chore(deps): update pnpm to v8

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	7.30.5 -> 8.1.0

---

Release Notes

pnpm/pnpm

### [`v8.1.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.1.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.0.0...v8.1.0) ##### Minor Changes - A new setting has been added called `dedupe-direct-deps`, which is disabled by default. When set to `true`, dependencies that are already symlinked to the root `node_modules` directory of the workspace will not be symlinked to subproject `node_modules` directories. This feature was enabled by default in v8.0.0 but caused issues, so it's best to disable it by default [#​6299](https://togithub.com/pnpm/pnpm/issues/6299). - Add `ignore-workspace-cycles` to silence workspace cycle warning [#​6308](https://togithub.com/pnpm/pnpm/pull/6308). ##### Patch Changes - Print the right lowest supported Node.js version in the error message, when pnpm is executed with an old Node.js version [#​6297](https://togithub.com/pnpm/pnpm/issues/6297). - Improve the outdated lockfile error message [#​6304](https://togithub.com/pnpm/pnpm/pull/6304). ##### Our Gold Sponsors ##### Our Silver Sponsors ### [`v8.0.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.0.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.30.5...v8.0.0) We are excited to announce the latest release of pnpm! To install it, check the [installation page](https://pnpm.io/installation).  #### Major Changes ##### Node.js 14 Support Discontinued If you still require Node.js 14, don't worry. We ship pnpm bundled with Node.js. This means that regardless of which Node.js version you've installed, pnpm will operate using the necessary Node.js runtime. For this to work you need to install pnpm either using the [standalone script](https://pnpm.io/installation#using-a-standalone-script) or install the `@pnpm/exe` package. ##### Configuration Updates - [`auto-install-peers`](https://pnpm.io/npmrc#auto-install-peers): enabled by default. - [`dedupe-peer-dependents`](https://pnpm.io/npmrc#dedupe-peer-dependents): enabled by default. - [`resolve-peers-from-workspace-root`](https://pnpm.io/npmrc#resolve-peers-from-workspace-root): enabled by default. - [`save-workspace-protocol`](https://pnpm.io/npmrc#save-workspace-protocol): set to `rolling` by default. - [`resolution-mode`](https://pnpm.io/npmrc#resolution-mode): set to `lowest-direct` by default. - [`publishConfig.linkDirectory`](https://pnpm.io/package_json#publishconfiglinkdirectory): enabled by default. Most of the configuration changes are related to peer dependencies. Most of these settings were implemented long ago, and we recommended them to users encountering peer dependency issues. The recently added `dedupe-peer-dependents` resolved many such problems. With these new defaults, pnpm will face significantly fewer issues during migration from other package managers. ##### Lockfile Modifications - [Lockfile v6](https://togithub.com/pnpm/pnpm/pull/5810) is adopted. This new format improves the readability of the lockfile by removing hashes from package IDs. It also has some rearrangement of fields in the `importers` section. **The new `pnpm-lock.yaml` file is more resistant to git merge conflicts!** - The registry field is removed from the `resolution` object in `pnpm-lock.yaml`. - A lockfile is generated even for projects with no dependencies. ##### Other Changes - When there's a `files` field in the `package.json`, only the files that are listed in it will be [deployed](https://pnpm.io/cli/deploy). The same logic is applied when [injecting packages](https://pnpm.io/package_json#dependenciesmetainjected). This behaviour can be changed by setting the [`deploy-all-files`](https://pnpm.io/8.x/npmrc#deploy-all-files) setting to `true` (Related issue [#​5911](https://togithub.com/pnpm/pnpm/issues/5911)). - Direct dependencies are deduped. If a dependency is present in both a project and the workspace root, it will only be linked to the workspace root. #### Migration Instructions Before updating pnpm to v8 in your CI, regenerate your `pnpm-lock.yaml`. To upgrade your lockfile, run `pnpm install` and commit the changes. Existing dependencies will not be updated; however, due to configuration changes in pnpm v8, some missing peer dependencies may be added to the lockfile and some packages may get deduplicated. You can commit the new lockfile even before upgrading Node.js in the CI, as pnpm v7 already supports the new lockfile format. #### pnpm v7 Support pnpm v7 will likely not receive any new features, but it will continue to get bug fixes for a few months and vulnerability fixes for at least a year. #### Our Gold Sponsors #### Our Silver Sponsors

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
magic-regexp	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 13, 2023 7:18am

[socket-security[bot]]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore vue-demi@0.13.11

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
vue-demi@0.13.11 (added)	postinstall	pnpm-lock.yaml, docs/package.json via @nuxt-themes/docus@1.10.1

Pull request alert summary

Issue	Status
Install scripts	⚠️ 1 issue
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	+/- Transitive Count	Publisher
@nuxtjs/eslint-config-typescript@12.0.0	None	+147	antfu
@nuxt-themes/docus@1.10.1	None	+341	tahul
eslint-config-prettier@8.8.0	None	+1	lydell
eslint-plugin-prettier@4.2.1	None	+4	jounqin
@vitest/coverage-c8@0.30.1	None	+3	oreanno

[codecov-commenter]

Codecov Report

Patch and project coverage have no change.

Comparison is base (d080898) 100.00% compared to head (63e49c4) 100.00%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #276 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 7 7 Lines 468 468 Branches 82 82 ========================================= Hits 468 468 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Daniel+Roe). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Daniel+Roe)

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.