Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update pnpm to v7 #229

Merged
merged 1 commit into from
May 1, 2022
Merged

chore(deps): update pnpm to v7 #229

merged 1 commit into from
May 1, 2022

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 1, 2022

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pnpm (source) 6.32.2 -> 7.0.0 age adoption passing confidence

Release Notes

pnpm/pnpm

v7.0.0

Compare Source

Major Changes

  • Node.js 12 is not supported.

  • The root package is excluded by default, when running pnpm -r exec|run|add #​2769.

  • Filtering by path is done by globs.

    In pnpm v6, in order to pick packages under a certain directory, the following filter was used: --filter=./apps

    In pnpm v7, a glob should be used: --filter=./apps/**

    For easier upgrade, we have also added a setting to turn back filtering as it was in v6. Just set legacy-dir-filtering=true in .npmrc.

  • The NODE_PATH env variable is not set in the command shims (the files in node_modules/.bin). This env variable was really long and frequently caused errors on Windows.

    Also, the extend-node-path setting is removed.

    Related PR: #​4253

  • The embed-readme setting is false by default.

  • When using pnpm run <script>, all command line arguments after the script name are now passed to the script's argv, even --. For example, pnpm run echo --hello -- world will now pass --hello -- world to the echo script's argv. Previously flagged arguments (e.g. --silent) were interpreted as pnpm arguments unless -- came before it.

  • Side effects cache is turned on by default. To turn it off, use side-effects-cache=false.

  • The npm_config_argv env variable is not set for scripts #​4153.

  • pnpx is now just an alias of pnpm dlx.

    If you want to just execute the command of a dependency, run pnpm <cmd>. For instance, pnpm eslint.

    If you want to install and execute, use pnpm dlx <pkg name>.

  • pnpm install -g pkg will add the global command only to a predefined location. pnpm will not try to add a bin to the global Node.js or npm folder. To set the global bin directory, either set the PNPM_HOME env variable or the global-bin-dir setting.

  • pnpm pack should only pack a file as an executable if it's a bin or listed in the publishConfig.executableFiles array.

  • -W is not an alias of --ignore-workspace-root-check anymore. Just use -w or --workspace-root instead, which will also allow to install dependencies in the root of the workspace.

  • Allow to execute a lifecycle script in a directory that doesn't match the package's name. Previously this was only allowed with the --unsafe-perm CLI option #​3709.

  • Local dependencies referenced through the file: protocol are hard linked (not symlinked) #​4408. If you need to symlink a dependency, use the link: protocol instead.

  • strict-peer-dependencies is true by default #​4427.

  • A prerelease version is always added as an exact version to package.json. If the next version of foo is 1.0.0-beta.1 then running pnpm add foo@next will add this to package.json:

    {
      "dependencies": {
        "foo": "1.0.0-beta.1"
      }
    }

    PR: #​4435

  • Dependencies of the root workspace project are not used to resolve peer dependencies of other workspace projects #​4469.

  • Don't hoist types by default to the root of node_modules #​4459.

  • Any package with "prettier" in its name is hoisted.

  • Changed the location of the global store from ~/.pnpm-store to <pnpm home directory>/store

    On Linux, by default it will be ~/.local/share/pnpm/store
    On Windows: %LOCALAPPDATA%/pnpm/store
    On macOS: ~/Library/pnpm/store

    Related issue: #​2574

  • 4bed585: The next deprecated settings were removed:

    • frozen-shrinkwrap
    • prefer-frozen-shrinkwrap
    • shared-workspace-shrinkwrap
    • shrinkwrap-directory
    • lockfile-directory
    • shrinkwrap-only
    • store
  • Use a base32 hash instead of a hex to encode too long dependency paths inside node_modules/.pnpm #​4552.

  • New setting added: git-shallow-hosts. When cloning repositories from "shallow-hosts", pnpm will use shallow cloning to fetch only the needed commit, not all the history #​4548.

  • Lockfile version bumped to v5.4.

  • Exit with an error when running pnpm install in a directory that has no package.json file in it (and in parent directories) #​4609.

Our Sponsors

#### What's Changed * feat!: breaking config changes for v7 by @​zkochan in https://github.com/pnpm/pnpm/pull/4253 * feat(pack)!: limit what files are packed as executables by @​zkochan in https://github.com/pnpm/pnpm/pull/4266 * feat!: pnpx is an alias of pnpm dlx by @​zkochan in https://github.com/pnpm/pnpm/pull/4267 * feat: run scripts without -- by @​gluxon in https://github.com/pnpm/pnpm/pull/4290 * fix: revert backwards compatible handling of -- for run by @​gluxon in https://github.com/pnpm/pnpm/pull/4291 * feat!: global bins should be created only in predefined locations by @​zkochan in https://github.com/pnpm/pnpm/pull/4280 * ci: use pnpm v7 by @​zkochan in https://github.com/pnpm/pnpm/pull/4307 * feat!: remove -W option by @​zkochan in https://github.com/pnpm/pnpm/pull/4308 * test(audit): fix for 2022-02-15 by @​gluxon in https://github.com/pnpm/pnpm/pull/4340 * feat: -F is a short alias of --filter by @​zkochan in https://github.com/pnpm/pnpm/pull/4342 * feat: onlyBuiltDependencies by @​zkochan in https://github.com/pnpm/pnpm/pull/4014 * fix(make-dedicated-lockfile): don't re-resolve dependency versions in dedicated lockfile by @​David-Collins in https://github.com/pnpm/pnpm/pull/4350 * test(audit): mock responses from audit endpoint by @​zkochan in https://github.com/pnpm/pnpm/pull/4354 * fix: bad packageManager field by @​Jack-Works in https://github.com/pnpm/pnpm/pull/4356 * feat: use the versions from overrides when adding deps without specs by @​zkochan in https://github.com/pnpm/pnpm/pull/4355 * chore: document the interface of command packages by @​illright in https://github.com/pnpm/pnpm/pull/3828 * fix: print an info message when NODE_ENV is set to production by @​zkochan in https://github.com/pnpm/pnpm/pull/4362 * test: ignore override if a version is specified at install by @​nikoladev in https://github.com/pnpm/pnpm/pull/4366 * fix: ignore case, when verifying package name in the store by @​zkochan in https://github.com/pnpm/pnpm/pull/4368 * fix: peerDependencyRules with * as range by @​zkochan in https://github.com/pnpm/pnpm/pull/4370 * feat: run scripts without --unsafe-perm by @​zkochan in https://github.com/pnpm/pnpm/pull/4369 * chore(github): add welcome bot app by @​BlackHole1 in https://github.com/pnpm/pnpm/pull/4373 * fix: onlyBuiltDependencies should work by @​zkochan in https://github.com/pnpm/pnpm/pull/4377 * fix: pnpm i should work on virtual drives by @​kazuare in https://github.com/pnpm/pnpm/pull/4386 * fix: throw a meaningful error message on broken lockfile by @​zkochan in https://github.com/pnpm/pnpm/pull/4387 * fix: don't write data from the lockfile to the global store by @​zkochan in https://github.com/pnpm/pnpm/pull/4395 * fix(resolve-dependencies): a sequence of injected deps via the file protocol by @​zkochan in https://github.com/pnpm/pnpm/pull/4415 * feat: the file protocol should always inject the dependency by @​zkochan in https://github.com/pnpm/pnpm/pull/4408 * feat: add own implementation of the init command by @​zkochan in https://github.com/pnpm/pnpm/pull/4422 * feat: strict-peer-dependencies is true by default by @​zkochan in https://github.com/pnpm/pnpm/pull/4427 * feat: respect the npmrc by @​Spencer17x in https://github.com/pnpm/pnpm/pull/4425 * feat: a prerelease version is always saved as an exact version by @​zkochan in https://github.com/pnpm/pnpm/pull/4435 * feat: prevent deep imports using exports by @​zkochan in https://github.com/pnpm/pnpm/pull/4440 * fix: use `@pnpm/graph-sequencer` instead of `graph-sequencer` by @​zkochan in https://github.com/pnpm/pnpm/pull/4458 * fix: fetch should allow the same options as install by @​zkochan in https://github.com/pnpm/pnpm/pull/4460 * fix: typo by @​HomyeeKing in https://github.com/pnpm/pnpm/pull/4462 * fix(lockfile-utils): checking dependenciesMeta by @​zkochan in https://github.com/pnpm/pnpm/pull/4463 * fix: types should not be hoisted to the root of node_modules by @​zkochan in https://github.com/pnpm/pnpm/pull/4459 * chore: replace deprecated String.prototype.substr() by @​CommanderRoot in https://github.com/pnpm/pnpm/pull/4479 * Chore/friendly git error by @​lawvs in https://github.com/pnpm/pnpm/pull/4488 * fix: handle undefined version spec by @​tmkx in https://github.com/pnpm/pnpm/pull/4487 * lint: remove duplicate code by @​milahu in https://github.com/pnpm/pnpm/pull/4496 * fix: typo by @​HomyeeKing in https://github.com/pnpm/pnpm/pull/4499 * feat: don't resolve peer dependencies from workspace root by @​zkochan in https://github.com/pnpm/pnpm/pull/4469 * chore: fix typo by @​sudongyuer in https://github.com/pnpm/pnpm/pull/4516 * fix: set root by @​HomyeeKing in https://github.com/pnpm/pnpm/pull/4515 * fix(cmd-shim): extend NODE_PATH with path to hidden hoisted dir by @​zkochan in https://github.com/pnpm/pnpm/pull/4513 * chore: public-hoist-pattern prettier config by @​fupengl in https://github.com/pnpm/pnpm/pull/3954 * feat: remove deprecated settings by @​zkochan in https://github.com/pnpm/pnpm/pull/4519 * feat: the global store location should be inside the pnpm home directory by @​zkochan in https://github.com/pnpm/pnpm/pull/4522 * fix: the file protocol should link all files by default by @​zkochan in https://github.com/pnpm/pnpm/pull/4532 * fix: dependenciesMeta should be saved into the lockfile by @​zkochan in https://github.com/pnpm/pnpm/pull/4538 * fix: resolve peers from linked in dependencies by @​zkochan in https://github.com/pnpm/pnpm/pull/4541 * fix: peer dependency has workspace protocol by @​zkochan in https://github.com/pnpm/pnpm/pull/4540 * feat: use a shorter hash for dep path by @​zkochan in https://github.com/pnpm/pnpm/pull/4552 * feat(git-fetcher): shallow clone when fetching git resource by @​kenrick95 in https://github.com/pnpm/pnpm/pull/4548 * style(*): remove duplicate declarations in TypeScript types by @​dev-itsheng in https://github.com/pnpm/pnpm/pull/4570 * docs(*): fix problems with sample code in documentation by @​dev-itsheng in https://github.com/pnpm/pnpm/pull/4572 * fix(exe): use the strict equality operator, and make `JSON.parse` execute correctly by @​dev-itsheng in https://github.com/pnpm/pnpm/pull/4571 * Improve spnpm to use esbuild by @​jondlm in https://github.com/pnpm/pnpm/pull/4574 * style(*): typo by @​dev-itsheng in https://github.com/pnpm/pnpm/pull/4573 * fix(core): prevent duplication of peerDependencyRules in the lockfile by @​kamsar in https://github.com/pnpm/pnpm/pull/4576 * fix: store integrity check when the lockfile is updated by @​zkochan in https://github.com/pnpm/pnpm/pull/4580 * Fix `add` bug with overlapping workspace packages by @​jondlm in https://github.com/pnpm/pnpm/pull/4575 * fix(exec): commands of workspace project should be in PATH by @​zkochan in https://github.com/pnpm/pnpm/pull/4583 * fix(default-reporter): use loglevel to filter deprecation warnings (#​4343) by @​milahu in https://github.com/pnpm/pnpm/pull/4507 * fix: an edge case with peer resolutions and circular deps by @​zkochan in https://github.com/pnpm/pnpm/pull/4588 * feat: shrink path to the global directory (to reduce chance of too long names on Windows) by @​zkochan in https://github.com/pnpm/pnpm/pull/4591 * fix(filter-workspace-packages): filter not working if the path contains Korean characters by @​WhiteKiwi in https://github.com/pnpm/pnpm/pull/4595 * chore: Set permissions for GitHub actions by @​neilnaveen in https://github.com/pnpm/pnpm/pull/4607 * fix: only `pnpm install` should fail on peer dep issues by @​zkochan in https://github.com/pnpm/pnpm/pull/4596 * feat: add legacy-dir-filtering by @​zkochan in https://github.com/pnpm/pnpm/pull/4610 * fix(init): don't fail if a parent dir has a package.json by @​zkochan in https://github.com/pnpm/pnpm/pull/4615 * fix: dlx should work without a configured global directory by @​zkochan in https://github.com/pnpm/pnpm/pull/4612 * fix(install): exit with an error when no package.json is found by @​zkochan in https://github.com/pnpm/pnpm/pull/4614 * fix: a file dep has a file dep by @​zkochan in https://github.com/pnpm/pnpm/pull/4618 * fix: publish in workspace by @​zkochan in https://github.com/pnpm/pnpm/pull/4627 * fix: don't fail when moving packages to node_modules/.ignored by @​zkochan in https://github.com/pnpm/pnpm/pull/4626 * fix: global linking by @​zkochan in https://github.com/pnpm/pnpm/pull/4641 * fix(exportable-manifest, types): add typesVersions field to PUBLISH_CONFIG_WHITELIST by @​WhiteKiwi in https://github.com/pnpm/pnpm/pull/4637 #### New Contributors * @​Jack-Works made their first contribution in https://github.com/pnpm/pnpm/pull/4356 * @​kazuare made their first contribution in https://github.com/pnpm/pnpm/pull/4386 * @​Spencer17x made their first contribution in https://github.com/pnpm/pnpm/pull/4425 * @​HomyeeKing made their first contribution in https://github.com/pnpm/pnpm/pull/4462 * @​CommanderRoot made their first contribution in https://github.com/pnpm/pnpm/pull/4479 * @​lawvs made their first contribution in https://github.com/pnpm/pnpm/pull/4488 * @​tmkx made their first contribution in https://github.com/pnpm/pnpm/pull/4487 * @​sudongyuer made their first contribution in https://github.com/pnpm/pnpm/pull/4516 * @​fupengl made their first contribution in https://github.com/pnpm/pnpm/pull/3954 * @​dev-itsheng made their first contribution in https://github.com/pnpm/pnpm/pull/4570 * @​jondlm made their first contribution in https://github.com/pnpm/pnpm/pull/4574 * @​kamsar made their first contribution in https://github.com/pnpm/pnpm/pull/4576 * @​WhiteKiwi made their first contribution in https://github.com/pnpm/pnpm/pull/4595 * @​neilnaveen made their first contribution in https://github.com/pnpm/pnpm/pull/4607

Full Changelog: pnpm/pnpm@v6.31.0...v7.0.0

v6.32.11

Compare Source

Patch Changes
  • pnpm publish should work correctly in a workspace, when the latest npm CLI is installed #​4348.
  • Installation shouldn't fail when a package from node_modules is moved to the node_modules/.ignored subfolder and a package with that name is already present in `node_modules/.ignored' #​4626.

Full Changelog: pnpm/pnpm@v6.32.10...v6.32.11

v6.32.10

Compare Source

Patch Changes
  • It should be possible to use a chain of local file dependencies #​4611.
  • Filtering by directory should work with directories that have unicode chars in the name #​4595.

Full Changelog: pnpm/pnpm@v6.32.9...v6.32.10

v6.32.9

Compare Source

Patch Changes

  • Fix an error with peer resolutions, which was happening when there was a circular dependency and another dependency that had the name of the circular dependency as a substring.

  • When pnpm exec is running a command in a workspace project, the commands that are in the dependencies of that workspace project should be in the PATH #​4481.

  • Hide "WARN deprecated" messages on loglevel error #​4507

    Don't show the progress bar when loglevel is set to warn or error.

Full Changelog: pnpm/pnpm@v6.32.8...v6.32.9

v6.32.8

Compare Source

Patch Changes

  • Don't check the integrity of the store with the package version from the lockfile, when the package was updated #​4580.
  • Don't update a direct dependency that has the same name as a dependency in the workspace, when adding a new dependency to a workspace project #​4575.

Full Changelog: pnpm/pnpm@v6.32.7...v6.32.8

v6.32.7

Compare Source

Patch Changes

  • Setting the auto-install-peers to true should work.

Full Changelog: pnpm/pnpm@v6.32.6...v6.32.7

v6.32.6

Compare Source

Patch Changes
  • Linked in dependencies should be considered when resolving peer dependencies #​4541.
  • Peer dependency should be correctly resolved from the workspace, when it is declared using a workspace protocol #​4529.

Full Changelog: pnpm/pnpm@v6.32.5...v6.32.6

v6.32.5

Compare Source

v6.32.4

Compare Source

Patch Changes
  • Show a friendly error message when it is impossible to get the current Git branch name during publish #​4488.
  • When checking if the lockfile is up-to-date, an empty dependenciesMeta field in the manifest should be satisfied by a not set field in the lockfile #​4463.
  • It should be possible to reference a workspace project that has no version specified in its package.json #​4487.

v6.32.3

Compare Source

Patch Changes
  • 4941f31: The location of an injected directory dependency should be correctly located, when there is a chain of local dependencies (declared via the file: protocol`).

    The next scenario was not working prior to the fix. There are 3 projects in the same folder: foo, bar, qar.

    foo/package.json:

    {
      "name": "foo",
      "dependencies": {
        "bar": "file:../bar"
      },
      "dependenciesMeta": {
        "bar": {
          "injected": true
        }
      }
    }

    bar/package.json:

    {
      "name": "bar",
      "dependencies": {
        "qar": "file:../qar"
      },
      "dependenciesMeta": {
        "qar": {
          "injected": true
        }
      }
    }

    qar/package.json:

    {
      "name": "qar"
    }

    Related PR: #​4415.


Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@codecov-commenter
Copy link

Codecov Report

Merging #229 (285e7e3) into main (2974608) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #229   +/-   ##
=======================================
  Coverage   97.91%   97.91%           
=======================================
  Files           4        4           
  Lines         672      672           
  Branches       98       98           
=======================================
  Hits          658      658           
  Misses         14       14           

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2974608...285e7e3. Read the comment docs.

@danielroe danielroe merged commit aed17a8 into main May 1, 2022
@danielroe danielroe deleted the renovate/pnpm-7.x branch May 1, 2022 13:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants