6.35.1 -> 7.30.5 age adoption passing confidence

Release Notes

pnpm/pnpm ### [`v7.30.5`](https://togithub.com/pnpm/pnpm/releases/tag/v7.30.5) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.30.4...v7.30.5) #### Patch Changes - `pnpm audit` should work even if there are no `package.json` file, just a `pnpm-lock.yaml` file. - Dedupe direct dependencies after hoisting. - Don't remove automatically installed peer dependencies from the root workspace project, when `dedupe-peer-dependents` is `true` [#​6154](https://togithub.com/pnpm/pnpm/issues/6154). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.30.4`](https://togithub.com/pnpm/pnpm/compare/v7.30.3...v7.30.4) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.30.3...v7.30.4) ### [`v7.30.3`](https://togithub.com/pnpm/pnpm/releases/tag/v7.30.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.30.2...v7.30.3) #### Patch Changes - Should use most specific override rule when multiple rules match the same target [#​6210](https://togithub.com/pnpm/pnpm/issues/6210). - Fix regression introduced in v7.30.1 [#​6271](https://togithub.com/pnpm/pnpm/issues/6271). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.30.2`](https://togithub.com/pnpm/pnpm/compare/v7.30.1...v7.30.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.30.1...v7.30.2) ### [`v7.30.1`](https://togithub.com/pnpm/pnpm/releases/tag/v7.30.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.30.0...v7.30.1) #### Patch Changes - Don't write the `pnpm-lock.yaml` file if it has no changes and `pnpm install --frozen-lockfile` was executed [#​6158](https://togithub.com/pnpm/pnpm/issues/6158). - Fix git-hosted dependencies referenced via `git+ssh` that use semver selectors [#​6239](https://togithub.com/pnpm/pnpm/pull/6239). - When publish some package throws an error, the exit code should be non-zero [#​5528](https://togithub.com/pnpm/pnpm/issues/5528). - Only three paths are displayed in `pnpm audit` output [#​6203](https://togithub.com/pnpm/pnpm/issues/6203) - Aliased packages should be used to resolve peer dependencies too [#​4301](https://togithub.com/pnpm/pnpm/issues/4301). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.30.0`](https://togithub.com/pnpm/pnpm/releases/tag/v7.30.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.29.3...v7.30.0) #### Minor Changes - Allow to set a custom directory for storing patch files via the `patches-dir` setting [#​6215](https://togithub.com/pnpm/pnpm/pull/6215) #### Patch Changes - New directories should be prepended to NODE_PATH in command shims, not appended. - Retry copying file on EBUSY error [#​6201](https://togithub.com/pnpm/pnpm/issues/6201). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.29.3`](https://togithub.com/pnpm/pnpm/releases/tag/v7.29.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.29.2...v7.29.3) #### Patch Changes - Command shim should not set higher priority to the `node_modules/.pnpm/node_modules` directory through the `NODE_PATH` env variable, then the command's own `node_modules` directory [#​5176](https://togithub.com/pnpm/pnpm/issues/5176). - `extend-node-path` is set back to `true` by default. It was set to `false` in v7.29.2 in order to fix issues with multiple versions of Jest in one workspace. It has caused other issues, so now we keep extending `NODE_PATH`. We have fixed the Jest issue with a different solution [#​6213](https://togithub.com/pnpm/pnpm/issues/6213). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.29.2`](https://togithub.com/pnpm/pnpm/compare/v7.29.1...v7.29.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.29.1...v7.29.2) ### [`v7.29.1`](https://togithub.com/pnpm/pnpm/releases/tag/v7.29.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.29.0...v7.29.1) #### Patch Changes - Settings related to authorization should be set/deleted by npm CLI [#​6181](https://togithub.com/pnpm/pnpm/issues/6181). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.29.0`](https://togithub.com/pnpm/pnpm/releases/tag/v7.29.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.28.0...v7.29.0) #### Minor Changes - A new setting is now supported: `dedupe-peer-dependents`. When this setting is set to `true`, packages with peer dependencies will be deduplicated after peers resolution. For instance, let's say we have a workspace with two projects and both of them have `webpack` in their dependencies. `webpack` has `esbuild` in its optional peer dependencies, and one of the projects has `esbuild` in its dependencies. In this case, pnpm will link two instances of `webpack` to the `node_modules/.pnpm` directory: one with `esbuild` and another one without it: node_modules .pnpm webpack@1.0.0_esbuild@1.0.0 webpack@1.0.0 project1 node_modules webpack -> ../../node_modules/.pnpm/webpack@1.0.0/node_modules/webpack project2 node_modules webpack -> ../../node_modules/.pnpm/webpack@1.0.0_esbuild@1.0.0/node_modules/webpack esbuild This makes sense because `webpack` is used in two projects, and one of the projects doesn't have `esbuild`, so the two projects cannot share the same instance of `webpack`. However, this is not what most developers expect, especially since in a hoisted `node_modules`, there would only be one instance of `webpack`. Therefore, you may now use the `dedupe-peer-dependents` setting to deduplicate `webpack` when it has no conflicting peer dependencies (explanation at the end). In this case, if we set `dedupe-peer-dependents` to `true`, both projects will use the same `webpack` instance, which is the one that has `esbuild` resolved: node_modules .pnpm webpack@1.0.0_esbuild@1.0.0 project1 node_modules webpack -> ../../node_modules/.pnpm/webpack@1.0.0_esbuild@1.0.0/node_modules/webpack project2 node_modules webpack -> ../../node_modules/.pnpm/webpack@1.0.0_esbuild@1.0.0/node_modules/webpack esbuild **What are conflicting peer dependencies?** By conflicting peer dependencies we mean a scenario like the following one: node_modules .pnpm webpack@1.0.0_react@16.0.0_esbuild@1.0.0 webpack@1.0.0_react@17.0.0 project1 node_modules webpack -> ../../node_modules/.pnpm/webpack@1.0.0/node_modules/webpack react (v17) project2 node_modules webpack -> ../../node_modules/.pnpm/webpack@1.0.0_esbuild@1.0.0/node_modules/webpack esbuild react (v16) In this case, we cannot dedupe `webpack` as `webpack` has `react` in its peer dependencies and `react` is resolved from two different versions in the context of the two projects. #### Patch Changes - The configuration added by `pnpm setup` should check if the pnpm home directory is already in the PATH before adding to the PATH. Before this change, this code was added to the shell: ```sh export PNPM_HOME="$HOME/Library/pnpm" export PATH="$PNPM_HOME:$PATH" ``` Now this will be added: ```sh export PNPM_HOME="$HOME/Library/pnpm" case ":$PATH:" in *":$PNPM_HOME:"*) ;; *) export PATH="$PNPM_HOME:$PATH" ;; esac ``` - Add `skipped` status in exec report summary when script is missing [#​6139](https://togithub.com/pnpm/pnpm/pull/6139). - `pnpm env -g` should fail with a meaningful error message if pnpm cannot find the pnpm home directory, which is the directory into which Node.js is installed. - Should not throw an error when local dependency use file protocol [#​6115](https://togithub.com/pnpm/pnpm/issues/6115). - Fix the incorrect error block when subproject has been patched [#​6183](https://togithub.com/pnpm/pnpm/issues/6183) #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.28.0`](https://togithub.com/pnpm/pnpm/releases/tag/v7.28.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.27.1...v7.28.0) #### Minor Changes - Add `--report-summary` for `pnpm exec` and `pnpm run` [#​6008](https://togithub.com/pnpm/pnpm/issues/6008). - Show path info for `pnpm why --json` or `--long` [#​6103](https://togithub.com/pnpm/pnpm/issues/6103). - Extend the `pnpm.peerDependencyRules.allowedVersions` `package.json` option to support the `parent>child` selector syntax. This syntax allows for extending specific `peerDependencies` [#​6108](https://togithub.com/pnpm/pnpm/pull/6108). #### Patch Changes - Update the lockfile if a workspace has a new project with no dependencies. - Fix a case of installs not being deterministic and causing lockfile changes between repeat installs. When a dependency only declares `peerDependenciesMeta` and not `peerDependencies`, `dependencies`, or `optionalDependencies`, the dependency's peers were not considered deterministically before. - `patch-commit` should auto apply patches in workspaces [#​6048](https://togithub.com/pnpm/pnpm/issues/6048) - Automatically fix conflicts in v6 lockfile. - `pnpm config set` should write to the global config file by default [#​5877](https://togithub.com/pnpm/pnpm/issues/5877). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.27.1`](https://togithub.com/pnpm/pnpm/releases/tag/v7.27.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.27.0...v7.27.1) #### Patch Changes - Add `store path` description to the `pnpm` cli help. - Print a hint that suggests to run `pnpm store prune`, when a tarball integrity error happens. - Don't retry installation if the integrity checksum of a package failed and no lockfile was present. - Fail with a meaningful error message when cannot parse a proxy URL. - The `strict-ssl`, `ca`, `key`, and `cert` settings should work with HTTPS proxy servers [#​4689](https://togithub.com/pnpm/pnpm/issues/4689). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.27.0`](https://togithub.com/pnpm/pnpm/releases/tag/v7.27.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.26.3...v7.27.0) #### Minor Changes - A new `resolution-mode` added: `lowest-direct`. With this resolution mode direct dependencies will be resolved to their lowest versions. So if there is `foo@^1.1.0` in the dependencies, then `1.1.0` will be installed, even if the latest version of `foo` is `1.2.0`. - Support script selector with RegExp such as `pnpm run /build:.*/` and execute the matched scripts with the RegExp [#​5871](https://togithub.com/pnpm/pnpm/pull/5871). #### Patch Changes - Fix version number replacing for namespaced workspace packages. `workspace:@​foo/bar@*` should be replaced with `npm:@​foo/bar@` on publish [#​6052](https://togithub.com/pnpm/pnpm/pull/6052). - When resolving dependencies, prefer versions that are already used in the root of the project. This is important to minimize the number of packages that will be nested during hoisting [#​6054](https://togithub.com/pnpm/pnpm/pull/6054). - Deduplicate direct dependencies. Let's say there are two projects in the workspace that dependend on `foo`. One project has `foo@1.0.0` in the dependencies while another one has `foo@^1.0.0` in the dependencies. In this case, `foo@1.0.0` should be installed to both projects as satisfies the version specs of both projects. - Use Map rather than Object in `createPackageExtender` to prevent read the prototype property to native function #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.26.3`](https://togithub.com/pnpm/pnpm/releases/tag/v7.26.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.26.2...v7.26.3) #### Patch Changes - Directories inside the virtual store should not contain the ( or ) chars. This is to fix issues with storybook and the new v6 `pnpm-lock.yaml` lockfile format [#​5976](https://togithub.com/pnpm/pnpm/issues/5976). - The update command should not replace dependency versions specified via dist-tags [#​5996](https://togithub.com/pnpm/pnpm/pull/5996). - Fixed an issue that was causing pnpm to stuck forever during installation [#​5909](https://togithub.com/pnpm/pnpm/issues/5909). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.26.2`](https://togithub.com/pnpm/pnpm/releases/tag/v7.26.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.26.1...v7.26.2) #### Patch Changes - Wrap text in `pnpm audit` output for better readability [#​5981](https://togithub.com/pnpm/pnpm/issues/5981) - Fix "cross-device link not permitted" error when `node-linker` is set to `hoisted` [#​5992](https://togithub.com/pnpm/pnpm/issues/5992). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.26.1`](https://togithub.com/pnpm/pnpm/releases/tag/v7.26.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.26.0...v7.26.1) #### Patch Changes - Fixed out of memory error that sometimes happens when `node-linker` is set to `hoisted` [#​5988](https://togithub.com/pnpm/pnpm/pull/5988). - Fixed `EMFILE: too many open files` by using graceful-fs for reading bin files of dependencies [#​5887](https://togithub.com/pnpm/pnpm/issues/5887). - Fix lockfile v6 on projects that use patched dependencies [#​5967](https://togithub.com/pnpm/pnpm/issues/5967). #### Our Gold Sponsors
#### Our Silver Sponsors
### [`v7.26.0`](https://togithub.com/pnpm/pnpm/releases/tag/v7.26.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.25.1...v7.26.0) ##### Minor Changes - Add a `pnpm dedupe` command that removes dependencies from the lockfile by re-resolving the dependency graph. This work similar to yarn's [`yarn dedupe --strategy highest`](https://yarnpkg.com/cli/dedupe) command [#​5958](https://togithub.com/pnpm/pnpm/pull/5958) ##### Patch Changes - Packages hoisted to the virtual store are not removed on repeat install, when the non-headless algorithm runs the installation [#​5971](https://togithub.com/pnpm/pnpm/pull/5971). - `prepublishOnly` and `prepublish` should not be executed on `pnpm pack` [#​2941](https://togithub.com/pnpm/pnpm/issues/2941). ##### Our Gold Sponsors
##### Our Silver Sponsors

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.