pnpm/pnpm (pnpm)
### [`v8.11.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.11.0)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.10.5...v8.11.0)
#### Minor Changes
- (IMPORTANT) When the package tarballs aren't hosted on the same domain on which the registry (the server with the package metadata) is, the dependency keys in the lockfile should only contain `/@/@`.
This change is a fix to avoid the same package from being added to `node_modules/.pnpm` multiple times. The change to the lockfile is backward compatible, so previous versions of pnpm will work with the fixed lockfile.
We recommend that all team members update pnpm in order to avoid repeated changes in the lockfile.
Related PR: [#7318](https://togithub.com/pnpm/pnpm/pull/7318).
#### Patch Changes
- `pnpm add a-module-already-in-dev-deps` will show a message to notice the user that the package was not moved to "dependencies" [#926](https://togithub.com/pnpm/pnpm/issues/926).
- The modules directory should not be removed if the registry configuration has changed.
- Fix missing auth tokens in registries with paths specified (e.g. //npm.pkg.github.com/pnpm). [#5970](https://togithub.com/pnpm/pnpm/issues/5970) [#2933](https://togithub.com/pnpm/pnpm/issues/2933)
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.10.5`](https://togithub.com/pnpm/pnpm/releases/tag/v8.10.5)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.10.4...v8.10.5)
#### Patch Changes
- Don't fail on an empty `pnpm-workspace.yaml` file [#7307](https://togithub.com/pnpm/pnpm/issues/7307).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.10.4`](https://togithub.com/pnpm/pnpm/releases/tag/v8.10.4)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.10.3...v8.10.4)
#### Patch Changes
- Fixed out-of-memory exception that was happening on dependencies with many peer dependencies, when `node-linker` was set to `hoisted` [#6227](https://togithub.com/pnpm/pnpm/issues/6227).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.10.3`](https://togithub.com/pnpm/pnpm/releases/tag/v8.10.3)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.10.2...v8.10.3)
#### Patch Changes
- (Important) Increased the default amount of allowed concurrent network request on systems that have more than 16 CPUs [#7285](https://togithub.com/pnpm/pnpm/pull/7285).
- `pnpm patch` should reuse existing patch when `shared-workspace-file=false` [#7252](https://togithub.com/pnpm/pnpm/pull/7252).
- Don't retry fetching missing packages, since the retries will never work [#7276](https://togithub.com/pnpm/pnpm/pull/7276).
- When using `pnpm store prune --force` alien directories are removed from the store [#7272](https://togithub.com/pnpm/pnpm/pull/7272).
- Downgraded `npm-packlist` because the newer version significantly slows down the installation of local directory dependencies, making it unbearably slow.
`npm-packlist` was upgraded in [this PR](https://togithub.com/pnpm/pnpm/pull/7250) to fix [#6997](https://togithub.com/pnpm/pnpm/issues/6997). We added our own file deduplication to fix the issue of duplicate file entries.
- Fixed a performance regression on running installation on a project with an up to date lockfile [#7297](https://togithub.com/pnpm/pnpm/issues/7297).
- Throw an error on invalid `pnpm-workspace.yaml` file [#7273](https://togithub.com/pnpm/pnpm/issues/7273).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.10.2`](https://togithub.com/pnpm/pnpm/releases/tag/v8.10.2)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.10.1...v8.10.2)
#### Patch Changes
- Fixed a regression that was shipped with pnpm v8.10.0. Dependencies that were already built should not be rebuilt on repeat install. This issue was introduced via the changes related to [supportedArchitectures](https://togithub.com/pnpm/pnpm/pull/7214). Related issue [#7268](https://togithub.com/pnpm/pnpm/issues/7268).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.10.1`](https://togithub.com/pnpm/pnpm/releases/tag/v8.10.1)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.10.0...v8.10.1)
#### Patch Changes
- (Important) Tarball resolutions in `pnpm-lock.yaml` will no longer contain a `registry` field. This field has been unused for a long time. This change should not cause any issues besides backward compatible modifications to the lockfile [#7262](https://togithub.com/pnpm/pnpm/pull/7262).
- Fix issue when trying to use `pnpm dlx` in the root of a Windows Drive [#7263](https://togithub.com/pnpm/pnpm/issues/7263).
- Optional dependencies that do not have to be built will be reflinked (or hardlinked) to the store instead of copied [#7046](https://togithub.com/pnpm/pnpm/issues/7046).
- If a package's tarball cannot be fetched, print the dependency chain that leads to the failed package [#7265](https://togithub.com/pnpm/pnpm/pull/7265).
- After upgrading one of our dependencies, we started to sometimes have an error on publish. We have forked `@npmcli/arborist` to patch it with a fix [#7269](https://togithub.com/pnpm/pnpm/pull/7269).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.10.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.10.0)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.9.2...v8.10.0)
##### Minor Changes
- Support for multiple architectures when installing dependencies [#5965](https://togithub.com/pnpm/pnpm/issues/5965).
You can now specify architectures for which you'd like to install optional dependencies, even if they don't match the architecture of the system running the install. Use the `supportedArchitectures` field in `package.json` to define your preferences.
For example, the following configuration tells pnpm to install optional dependencies for Windows x64:
```json
{
"pnpm": {
"supportedArchitectures": {
"os": ["win32"],
"cpu": ["x64"]
}
}
}
```
Whereas this configuration will have pnpm install optional dependencies for Windows, macOS, and the architecture of the system currently running the install. It includes artifacts for both x64 and arm64 CPUs:
```json
{
"pnpm": {
"supportedArchitectures": {
"os": ["win32", "darwin", "current"],
"cpu": ["x64", "arm64"]
}
}
}
```
Additionally, `supportedArchitectures` also supports specifying the `libc` of the system.
- The `pnpm licenses list` command now accepts the `--filter` option to check the licenses of the dependencies of a subset of workspace projects [#5806](https://togithub.com/pnpm/pnpm/issues/5806).
##### Patch Changes
- Allow scoped name as bin name [#7112](https://togithub.com/pnpm/pnpm/issues/7112).
- When running scripts recursively inside a workspace, the logs of the scripts are grouped together in some CI tools. (Only works with `--workspace-concurrency 1`)
- Print a warning when installing a dependency from a non-existent directory [#7159](https://togithub.com/pnpm/pnpm/issues/7159)
- Should fetch dependency from tarball url when patching dependency installed from git [#7196](https://togithub.com/pnpm/pnpm/issues/7196)
- `pnpm setup` should add a newline at the end of the updated shell config file [#7227](https://togithub.com/pnpm/pnpm/issues/7227).
- Improved the performance of linking bins of hoisted dependencies to `node_modules/.pnpm/node_modules/.bin` [#7212](https://togithub.com/pnpm/pnpm/pull/7212).
- Wrongful ELIFECYCLE error on program termination [#7164](https://togithub.com/pnpm/pnpm/issues/7164).
- `pnpm publish` should not pack the same file twice sometimes [#6997](https://togithub.com/pnpm/pnpm/issues/6997).
The fix was to update `npm-packlist` to the latest version.
##### Our Gold Sponsors
##### Our Silver Sponsors
### [`v8.9.2`](https://togithub.com/pnpm/pnpm/releases/tag/v8.9.2)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.9.1...v8.9.2)
##### Patch Changes
- Don't use reflink on Windows [#7186](https://togithub.com/pnpm/pnpm/issues/7186).
- Do not run node-gyp rebuild if `preinstall` lifecycle script is present [#7206](https://togithub.com/pnpm/pnpm/pull/7206).
##### Our Gold Sponsors
##### Our Silver Sponsors
### [`v8.9.1`](https://togithub.com/pnpm/pnpm/releases/tag/v8.9.1)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.9.0...v8.9.1)
##### Patch Changes
- Optimize selection result output of `pnpm update --interactive` [7109](https://togithub.com/pnpm/pnpm/issues/7109)
- When `shared-workspace-lockfile` is set to `false`, read the pnpm settings from `package.json` files that are nested. This was broken in pnpm v8.9.0 [#7184](https://togithub.com/pnpm/pnpm/issues/7184).
- Fix file cloning to `node_modules` on Windows Dev Drives [#7186](https://togithub.com/pnpm/pnpm/issues/7186). This is a fix to a regression that was shipped with v8.9.0.
- `pnpm dlx` should ignore any settings that are in a `package.json` file found in the current working directory [#7198](https://togithub.com/pnpm/pnpm/issues/7198).
##### Our Gold Sponsors
##### Our Silver Sponsors
### [`v8.9.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.9.0)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.8.0...v8.9.0)
#### Minor Changes
- **🚀Performance improvement:** Use reflinks instead of hard links by default on macOS and Windows Dev Drives [#5001](https://togithub.com/pnpm/pnpm/issues/5001).
- The list of packages that are allowed to run installation scripts now may be provided in a separate configuration file. The path to the file should be specified via the `pnpm.onlyBuiltDependenciesFile` field in `package.json`. For instance:
```json
{
"dependencies": {
"@my-org/policy": "1.0.0"
}
"pnpm": {
"onlyBuiltDependenciesFile": "node_modules/@my-org/policy/allow-build.json"
}
}
```
In the example above, the list is loaded from a dependency. The JSON file with the list should contain an array of package names. For instance:
```json
["esbuild", "@reflink/reflink"]
```
With the above list, only `esbuild` and `@reflink/reflink` will be allowed to run scripts during installation.
Related issue: [#7137](https://togithub.com/pnpm/pnpm/issues/7137).
- Add `disallow-workspace-cycles` option to error instead of warn about cyclic dependencies
- Allow `env rm` to remove multiple node versions at once, and introduce `env add` for installing node versions without setting as default [#7155](https://togithub.com/pnpm/pnpm/pull/7155).
#### Patch Changes
- Fix memory error in `pnpm why` when the dependencies tree is too big, the command will now prune the tree to just 10 end leafs and now supports `--depth` argument [#7122](https://togithub.com/pnpm/pnpm/pull/7122).
- Use `neverBuiltDependencies` and `onlyBuiltDependencies` from the root `package.json` of the workspace, when `shared-workspace-lockfile` is set to `false` [#7141](https://togithub.com/pnpm/pnpm/pull/7141).
- Optimize peers resolution to avoid out-of-memory exceptions in some rare cases, when there are too many circular dependencies and peer dependencies [#7149](https://togithub.com/pnpm/pnpm/pull/7149).
- Instead of `pnpm.overrides` replacing `resolutions`, the two are now merged. This is intended to make it easier to migrate from Yarn by allowing one to keep using `resolutions` for Yarn, but adding additional changes just for pnpm using `pnpm.overrides`.
#### Our Gold Sponsors
#### Our Silver Sponsors
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - "before 4am on Monday" (UTC).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
8.6.12->8.11.0Release Notes
pnpm/pnpm (pnpm)
### [`v8.11.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.11.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.10.5...v8.11.0) #### Minor Changes - (IMPORTANT) When the package tarballs aren't hosted on the same domain on which the registry (the server with the package metadata) is, the dependency keys in the lockfile should only contain `/Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - "before 4am on Monday" (UTC).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
✅ Deploy Preview for html-validator canceled.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Additional details and impacted files
```diff @@ Coverage Diff @@ ## main #446 +/- ## ======================================= Coverage 87.93% 87.93% ======================================= Files 3 3 Lines 199 199 Branches 42 42 ======================================= Hits 175 175 Misses 24 24 ```:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.