Update dependency pnpm to v7 - autoclosed #182
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
6.35.1
->7.30.5
Release Notes
pnpm/pnpm
v7.30.5
Compare Source
Patch Changes
pnpm audit
should work even if there are nopackage.json
file, just apnpm-lock.yaml
file.dedupe-peer-dependents
istrue
#6154.Our Gold Sponsors
Our Silver Sponsors
v7.30.4
Compare Source
v7.30.3
Compare Source
Patch Changes
Our Gold Sponsors
Our Silver Sponsors
v7.30.2
Compare Source
v7.30.1
Compare Source
Patch Changes
pnpm-lock.yaml
file if it has no changes andpnpm install --frozen-lockfile
was executed #6158.git+ssh
that use semver selectors #6239.pnpm audit
output #6203Our Gold Sponsors
Our Silver Sponsors
v7.30.0
Compare Source
Minor Changes
patches-dir
setting #6215Patch Changes
Our Gold Sponsors
Our Silver Sponsors
v7.29.3
Compare Source
Patch Changes
node_modules/.pnpm/node_modules
directory through theNODE_PATH
env variable, then the command's ownnode_modules
directory #5176.extend-node-path
is set back totrue
by default. It was set tofalse
in v7.29.2 in order to fix issues with multiple versions of Jest in one workspace. It has caused other issues, so now we keep extendingNODE_PATH
. We have fixed the Jest issue with a different solution #6213.Our Gold Sponsors
Our Silver Sponsors
v7.29.2
Compare Source
v7.29.1
Compare Source
Patch Changes
Our Gold Sponsors
Our Silver Sponsors
v7.29.0
Compare Source
Minor Changes
A new setting is now supported:
dedupe-peer-dependents
.When this setting is set to
true
, packages with peer dependencies will be deduplicated after peers resolution.For instance, let's say we have a workspace with two projects and both of them have
webpack
in their dependencies.webpack
hasesbuild
in its optional peer dependencies, and one of the projects hasesbuild
in its dependencies. In this case, pnpm will link two instances ofwebpack
to thenode_modules/.pnpm
directory: one withesbuild
and another one without it:This makes sense because
webpack
is used in two projects, and one of the projects doesn't haveesbuild
, so the two projects cannot share the same instance ofwebpack
. However, this is not what most developers expect, especially since in a hoistednode_modules
, there would only be one instance ofwebpack
. Therefore, you may now use thededupe-peer-dependents
setting to deduplicatewebpack
when it has no conflicting peer dependencies (explanation at the end). In this case, if we setdedupe-peer-dependents
totrue
, both projects will use the samewebpack
instance, which is the one that hasesbuild
resolved:What are conflicting peer dependencies? By conflicting peer dependencies we mean a scenario like the following one:
In this case, we cannot dedupe
webpack
aswebpack
hasreact
in its peer dependencies andreact
is resolved from two different versions in the context of the two projects.Patch Changes
The configuration added by
pnpm setup
should check if the pnpm home directory is already in the PATH before adding to the PATH.Before this change, this code was added to the shell:
Now this will be added:
Add
skipped
status in exec report summary when script is missing #6139.pnpm env -g
should fail with a meaningful error message if pnpm cannot find the pnpm home directory, which is the directory into which Node.js is installed.Should not throw an error when local dependency use file protocol #6115.
Fix the incorrect error block when subproject has been patched #6183
Our Gold Sponsors
Our Silver Sponsors
v7.28.0
Compare Source
Minor Changes
--report-summary
forpnpm exec
andpnpm run
#6008.pnpm why --json
or--long
#6103.pnpm.peerDependencyRules.allowedVersions
package.json
option to support theparent>child
selector syntax. This syntax allows for extending specificpeerDependencies
#6108.Patch Changes
peerDependenciesMeta
and notpeerDependencies
,dependencies
, oroptionalDependencies
, the dependency's peers were not considered deterministically before.patch-commit
should auto apply patches in workspaces #6048pnpm config set
should write to the global config file by default #5877.Our Gold Sponsors
Our Silver Sponsors
v7.27.1
Compare Source
Patch Changes
store path
description to thepnpm
cli help.pnpm store prune
, when a tarball integrity error happens.strict-ssl
,ca
,key
, andcert
settings should work with HTTPS proxy servers #4689.Our Gold Sponsors
Our Silver Sponsors
v7.27.0
Compare Source
Minor Changes
resolution-mode
added:lowest-direct
. With this resolution mode direct dependencies will be resolved to their lowest versions. So if there isfoo@^1.1.0
in the dependencies, then1.1.0
will be installed, even if the latest version offoo
is1.2.0
.pnpm run /build:.*/
and execute the matched scripts with the RegExp #5871.Patch Changes
Fix version number replacing for namespaced workspace packages.
workspace:@​foo/bar@*
should be replaced withnpm:@​foo/bar@<version>
on publish #6052.When resolving dependencies, prefer versions that are already used in the root of the project. This is important to minimize the number of packages that will be nested during hoisting #6054.
Deduplicate direct dependencies.
Let's say there are two projects in the workspace that dependend on
foo
. One project hasfoo@1.0.0
in the dependencies while another one hasfoo@^1.0.0
in the dependencies. In this case,foo@1.0.0
should be installed to both projects as satisfies the version specs of both projects.Use Map rather than Object in
createPackageExtender
to prevent read the prototype property to native functionOur Gold Sponsors
Our Silver Sponsors
v7.26.3
Compare Source
Patch Changes
pnpm-lock.yaml
lockfile format #5976.Our Gold Sponsors
Our Silver Sponsors
v7.26.2
Compare Source
Patch Changes
pnpm audit
output for better readability #5981node-linker
is set tohoisted
#5992.Our Gold Sponsors
Our Silver Sponsors
v7.26.1
Compare Source
Patch Changes
node-linker
is set tohoisted
#5988.EMFILE: too many open files
by using graceful-fs for reading bin files of dependencies #5887.Our Gold Sponsors
Our Silver Sponsors
v7.26.0
Compare Source
Minor Changes
pnpm dedupe
command that removes dependencies from the lockfile by re-resolving the dependency graph. This work similar to yarn'syarn dedupe --strategy highest
command #5958Patch Changes
prepublishOnly
andprepublish
should not be executed onpnpm pack
#2941.Our Gold Sponsors
Our Silver Sponsors
This PR has been generated by Mend Renovate. View repository job log here.