chore(deps): update pnpm to v8

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	`7.32.2` -> `8.7.0`

Release Notes

pnpm/pnpm (pnpm)

### [`v8.7.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.7.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.12...v8.7.0) #### Minor Changes - Improve performance of installation by using a worker pool for extracting packages and writing them to the content-addressable store [#6850](https://togithub.com/pnpm/pnpm/pull/6850) - The default value of the `resolution-mode` setting is changed to `highest`. This setting was changed to `lowest-direct` in v8.0.0 and some users were [not happy with the change](https://togithub.com/pnpm/pnpm/issues/6463). A [twitter poll](https://twitter.com/pnpmjs/status/1693707270897517022) concluded that most of the users want the old behaviour (`resolution-mode` set to `highest` by default). This is a semi-breaking change but should not affect users that commit their lockfile [#6463](https://togithub.com/pnpm/pnpm/issues/6463). #### Patch Changes - Warn when linking a package with peerDependencies [#615](https://togithub.com/pnpm/pnpm/issues/615). - Add support for npm lockfile v3 in `pnpm import` [#6233](https://togithub.com/pnpm/pnpm/issues/6233). - Override peerDependencies in `pnpm.overrides` [#6759](https://togithub.com/pnpm/pnpm/issues/6759). - Respect workspace alias syntax in pkg graph [#6922](https://togithub.com/pnpm/pnpm/issues/6922) - Emit a clear error message when users attempt to specify an undownloadable node version [#6916](https://togithub.com/pnpm/pnpm/pull/6916). - `pnpm patch` should write patch files with a trailing newline [#6905](https://togithub.com/pnpm/pnpm/pull/6905). - Dedupe deps with the same alias in direct dependencies [6966](https://togithub.com/pnpm/pnpm/issues/6966) - Don't prefix install output for the dlx command. - Performance optimizations. Package tarballs are now download directly to memory and built to an ArrayBuffer. Hashing and other operations are avoided until the stream has been fully received [#6819](https://togithub.com/pnpm/pnpm/pull/6819). #### Our Gold Sponsors

#### Our Silver Sponsors

### [`v8.6.12`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.12) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.11...v8.6.12) ##### Patch Changes - Make the error message friendlier when a user attempts to run a command that does not exist [#6887](https://togithub.com/pnpm/pnpm/pull/6887). - `pnpm patch` should work correctly when `shared-workspace-file` is set to `false` [#6885](https://togithub.com/pnpm/pnpm/issues/6885). - `pnpm env use` should retry deleting the previous Node.js executable [#6587](https://togithub.com/pnpm/pnpm/issues/6587). - `pnpm dlx` should not print an error stack when the underlying script execution fails [#6698](https://togithub.com/pnpm/pnpm/issues/6698). - When showing the download progress of large tarball files, always display the same number of digits after the decimal point [#6901](https://togithub.com/pnpm/pnpm/issues/6901). - Report download progress less frequently to improve performance [#6906](https://togithub.com/pnpm/pnpm/pull/6906). - `pnpm install --frozen-lockfile --lockfile-only` should fail if the lockfile is not up to date with the `package.json` files [#6913](https://togithub.com/pnpm/pnpm/issues/6913). ##### Our Gold Sponsors

##### Our Silver Sponsors

### [`v8.6.11`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.11) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.10...v8.6.11) #### Patch Changes - Change the install error message when a lockfile is wanted but absent to indicate the wanted lockfile is absent, not present. This now reflects the actual error [#6851](https://togithub.com/pnpm/pnpm/pull/6851). - When dealing with a local dependency that is a path to a symlink, a new symlink should be created to the original symlink, not to the actual directory location. - The length of the temporary file names in the content-addressable store reduced in order to prevent `ENAMETOOLONG` errors from happening [#6842](https://togithub.com/pnpm/pnpm/issues/6842). - Don't print "added" stats, when installing with `--lockfile-only`. - Installation of a git-hosted dependency should not fail if the `pnpm-lock.yaml` file of the installed dependency is not up-to-date [#6865](https://togithub.com/pnpm/pnpm/issues/6865). - Don't ignore empty strings in params [#6594](https://togithub.com/pnpm/pnpm/issues/6594). - Always set `dedupe-peer-dependents` to `false`, when running installation during deploy [#6858](https://togithub.com/pnpm/pnpm/issues/6858). - When several containers use the same store simultaneously, there's a chance that multiple containers may create a temporary file at the same time. In such scenarios, pnpm could fail to rename the temporary file in one of the containers. This issue has been addressed: pnpm will no longer fail if the temporary file is absent but the destination file exists. - Authorization token should be found in the configuration, when the requested URL is explicitly specified with a default port (443 on HTTPS or 80 on HTTP) [#6863](https://togithub.com/pnpm/pnpm/pull/6864). #### Our Gold Sponsors

#### Our Silver Sponsors

### [`v8.6.10`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.10) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.9...v8.6.10) #### Patch Changes - Installation succeeds if a non-optional dependency of an optional dependency has failing installation scripts [#6822](https://togithub.com/pnpm/pnpm/issues/6822). - The length of the temporary file names in the content-addressable store reduced in order to prevent `ENAMETOOLONG` errors from happening [#6842](https://togithub.com/pnpm/pnpm/issues/6842). - Ignore empty patch content when patch-commit. - Sort keys in `packageExtensions` before calculating `packageExtensionsChecksum` [#6824](https://togithub.com/pnpm/pnpm/issues/6824). - Pass the right scheme to `git ls-remote` in order to prevent a fallback to `git+ssh` that would result in a 'host key verification failed' issue [#6806](https://togithub.com/pnpm/pnpm/issues/6806) - The "postpublish" script of a git-hosted dependency is not executed, while building the dependency [#6822](https://togithub.com/pnpm/pnpm/issues/6846). #### Our Gold Sponsors

#### Our Silver Sponsors

### [`v8.6.9`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.9) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.8...v8.6.9) #### Patch Changes - Temporarily revert the fix to [#6805](https://togithub.com/pnpm/pnpm/issues/6805) to fix the regression it caused [#6827](https://togithub.com/pnpm/pnpm/issues/6827). #### Our Gold Sponsors

#### Our Silver Sponsors

### [`v8.6.8`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.8) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.7...v8.6.8) #### Patch Changes - When the same file is appended multiple times into a tarball, the last occurrence is selected when unpacking the tarball. - Fixed a bug in which pnpm passed the wrong scheme to `git ls-remote`, causing a fallback to `git+ssh` and resulting in a 'host key verification failed' issue [#6805](https://togithub.com/pnpm/pnpm/issues/6805). - Added support for `publishConfig.registry` in `package.json` for publishing [#6775](https://togithub.com/pnpm/pnpm/issues/6775). - `pnpm rebuild` now uploads the built artifacts to the content-addressable store. - If a command cannot be created in `.bin`, the exact error message is now displayed. - Treat linked dependencies with a tag version type as up-to-date [#6592](https://togithub.com/pnpm/pnpm/issues/6592). - `pnpm setup` now prints more details when it cannot detect the active shell. #### Our Gold Sponsors

#### Our Silver Sponsors

### [`v8.6.7`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.7) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.6...v8.6.7) #### Patch Changes - Ensure consistent output for scripts executed concurrently, both within a single project and across multiple projects. Each script's output will now be printed in a separate section of the terminal, when running multiple scripts in a single project [using regex](https://pnpm.io/cli/run#running-multiple-scripts) [#6692](https://togithub.com/pnpm/pnpm/issues/6692). - The `--parallel` CLI flag should work on single project [#6692](https://togithub.com/pnpm/pnpm/issues/6692). - Optimizing project manifest normalization, reducing amoung of data copying [#6763](https://togithub.com/pnpm/pnpm/pull/6763). - Move loading `wantedLockfile` outside `dependenciesHierarchyForPackage`, preventing OOM crash when loading the same lock file too many times [#6757](https://togithub.com/pnpm/pnpm/pull/6757). - Replace ineffective use of ramda `difference` with better alternative [#6760](https://togithub.com/pnpm/pnpm/pull/6760). #### Our Gold Sponsors

#### Our Silver Sponsors

### [`v8.6.6`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.6) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.5...v8.6.6) #### Patch Changes - Installation of a git-hosted dependency without `package.json` should not fail, when the dependency is read from cache [#6721](https://togithub.com/pnpm/pnpm/issues/6721). - Local workspace bin files that should be compiled first are linked to dependent projects after compilation [#1801](https://togithub.com/pnpm/pnpm/issues/1801). - Prefer versions found in parent package dependencies only [#6737](https://togithub.com/pnpm/pnpm/issues/6737). - Multiple performance optimizations implemented by [@zxbodya](https://togithub.com/zxbodya): - avoid copying `preferredVersions` object [#6735](https://togithub.com/pnpm/pnpm/issues/6735) - avoid object copy in `resolvePeersOfNode` [#6736](https://togithub.com/pnpm/pnpm/issues/6736) - `preferredVersions` in `resolveDependenciesOfImporters` [#6748](https://togithub.com/pnpm/pnpm/issues/6748) - remove ramda `isEmpty` usages [#6753](https://togithub.com/pnpm/pnpm/issues/6753) - use Maps and Sets instead of objects [#6749](https://togithub.com/pnpm/pnpm/issues/6749) - optimize `splitNodeId`, fix invalid `nodeId` [#6755](https://togithub.com/pnpm/pnpm/issues/6755) #### Our Gold Sponsors

#### Our Silver Sponsors

### [`v8.6.5`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.5) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.4...v8.6.5) #### Patch Changes - Improve the performance of searching for auth tokens [#6717](https://togithub.com/pnpm/pnpm/pull/6717). #### Our Gold Sponsors

#### Our Silver Sponsors

### [`v8.6.4`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.4) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.3...v8.6.4) #### Patch Changes - In cases where both aliased and non-aliased dependencies exist to the same package, non-aliased dependencies will be used for resolving peer dependencies, addressing issue [#6588](https://togithub.com/pnpm/pnpm/issues/6588). - Ignore the port in the URL, while searching for authentication token in the `.npmrc` file [#6354](https://togithub.com/pnpm/pnpm/issues/6354). - Don't add the version of a local directory dependency to the lockfile. This information is not used anywhere by pnpm and is only causing more Git conflicts [#6695](https://togithub.com/pnpm/pnpm/pull/6695). #### Our Gold Sponsors

#### Our Silver Sponsors

### [`v8.6.3`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.2...v8.6.3) #### Patch Changes - When running a script in multiple projects, the script outputs should preserve colours [#2148](https://togithub.com/pnpm/pnpm/issues/2148). - Don't crash when the `APPDATA` env variable is not set on Windows [#6659](https://togithub.com/pnpm/pnpm/issues/6659). - Don't fail when a package is archived in a tarball with malformed tar headers [#5362](https://togithub.com/pnpm/pnpm/issues/5362). - Peer dependencies of subdependencies should be installed, when `node-linker` is set to `hoisted` [#6680](https://togithub.com/pnpm/pnpm/pull/6680). - Throw a meaningful error when applying a patch to a dependency fails. - `pnpm update --global --latest` should work [#3779](https://togithub.com/pnpm/pnpm/issues/3779). - `pnpm license ls` should work even when there is a patched git protocol dependency [#6595](https://togithub.com/pnpm/pnpm/issues/6595) #### Our Gold Sponsors

#### Our Silver Sponsors

This PR has been generated by Mend Renovate. View repository job log here.

codecov[bot] commented 1 year ago

Codecov Report

Merging #46 (ed223db) into main (09ce6ec) will decrease coverage by 4.59%. Report is 2 commits behind head on main. The diff coverage is 67.79%.

@@             Coverage Diff             @@
##              main      #46      +/-   ##
===========================================
- Coverage   100.00%   95.41%   -4.59%     
===========================================
  Files            4        4              
  Lines          358      414      +56     
  Branches        72       79       +7     
===========================================
+ Hits           358      395      +37     
- Misses           0       19      +19

Files Changed	Coverage Δ
src/matcher.ts	`86.98% <64.15%> (-13.02%)`	:arrow_down:
src/types.ts	`100.00% <100.00%> (ø)`

unjs / rou3

chore(deps): update pnpm to v8 #46

Release Notes

Configuration

Codecov Report