zkochan / packages

Zoltan Kochan's npm packages
MIT License
99 stars 26 forks source link

chore(deps): update dependency pnpm to v6 - autoclosed #133

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 3 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pnpm (source) ^5.17.1 -> ^6.0.0 age adoption passing confidence

Release Notes

pnpm/pnpm ### [`v6.20.2`](https://togithub.com/pnpm/pnpm/releases/v6.20.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.20.1...v6.20.2) ##### Patch Changes - `pnpm import` should be able to import a workspace lockfile [#​3908](https://togithub.com/pnpm/pnpm/issues/3908). - Don't run pre/post scripts by default with recursive run commands [#​3903](https://togithub.com/pnpm/pnpm/issues/3903). - `pnpm env use` should use the network/proxy settings to make HTTP requests [#​3942](https://togithub.com/pnpm/pnpm/pull/3942). - It should be possible to install a git-hosted package that has a port in its URL [#​3944](https://togithub.com/pnpm/pnpm/issues/3944). - `pnpm create` and `pnpm dlx` should work with scoped packages [#​3916](https://togithub.com/pnpm/pnpm/issues/3916). ### [`v6.20.1`](https://togithub.com/pnpm/pnpm/releases/v6.20.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.20.0...v6.20.1) ##### Patch Changes - Fix broken artifacts of `@pnpm/exe`. This doesn't affect the `pnpm` package. Related issue: [#​3937](https://togithub.com/pnpm/pnpm/issues/3937). This was a bug introduced by [#​3896](https://togithub.com/pnpm/pnpm/pull/3896). ### [`v6.20.0`](https://togithub.com/pnpm/pnpm/releases/v6.20.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.19.1...v6.20.0) ##### Minor Changes - New property supported via the `dependenciesMeta` field of `package.json`: `injected`. When `injected` is set to `true`, the package will be hard linked to `node_modules`, not symlinked [#​3915](https://togithub.com/pnpm/pnpm/pull/3915). For instance, the following `package.json` in a workspace will create a symlink to `bar` in the `node_modules` directory of `foo`: ```json { "name": "foo", "dependencies": { "bar": "workspace:1.0.0" } } ``` But what if `bar` has `react` in its peer dependencies? If all projects in the monorepo use the same version of `react`, then no problem. But what if `bar` is required by `foo` that uses `react` 16 and `qar` with `react` 17? In the past, you'd have to choose a single version of react and install it as dev dependency of `bar`. But now with the `injected` field you can inject `bar` to a package, and `bar` will be installed with the `react` version of that package. So this will be the `package.json` of `foo`: ```json { "name": "foo", "dependencies": { "bar": "workspace:1.0.0", "react": "16" }, "dependenciesMeta": { "bar": { "injected": true } } } ``` `bar` will be hard linked into the dependencies of `foo`, and `react` 16 will be linked to the dependencies of `foo/node_modules/bar`. And this will be the `package.json` of `qar`: ```json { "name": "qar", "dependencies": { "bar": "workspace:1.0.0", "react": "17" }, "dependenciesMeta": { "bar": { "injected": true } } } ``` `bar` will be hard linked into the dependencies of `qar`, and `react` 17 will be linked to the dependencies of `qar/node_modules/bar`. ##### Patch Changes - Buffer warnings fixed [#​3932](https://togithub.com/pnpm/pnpm/issues/3932). ### [`v6.19.1`](https://togithub.com/pnpm/pnpm/releases/v6.19.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.19.0...v6.19.1) ##### Patch Changes - Proxy URLs with special characters in credentials should work [#​3925](https://togithub.com/pnpm/pnpm/pull/3925). - Don't print info message about conflicting command names [#​3912](https://togithub.com/pnpm/pnpm/pull/3912). ### [`v6.19.0`](https://togithub.com/pnpm/pnpm/releases/v6.19.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.18.0...v6.19.0) ##### Minor Changes - Package scope is optional when filtering by package name [#​3485](https://togithub.com/pnpm/pnpm/pull/3458). So the next two commands will both find `@pnpm/core`: pnpm test --filter core pnpm test --filter @​pnpm/core However, if the workspace contains `@types/core` and `@pnpm/core`, `--filter=core` will not work. - Allow a system's package manager to override pnpm's default settings ##### Patch Changes - `pnpm install --global` should link global packages to specific Node.js versions only if Node.js was installed by pnpm [#​3910](https://togithub.com/pnpm/pnpm/pull/3910). - It should be possible to alias a workspace package that has a name with a scope [#​3899](https://togithub.com/pnpm/pnpm/pull/3899). - `pnpm store path` added to the output of `pnpm store`. ### [`v6.18.0`](https://togithub.com/pnpm/pnpm/releases/v6.18.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.17.2...v6.18.0) ##### Minor Changes - `pnpm env use`: - allow to install the latest Node.js release [#​3879](https://togithub.com/pnpm/pnpm/pull/3879): pnpm env use -g latest - allow to install prerelease versions of Node.js [#​3892](https://togithub.com/pnpm/pnpm/pull/3892): pnpm env use -g 16.0.0-rc.0 pnpm env use -g nightly pnpm env use -g nightly/16 - `maxsockets`: a new setting to configure the maximum number of connections to use per origin (protocol/host/post combination) [#​3889](https://togithub.com/pnpm/pnpm/pull/3889). ##### Patch Changes - Installing Git-hosted dependencies should work using URLs with colon. For instance, `pnpm add ssh://git@example.com:foo/bar.git` [#​3882](https://togithub.com/pnpm/pnpm/pull/3882). - Autofix command files with Windows line endings on the shebang line [#​3887](https://togithub.com/pnpm/pnpm/pull/3887). ### [`v6.17.2`](https://togithub.com/pnpm/pnpm/releases/v6.17.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.17.1...v6.17.2) ##### Patch Changes - Dedupe dependencies when adding new ones or updating existing ones [#​2222](https://togithub.com/pnpm/pnpm/issues/2222). - Only check for CLI updates when `pnpm install` or `pnpm add` is executed [#​3874](https://togithub.com/pnpm/pnpm/pull/3874). - Use a single global config file (at `~/.config/pnpm/npmrc`) for all npm versions, when npm is installed via `pnpm env use` [#​3873](https://togithub.com/pnpm/pnpm/pull/3873). - Add information about the `--force` option into `pnpm install --help` [#​3878](https://togithub.com/pnpm/pnpm/pull/3878). - Allow to pass the `--cache-dir` and `--save-prefix` CLI options. ### [`v6.17.1`](https://togithub.com/pnpm/pnpm/releases/v6.17.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.17.0...v6.17.1) ##### Patch Changes - `pnpm env use` should create a symlink to the Node.js executable, not a command shim [#​3869](https://togithub.com/pnpm/pnpm/pull/3869). - Attach the globally installed packages to the system default Node.js executable [#​3870](https://togithub.com/pnpm/pnpm/pull/3870). - The `.pnpm-debug.log` file is not written when pnpm CLI exits with an expected non-zero exit code. For instance, when vulnerabilities are found by the `pnpm audit` command [#​3832](https://togithub.com/pnpm/pnpm/issues/3832). - Suggest `pnpm install --force` to refetch modified packages [#​3867](https://togithub.com/pnpm/pnpm/pull/3867). ### [`v6.17.0`](https://togithub.com/pnpm/pnpm/releases/v6.17.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.16.1...v6.17.0) ##### Minor Changes - New hook supported for filtering out info and warning logs: `filterLog(log) => boolean` [#​3802](https://togithub.com/pnpm/pnpm/pull/3802). - New command added: `pnpm create` is similar to `yarn create` [#​3829](https://togithub.com/pnpm/pnpm/pull/3829). - `pnpm dlx` supports the `--silent` option [#​3839](https://togithub.com/pnpm/pnpm/pull/3839). ##### Patch Changes - Add link to the docs to the help output of the dlx, exec, root, and bin commands [#​3838](https://togithub.com/pnpm/pnpm/pull/3838). - Don't print anything except the JSON output, when the `--json` option is used [#​3844](https://togithub.com/pnpm/pnpm/pull/3844). ### [`v6.16.1`](https://togithub.com/pnpm/pnpm/releases/v6.16.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.16.0...v6.16.1) ##### Patch Changes - Installation should not fail if the installed package has no `package.json` [#​3782](https://togithub.com/pnpm/pnpm/pull/3782). - Hoisting should work when the dependencies of only a subset of workspace projects are installed [#​3806](https://togithub.com/pnpm/pnpm/pull/3806). - Upgraded ansi-regex to v5.0.1 in order to fix a security vulnerability [CVE-2021-3807](https://togithub.com/advisories/GHSA-93q8-gq69-wqmw). ### [`v6.16.0`](https://togithub.com/pnpm/pnpm/releases/v6.16.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.15.2...v6.16.0) ##### Minor Changes - New setting added: `changed-files-ignore-pattern`. It allows to ignore changed files by glob patterns when filtering for changed projects since the specified commit/branch [#​3797](https://togithub.com/pnpm/pnpm/pull/3797). - New setting added: `extend-node-path`. When it is set to `false`, pnpm does not set the `NODE_PATH` environment variable in the command shims [#​3799](https://togithub.com/pnpm/pnpm/pull/3799). ##### Patch Changes - Pick the right extension for command files. It is important to write files with .CMD extension on case sensitive Windows drives [#​3804](https://togithub.com/pnpm/pnpm/pull/3804). ### [`v6.15.2`](https://togithub.com/pnpm/pnpm/releases/v6.15.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.15.1...v6.15.2) ##### Patch Changes - `pnpm add --global ` should use an exact path to the Node.js executable to create the command shim. This way, the globally install package will work even if the system-wide Node.js is switched to another version [#​3780](https://togithub.com/pnpm/pnpm/pull/3780). - `pnpm install --fix-lockfile` should not ignore the `dependencies` field in the existing lockfile [#​3774](https://togithub.com/pnpm/pnpm/pull/3774). - When `use-beta-cli` is `true`, the global packages directory is inside the pnpm home directory [#​3781](https://togithub.com/pnpm/pnpm/pull/3781). - `pnpm install --frozen-lockfile` should not fail if a project has a local directory dependency that has no manifest (`package.json` file) [#​3793](https://togithub.com/pnpm/pnpm/pull/3793). - Don't override the bin files of direct dependencies with the bin files of hoisted dependencies [#​3795](https://togithub.com/pnpm/pnpm/pull/3795). ### [`v6.15.1`](https://togithub.com/pnpm/pnpm/releases/v6.15.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.15.0...v6.15.1) ##### Patch Changes - A security vulnerabity fixed. When commands are executed on Windows, they should not be searched for in the current working directory. - `pnpm import` should never run scripts [#​3750](https://togithub.com/pnpm/pnpm/issues/3750). ### [`v6.15.0`](https://togithub.com/pnpm/pnpm/releases/v6.15.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.14.7...v6.15.0) ##### Minor Changes - `pnpm install --fix-lockfile` allows to fix a broken lockfile [#​3729](https://togithub.com/pnpm/pnpm/pull/3729). - New setting supported: `global-bin-dir`. `global-bin-dir` allows to set the target directory for the bin files of globally installed packages [#​3762](https://togithub.com/pnpm/pnpm/pull/3762). ##### Patch Changes - The pnpm CLI should not silently exit on bad HTTPS requests [#​3768](https://togithub.com/pnpm/pnpm/pull/3768). ### [`v6.14.7`](https://togithub.com/pnpm/pnpm/releases/v6.14.7) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.14.6...v6.14.7) ##### Patch Changes - Use correct GitLab tarball URL [#​3643](https://togithub.com/pnpm/pnpm/issues/3643). - Accept gzip and deflate encoding from the registry [#​3745](https://togithub.com/pnpm/pnpm/pull/3745). - Print error codes in error messages [#​3748](https://togithub.com/pnpm/pnpm/pull/3748). - Allow the $ sign to be a command name [#​3679](https://togithub.com/pnpm/pnpm/issues/3679). ### [`v6.14.6`](https://togithub.com/pnpm/pnpm/releases/v6.14.6) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.14.5...v6.14.6) ##### Patch Changes - `pnpm setup` should add pnpm to the PATH on Windows [#​3734](https://togithub.com/pnpm/pnpm/pull/3734). - `pnpm env` should not create PowerShell command shims to fix issues on Windows [#​3711](https://togithub.com/pnpm/pnpm/issues/3711). - `overrides` should work with selectors that specify the parent package with a version range [#​3732](https://togithub.com/pnpm/pnpm/issues/3732). ### [`v6.14.5`](https://togithub.com/pnpm/pnpm/releases/v6.14.5) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.14.4...v6.14.5) ##### Patch Changes - A broken `package.json` should not make pnpm exit without any message [#​3705](https://togithub.com/pnpm/pnpm/issues/3705). - `pnpm dlx` should allow to pass multiple packages for installation [#​3710](https://togithub.com/pnpm/pnpm/pull/3710). - The pnpm home directory should be always prefered when searching for a global bin directory [#​3723](https://togithub.com/pnpm/pnpm/pull/3723). - `pnpm setup` should not remove the pnpm CLI executable, just copy it to the pnpm home directory [#​3724](https://togithub.com/pnpm/pnpm/pull/3724). - It should be possible to set `cache-dir` and `state-dir` through config files [#​3727](https://togithub.com/pnpm/pnpm/pull/3727). ### [`v6.14.4`](https://togithub.com/pnpm/pnpm/compare/v6.14.3...v6.14.4) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.14.3...v6.14.4) ### [`v6.14.3`](https://togithub.com/pnpm/pnpm/releases/v6.14.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.14.2...v6.14.3) ##### Patch Changes - Downgrade `@yarnpkg/parsers` to v2.3.0 from v2.4.0 to fix a regression in script running, when `shell-emulator` is `true` [#​3700](https://togithub.com/pnpm/pnpm/issues/3700). ### [`v6.14.2`](https://togithub.com/pnpm/pnpm/releases/v6.14.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.14.1...v6.14.2) ##### Patch Changes - `pnpm setup` prints an info message that suggests to open a new terminal [#​3698](https://togithub.com/pnpm/pnpm/pull/3698). - `pnpm env use -g ` links `npm` as well, when installing Node.js [#​3696](https://togithub.com/pnpm/pnpm/pull/3696). ### [`v6.14.1`](https://togithub.com/pnpm/pnpm/releases/v6.14.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.14.0...v6.14.1) ##### Minor Changes - `pnpm import` can convert a `yarn.lock` to a `pnpm-lock.yaml` [#​3655](https://togithub.com/pnpm/pnpm/pull/3655). - Backward-compatible change to the lockfile format. Optional dependencies will always have the `requiresBuild` field set to `true`. This change is needed to allow skipping optional dependency downloads, when the optional dependency is not compatible with the target system [#​2038](https://togithub.com/pnpm/pnpm/issues/2038) ##### Patch Changes - Those optional dependencies that don't support the target system should not be downloaded from the registry [#​2038](https://togithub.com/pnpm/pnpm/issues/2038). - Don't crash on unsupported packages that are only dependencies of skipped optional dependencies [#​3640](https://togithub.com/pnpm/pnpm/issues/3640). - Allow to symlink a directory that has no `package.json` [#​3691](https://togithub.com/pnpm/pnpm/issues/3691). ### [`v6.14.0`](https://togithub.com/pnpm/pnpm/releases/v6.14.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.13.0...v6.14.0) ##### Minor Changes - `pnpm import` can convert a `yarn.lock` to a `pnpm-lock.yaml` [#​3655](https://togithub.com/pnpm/pnpm/pull/3655). - Backward-compatible change to the lockfile format. Optional dependencies will always have the `requiresBuild` field set to `true`. This change is needed to allow skipping optional dependency downloads, when the optional dependency is not compatible with the target system [#​2038](https://togithub.com/pnpm/pnpm/issues/2038) ##### Patch Changes - Those optional dependencies that don't support the target system should not be downloaded from the registry [#​2038](https://togithub.com/pnpm/pnpm/issues/2038). ### [`v6.13.0`](https://togithub.com/pnpm/pnpm/releases/v6.13.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.12.1...v6.13.0) ##### Minor Changes - New command added for running packages in a tempory environment: `pnpm dlx ...` [#​3652](https://togithub.com/pnpm/pnpm/pull/3652). This command is replacing `pnpx`. In pnpm v7 pnpx will be removed, so please use [`pnpm exec`](https://pnpm.io/6.x/cli/exec) and [`pnpm dlx`](https://pnpm.io/6.x/cli/dlx) instead of `pnpx`. ##### Patch Changes - Link the package's own binaries before running its lifecycle scripts [#​3662](https://togithub.com/pnpm/pnpm/pull/3662). - Resolve peer dependencies from the root of the workspace when adding a new dependency or updating [#​3667](https://togithub.com/pnpm/pnpm/pull/3667). - Ignore empty shasum in entries in package metadata [#​3666](https://togithub.com/pnpm/pnpm/pull/3666). - Throw a meaningful error if a package has invalid shasum in its metadata [#​3666](https://togithub.com/pnpm/pnpm/pull/3666). - Add `run` to NO_SCRIPT error example [#​3660](https://togithub.com/pnpm/pnpm/pull/3660). ### [`v6.12.1`](https://togithub.com/pnpm/pnpm/releases/v6.12.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.12.0...v6.12.1) ##### Patch Changes - Fix a regression introduced in v6.12.0: `--workspace-root` optional should not be ignored. ### [`v6.12.0`](https://togithub.com/pnpm/pnpm/releases/v6.12.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.11.5...v6.12.0) ##### Minor Changes - A new command added for installing Node.js: `pnpm env use --global `. You may install Node.js using an exact version, version range, LTS, or LTS name (e.g. `argon`). Examples: pnpm env use --global 16.5.0 pnpm env use --global 16 pnpm env use --global lts pnpm env use --global argon Related PR: [#​3620](https://togithub.com/pnpm/pnpm/pull/3620). - Exclude the root package, when running `pnpm exec|run|add`. This change is only active when `use-beta-cli` is set to `true` [#​3647](https://togithub.com/pnpm/pnpm/pull/3647). - When `--workspace-root` is used, the workspace root package is selected even if the command is executed with filters [#​3647](https://togithub.com/pnpm/pnpm/pull/3647). For example: `pnpm --workspace-root --filter=foo run lint` ##### Patch Changes - Avoid too many open files error [#​3637](https://togithub.com/pnpm/pnpm/pull/3637). - `pnpm audit --fix` should not add overrides for packages with vulnerabilities that do not have fixes [#​3649](https://togithub.com/pnpm/pnpm/pull/3649). - When a peer dependency issue happens, the warning should contain the path to the project with the issue [#​3650](https://togithub.com/pnpm/pnpm/pull/3650). ### [`v6.11.5`](https://togithub.com/pnpm/pnpm/releases/v6.11.5) ##### Minor Changes - New command added: `pnpm audit --fix`. This command adds overrides to `package.json` that force versions of packages that do not have the vulnerabilities [#​3598](https://togithub.com/pnpm/pnpm/pull/3598). - Own implementation of `pnpm pack` is added. It is not passed through to `npm pack` anymore [#​3608](https://togithub.com/pnpm/pnpm/pull/3608). - When `pnpm add pkg` is executed in a workspace and `pkg` is already in the dependencies of one of the workspace projects, pnpm uses that already present version range to add the new dependency [#​3614](https://togithub.com/pnpm/pnpm/pull/3614). - New `package.json` setting added: `publishConfig.executableFiles`. By default, for portability reasons, no files except those listed in the bin field will be marked as executable in the resulting package archive. The `executableFiles` field lets you declare additional fields that must have the executable flag (+x) set even if they aren't directly accessible through the bin field. ```json { "publishConfig": { "executableFiles": [ "./dist/shim.js", ] } } ``` ##### Patch Changes - Don't collapse warnings when `--reporter append-only` is used. - Print a warning when a lifecycle script is skipped [#​3619](https://togithub.com/pnpm/pnpm/pull/3619). ### [`v6.11.2`](https://togithub.com/pnpm/pnpm/releases/v6.11.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.11.1...v6.11.2) ##### Minor Changes - New command added: `pnpm audit --fix`. This command adds overrides to `package.json` that force versions of packages that do not have the vulnerabilities [#​3598](https://togithub.com/pnpm/pnpm/pull/3598). - Own implementation of `pnpm pack` is added. It is not passed through to `npm pack` anymore [#​3608](https://togithub.com/pnpm/pnpm/pull/3608). - When `pnpm add pkg` is executed in a workspace and `pkg` is already in the dependencies of one of the workspace projects, pnpm uses that already present version range to add the new dependency [#​3614](https://togithub.com/pnpm/pnpm/pull/3614). ##### Patch Changes - Don't collapse warnings when `--reporter append-only` is used. - Print a warning when a lifecycle script is skipped [#​3619](https://togithub.com/pnpm/pnpm/pull/3619). ### [`v6.11.1`](https://togithub.com/pnpm/pnpm/releases/v6.11.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.11.0...v6.11.1) ##### Minor Changes - New command added: `pnpm audit --fix`. This command adds overrides to `package.json` that force versions of packages that do not have the vulnerabilities [#​3598](https://togithub.com/pnpm/pnpm/pull/3598). - Own implementation of `pnpm pack` is added. It is not passed through to `npm pack` anymore [#​3608](https://togithub.com/pnpm/pnpm/pull/3608). - When `pnpm add pkg` is executed in a workspace and `pkg` is already in the dependencies of one of the workspace projects, pnpm uses that already present version range to add the new dependency [#​3614](https://togithub.com/pnpm/pnpm/pull/3614). ##### Patch Changes - Don't collapse warnings when `--reporter append-only` is used. - Print a warning when a lifecycle script is skipped [#​3619](https://togithub.com/pnpm/pnpm/pull/3619). ### [`v6.11.0`](https://togithub.com/pnpm/pnpm/releases/v6.11.0) ##### Minor Changes - New command added: `pnpm audit --fix`. This command adds overrides to `package.json` that force versions of packages that do not have the vulnerabilities [#​3598](https://togithub.com/pnpm/pnpm/pull/3598). - Own implementation of `pnpm pack` is added. It is not passed through to `npm pack` anymore [#​3608](https://togithub.com/pnpm/pnpm/pull/3608). - When `pnpm add pkg` is executed in a workspace and `pkg` is already in the dependencies of one of the workspace projects, pnpm uses that already present version range to add the new dependency [#​3614](https://togithub.com/pnpm/pnpm/pull/3614). ##### Patch Changes - Don't collapse warnings when `--reporter append-only` is used. ### [`v6.10.2`](https://togithub.com/pnpm/pnpm/releases/v6.10.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.10.1...v6.10.2) ##### Patch Changes - `pnpm exec` should work outside of Node.js projects [#​3597](https://togithub.com/pnpm/pnpm/pull/3597). - Overriding should work when the range selector contains `>`. ### [`v6.10.1`](https://togithub.com/pnpm/pnpm/compare/v6.10.0...v6.10.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.10.0...v6.10.1) ### [`v6.10.0`](https://togithub.com/pnpm/pnpm/releases/v6.10.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.9.1...v6.10.0) ##### Minor Changes - New command added: `pnpm store path` [#​3571](https://togithub.com/pnpm/pnpm/pull/3571). - New setting added: `cache-dir`. `cache-dir` is the location of the package metadata cache. Previously this cache was stored in the store directory. By default, the cache directory is created in the `XDG_CACHE_HOME` directory [#​3578](https://togithub.com/pnpm/pnpm/pull/3578). - New setting added: `state-dir`. `state-dir` is the directory where pnpm creates the `pnpm-state.json` file that is currently used only by the update checker. By default, the state directory is created in the `XDG_STATE_HOME` directory [#​3580](https://togithub.com/pnpm/pnpm/pull/3580). - `workspace-concurrency` is based on CPU cores amount, when set to 0 or a negative number. The concurrency limit is set as `max((amount of cores) - abs(workspace-concurrency), 1)` [#​3574](https://togithub.com/pnpm/pnpm/pull/3574). ##### Patch Changes - Never do full resolution when package manifest is ignored [#​3576](https://togithub.com/pnpm/pnpm/issues/3576). - An error is thrown if `pnpm link` is executed. `pnpm link` needs at least one argument or option [#​3590](https://togithub.com/pnpm/pnpm/pull/3590). ### [`v6.9.1`](https://togithub.com/pnpm/pnpm/compare/v6.9.0...v6.9.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.9.0...v6.9.1) ### [`v6.9.0`](https://togithub.com/pnpm/pnpm/releases/v6.9.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.8.0...v6.9.0) ##### Minor Changes - A new optional field added to the `pnpm` section of `package.json`: `packageExtensions`. The `packageExtensions` fields offer a way to extend the existing package definitions with additional information. For example, if `react-redux` should have `react-dom` in its `peerDependencies` but it has not, it is possible to patch `react-redux` using `packageExtensions`: ```json { "pnpm": { "packageExtensions": { "react-redux": { "peerDependencies": { "react-dom": "*" } } } } } ``` The keys in `packageExtensions` are package names or package names and semver ranges, to it is possible to patch only some versions of a package: ```json { "pnpm": { "packageExtensions": { "react-redux@1": { "peerDependencies": { "react-dom": "*" } } } } } ``` The following fields may be extended using `packageExtensions`: `dependencies`, `optionalDependencies`, `peerDependencies`, and `peerDependenciesMeta`. A bigger example: ```json { "pnpm": { "packageExtensions": { "express@1": { "optionalDependencies": { "typescript": "2" } }, "fork-ts-checker-webpack-plugin": { "dependencies": { "@​babel/core": "1" }, "peerDependencies": { "eslint": ">= 6" }, "peerDependenciesMeta": { "eslint": { "optional": true } } } } } } ``` ### [`v6.8.0`](https://togithub.com/pnpm/pnpm/releases/v6.8.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.7.6...v6.8.0) ##### Minor Changes - When `use-beta-cli` is `true`, filtering by directories supports globs [#​3521](https://togithub.com/pnpm/pnpm/pull/3521). ##### Patch Changes - The `pnpm remove` and `pnpm update` commands do not fail when the `dev`, `production`, or `optional` settings are set. - Use the real package names of the peer dependencies when creating the paths in the virtual store [#​3545](https://togithub.com/pnpm/pnpm/pull/3545). - The lockfile should not break on peer dependencies that have underscores in their name [#​3546](https://togithub.com/pnpm/pnpm/pull/3546). - Resolve peer dependencies from the dependencies of the root project of the workspace [#​3549](https://togithub.com/pnpm/pnpm/pull/3549). ### [`v6.7.6`](https://togithub.com/pnpm/pnpm/releases/v6.7.6) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.7.5...v6.7.6) ##### Bug Fixes - Generate a correct command shim on Windows if pnpm is installed to a directory with spaces in its name [#​3519](https://togithub.com/pnpm/pnpm/issues/3519). ### [`v6.7.5`](https://togithub.com/pnpm/pnpm/releases/v6.7.5) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.7.4...v6.7.5) ##### Bug Fixes - Generate a correct command shim on Windows if pnpm is installed to a directory with spaces in its name [#​3519](https://togithub.com/pnpm/pnpm/issues/3519). ### [`v6.7.4`](https://togithub.com/pnpm/pnpm/releases/v6.7.4) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.7.3...v6.7.4) ##### Patch Changes - `pnpm exec` should run the command in the right directory, when executed inside a workspace [#​3514](https://togithub.com/pnpm/pnpm/pull/3514). ### [`v6.7.3`](https://togithub.com/pnpm/pnpm/releases/v6.7.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.7.2...v6.7.3) ##### Patch Changes - When publishing in a workspace, pass the `.npmrc` file from the root of the workspace to npm [#​3511](https://togithub.com/pnpm/pnpm/pull/3511). ### [`v6.7.2`](https://togithub.com/pnpm/pnpm/releases/v6.7.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.7.1...v6.7.2) ##### Bug Fixes - It should be possible to install a Git-hosted package that uses a default branch other than "master" [#​3506](https://togithub.com/pnpm/pnpm/pull/3506). - It should be possible to install a Git-hosted package by using only part of the Git commit hash [#​3507](https://togithub.com/pnpm/pnpm/pull/3507). ### [`v6.7.1`](https://togithub.com/pnpm/pnpm/releases/v6.7.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.7.0...v6.7.1) ##### Features - Support the `publishConfig.directory` field in `package.json` [#​3490](https://togithub.com/pnpm/pnpm/pull/3490). - There is no need to escape the command shell with `--`, when using the exec command. So just `pnpm exec rm -rf dir` instead of `pnpm exec -- rm -rf dir` [#​3492](https://togithub.com/pnpm/pnpm/pull/3492). - `pnpm audit` supports a new option: `--ignore-registry-errors`. `pnpm audit --ignore-registry-errors` exits with exit code 0, when the registry responds with a non-200 status code [#​3472](https://togithub.com/pnpm/pnpm/pull/3472). ##### Bug Fixes - Mention `pnpm exec` in the generic help. - `pnpm outdated` should read the value of the `strict-ssl` setting [#​3493](https://togithub.com/pnpm/pnpm/issues/3493). - New lines in engine field should not break the lockfile [#​3491](https://togithub.com/pnpm/pnpm/issues/3491). ### [`v6.7.0`](https://togithub.com/pnpm/pnpm/compare/v6.6.2...v6.7.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.6.2...v6.7.0) ### [`v6.6.2`](https://togithub.com/pnpm/pnpm/releases/v6.6.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.6.1...v6.6.2) ##### Features - When pnpm is executed with an unknown command, it is considered a shell command that needs to be executed in the context of the project. So you can do things like `pnpm eslint`, when eslint is in the dependencies. It is kind of similar to `pnpx eslint` but unlike `pnpx`, `pnpm eslint` will not install eslint, when not present [#​3478](https://togithub.com/pnpm/pnpm/pull/3478). ### [`v6.6.1`](https://togithub.com/pnpm/pnpm/releases/v6.6.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.6.0...v6.6.1) ##### Features - When pnpm is executed with an unknown command, it is considered a shell command that needs to be executed in the context of the project. So you can do things like `pnpm eslint`, when eslint is in the dependencies. It is kind of similar to `pnpx eslint` but unlike `pnpx`, `pnpm eslint` will not install eslint, when not present [#​3478](https://togithub.com/pnpm/pnpm/pull/3478). ### [`v6.6.0`](https://togithub.com/pnpm/pnpm/compare/v6.5.0...v6.6.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.5.0...v6.6.0) ### [`v6.5.0`](https://togithub.com/pnpm/pnpm/releases/v6.5.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.4.0...v6.5.0) ##### Features - New setting added: `use-node-version`. When set, pnpm will install the specified version of Node.js and use it for running any lifecycle scripts [#​3459](https://togithub.com/pnpm/pnpm/pull/3459). - `pnpm publish -r` supports a new option: `--report-summary`. When it is used, `pnpm publish -r --report-summary` will save the summary of published packages to `pnpm-publish-summary.json` [#​3461](https://togithub.com/pnpm/pnpm/pull/3461). - New CLI option added: `--use-stderr`. When set, all the output is written to stderr [#​3463](https://togithub.com/pnpm/pnpm/pull/3463). - pnpm now reads the value of the `NPM_CONFIG_WORKSPACE_DIR` env variable to find the directory that contains the workspace manifest file. By default pnpm will look in all parent directories for this file [#​3464](https://togithub.com/pnpm/pnpm/pull/3464). ##### Bug Fixes - Do not retry requests, when checking for new versions of pnpm [#​3465](https://togithub.com/pnpm/pnpm/pull/3465). ### [`v6.4.0`](https://togithub.com/pnpm/pnpm/releases/v6.4.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.3.0...v6.4.0) ##### Features - Added support for `type` and `imports` in `publishConfig` field of the `package.json` manifest [#​3315](https://togithub.com/pnpm/pnpm/pull/3315). ##### Bug Fixes - Do not print a warning if a skipped optional dependency cannot be hoisted [#​3454](https://togithub.com/pnpm/pnpm/pull/3454). - The second argument to readPackage hook should always be the context object [#​3455](https://togithub.com/pnpm/pnpm/pull/3455). ### [`v6.3.0`](https://togithub.com/pnpm/pnpm/releases/v6.3.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.2.5...v6.3.0) ##### Features - `pnpm list -r --json` returns the locations of workspace projects via the `path` field [#​3432](https://togithub.com/pnpm/pnpm/pull/3432/files). ##### Bug Fixes - `save-prefix` should be respected, when it is set to empty [#​3414](https://togithub.com/pnpm/pnpm/issues/3414). - skip resolution, when lockfile is up-to-date, even if some packages in the workspace are referenced through relative path [#​3422](https://togithub.com/pnpm/pnpm/pull/3422). - `pnpm why`: do not incorrectly include linked deps in search results [#​3428](https://togithub.com/pnpm/pnpm/pull/3428). ### [`v6.2.5`](https://togithub.com/pnpm/pnpm/releases/v6.2.5) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.2.4...v6.2.5) ##### Bug Fixes - Do not crash when linking two dependencies with the same name [#​3308](https://togithub.com/pnpm/pnpm/issues/3308). - The temp pnpx directory should be created inside the pnpm store. ### [`v6.2.4`](https://togithub.com/pnpm/pnpm/releases/v6.2.4) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.2.3...v6.2.4) ##### Bug Fixes - pnpm should not fail with an `EMFILE` error on a big workspace with many projects [#​3381](https://togithub.com/pnpm/pnpm/pull/3381). ### [`v6.2.3`](https://togithub.com/pnpm/pnpm/releases/v6.2.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.2.2...v6.2.3) ##### Bug Fixes - Fixing a regression introduced in v6.2.2 [#​3407](https://togithub.com/pnpm/pnpm/issues/3407). - The `child-concurrency` setting should not be ignored when installing in a project with up-to-date lockfile [#​3399](https://togithub.com/pnpm/pnpm/issues/3399). ### [`v6.2.2`](https://togithub.com/pnpm/pnpm/releases/v6.2.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.2.1...v6.2.2) ##### Bug Fixes - `pnpm audit` should not receive a 502 error from the registry [#​2848](https://togithub.com/pnpm/pnpm/issues/2848). - When installing Git-hosted dependencies that have a `prepare` script, pnpm should install their `devDependencies` for a successfull build [#​855](https://togithub.com/pnpm/pnpm/issues/855). - `preinstall` scripts should run after installing the dependencies [#​3395](https://togithub.com/pnpm/pnpm/pull/3395). - Sorting workspace projects should work correctly when the workspace dependencies use `workspace:~` or `workspace:^` [#​3400](https://togithub.com/pnpm/pnpm/issues/3400) ### [`v6.2.1`](https://togithub.com/pnpm/pnpm/releases/v6.2.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.2.0...v6.2.1) ##### Features - New CLI option: `--filter-prod`. `--filter-prod` acts the same as `--filter`, but it omits `devDependencies` when selecting dependency projects from the workspace [#​3372](https://togithub.com/pnpm/pnpm/pull/3372). - New types of workspace ranges added [#​3116](https://togithub.com/pnpm/pnpm/issues/3116): - `workspace:~` means that the version of the workspace project should be added using the `~` prefix. For instance: `~1.0.0` (if the version of the referenced project is `1.0.0` in the workspace). - `workspace:^` means that the version of the workspace project should be added using the `^` prefix. For instance: `^1.0.0`. - New setting: `fetch-timeout`. Sets the maximum amount of time to wait for HTTP requests to complete. By default, the value is 60000 (1 minute) [#​3390](https://togithub.com/pnpm/pnpm/pull/3390). ##### Bug Fixes - Don't skip lifecycle scripts of projects when doing a filtered installation [#​3251](https://togithub.com/pnpm/pnpm/issues/3251). - No deprecation warning about `rmdir()` usage should appear when running pnpm on Node.js 16. - Link overrides should work on non-root workspace projects [#​3388](https://togithub.com/pnpm/pnpm/pull/3388). - pnpm should not fail with an `EMFILE` error on a big workspace with many projects [#​3381](https://togithub.com/pnpm/pnpm/pull/3381). ### [`v6.2.0`](https://togithub.com/pnpm/pnpm/compare/v6.1.0...v6.2.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.1.0...v6.2.0) ### [`v6.1.0`](https://togithub.com/pnpm/pnpm/releases/v6.1.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.0.2...v6.1.0) ##### Features - New option added: `enable-pre-post-scripts`. When it is set to `true`, lifecycle scripts with pre/post prefixes are automatically executed by pnpm [#​3348](https://togithub.com/pnpm/pnpm/pull/3348). ### [`v6.0.2`](https://togithub.com/pnpm/pnpm/releases/v6.0.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.0.1...v6.0.2) ##### Bug Fixes - `pnpm publish`: lifecycle scripts should not be executed twice when the globally installed npm version is 7 [#​3340](https://togithub.com/pnpm/pnpm/pull/3340). - `pnpm list`: hoisted dependencies are not listed as unsaved dependencies [#​3339](https://togithub.com/pnpm/pnpm/pull/3339). - `pnpm.overrides` should override direct dev dependencies [#​3327](https://togithub.com/pnpm/pnpm/pull/3327). - Commands from the root of the workspace should be in the PATH even when there is no lockfile in the workspace root [#​2086](https://togithub.com/pnpm/pnpm/issues/2086). ### [`v6.0.1`](https://togithub.com/pnpm/pnpm/releases/v6.0.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v6.0.0...v6.0.1) ##### Bug Fixes - Use `+` instead of `#` in directory names inside the virtual store directory (`node_modules/.pnpm`). `#` causes issues with Webpack and Vite [#​3314](https://togithub.com/pnpm/pnpm/pull/3314). ### [`v6.0.0`](https://togithub.com/pnpm/pnpm/releases/v6.0.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v5.18.11...v6.0.0) ##### Breaking Changes - Node.js v10 support is dropped. At least Node.js v12.17 is required for the package to work. - Arbitrary pre/post hooks for user-defined scripts (such as `prestart`) are not executed automatically [#​2891](https://togithub.com/pnpm/pnpm/issues/2891). - The lockfile version is bumped to v5.3. Changes in the new format: - Blank lines added between package/project entries to improve readability and decrease merge issues. - The `resolution`, `engines`, `os`, and `cpu` fields are now always written in a single lines, as the first keys of the package objects. - A new field is added to the package objects: `transitivePeerDependencies`. - The layout of the virtual store directory has changed (`node_modules/.pnpm`) to allow keeping cache in it: - All packages inside the virtual store directory are on the same depth. Instead of subdirectories, one directory is used with `#` instead of slashes. - New setting added: `modules-cache-max-age`. The default value of the setting is 10080 (7 days in seconds). `modules-cache-max-age` is the time in minutes after which pnpm should remove the orphan packages from `node_modules`. - pnpx does not automatically install packages. A prompt asks the user if a package should be installed, if it is not present. `pnpx --yes` tells pnpx to install any missing package. `pnpx --no` makes pnpx fail if the called packages is not installed. - `pnpmfile.js` renamed to `.pnpmfile.cjs` in order to force CommonJS. - `.pnp.js` renamed to `.pnp.cjs` in order to force CommonJS. - The `pnpm-prefix` setting is removed. Use `global-dir` to specify a custom location for the globally installed packages. - The default depth of an update is `Infinity`, not `0`. - The `--global` option should be used when linking from/to the global modules directory. Linking a package to the global directory: - pnpm v5: `pnpm link` - pnpm v6: `pnpm link --global` Linking a package from the global directory: - pnpm v5: `pnpm link foo` - pnpm v6: `pnpm link --global foo` - pnpm's command file's extension changed to `.cjs` (`bin/pnpm.js`=>`bin/pnpm.cjs`). - [node-gyp](https://togithub.com/nodejs/node-gyp) updated to v8. - `prepublish` is not executed on a local `pnpm install`. Use `prepare` instead. ##### Features - A new command added: [pnpm fetch](https://pnpm.io/cli/fetch). Fetch packages from a lockfile into virtual store, package manifest is ignored. This command is specifically designed to boost building a docker image. - Overrides match dependencies by checking if the target range is a subset of the specified range, instead of making an exact match. For example, the following override will replace any version of `foo` that has a subrange on v2: ```json "pnpm": { "overrides": { "foo@2": "2.1.0" } } ``` This will override `foo@2.2.0` and `foo@^2.3.0` to `foo@2.1.0` as both `2.2.0` and `^2.3.0` are subranges of `2`. ### [`v5.18.11`](https://togithub.com/pnpm/pnpm/releases/v5.18.11) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v5.18.10...v5.18.11) ##### Patch Changes - A security vulnerabity fixed. When commands are executed on Windows, they should not be searched for in the current working directory.

Configuration

📅 Schedule: "on Friday,every weekend" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by WhiteSource Renovate. View repository job log here.