chore(deps): update pnpm to v7

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	6.35.1 -> 7.23.0

---

Release Notes

pnpm/pnpm

v7.23.0

Compare Source

Minor Changes

• When the resolve-peers-from-workspace-root setting is set to true, pnpm will use dependencies installed in the root of the workspace to resolve peer dependencies in any of the workspace's projects #​5882.

Patch Changes

• The help of the run command should list the --resume-from option.
• Should display --include-workspace-root option on recursive command's help info.

Our Gold Sponsors

Our Silver Sponsors

v7.22.0

Compare Source

Minor Changes

• The pnpm list and pnpm why commands will now look through transitive dependencies of workspace: packages. A new --only-projects flag is available to only print workspace: packages.
• pnpm exec and pnpm run command support --resume-from option. When used, the command will executed from given package #​4690.
• Expose the npm_command environment variable to lifecycle hooks & scripts.

Patch Changes

• Fix a situation where pnpm list and pnpm why may not respect the --depth argument.
• Report to the console when a git-hosted dependency is built #​5847.
• Throw an accurate error message when trying to install a package that has no versions, or all of its versions are unpublished #​5849.
• replace dependency is-ci by ci-info (is-ci is just a simple wrapper around ci-info).
• Only run prepublish scripts of git-hosted dependencies, if the dependency doesn't have a main file. In this case we can assume that the dependencies has to be built.
• Print more contextual information when a git-hosted package fails to be prepared for installation #​5847.

Our Gold Sponsors

Our Silver Sponsors

v7.21.0

Compare Source

Minor Changes

• The pnpm dlx command supports the --shell-mode (or -c) option. When used, the script is executed by a shell #​5679.

Patch Changes

• The config command should work with the --location=global CLI option #​5841.
• Only the pnpm add --global <pkg> command should fail if there is no global pnpm bin directory in the system PATH #​5841.

Our Gold Sponsors

Our Silver Sponsors

v7.20.0

Compare Source

Minor Changes

• pnpm gets its own implementation of the following commands:

  • pnpm config get
  • pnpm config set
  • pnpm config delete
  • pnpm config list

  In previous versions these commands were passing through to npm CLI.

  PR: #​5829
  Related issue: #​5621

• Add show alias to pnpm view #​5835.

• pnpm reads settings from its own global configuration file at $XDG_CONFIG_HOME/pnpm/rc #​5829.

• Add the 'description'-field to the licenses output #​5836.

Patch Changes

• pnpm rebuild should not fail if node_modules was created by pnpm version 7.18 or older #​5815.
• pnpm env should print help.
• Run the prepublish scripts of packages installed from Git #​5826.
• pnpm rebuild should print a better error message when a hoisted dependency is not found #​5815.

Our Gold Sponsors

Our Silver Sponsors

v7.19.0

Compare Source

Minor Changes

• New setting supported in the package.json that is in the root of the workspace: pnpm.requiredScripts. Scripts listed in this array will be required in each project of the worksapce. Otherwise, pnpm -r run <script name> will fail #​5569.
• When the hoisted node linker is used, preserve node_modules directories when linking new dependencies. This improves performance, when installing in a project that already has a node_modules directory #​5795.
• When the hoisted node linker is used, pnpm should not build the same package multiple times during installation. If a package is present at multipe locations because hoisting could not hoist them to a single directory, then the package should only built in one of the locations and copied to the rest #​5814.

Patch Changes

• pnpm rebuild should work in projects that use the hoisted node linker #​5560.
• pnpm patch should print instructions about how to commit the changes #​5809.
• Allow the -S flag in command shims pnpm/cmd-shim#​42.
• Don't relink injected directories if they were not built #​5792.

Our Gold Sponsors

Our Silver Sponsors

v7.18.2

Compare Source

Patch Changes

• Added --json to the pnpm publish --help output #​5773.
• pnpm update should not replace workspace:*, workspace:~, and workspace:^ with workspace:<version> #​5764.
• The fatal error should be printed in JSON format, when running a pnpm command with the --json option #​5710.
• Throw an error while missing script start or file server.js #​5782.
• pnpm license list should not fail if a license file is an executable #​5740.

Our Gold Sponsors

Our Silver Sponsors

v7.18.1

Compare Source

Patch Changes

• The update notifier should suggest using the standalone script, when pnpm was installed using a standalone script #​5750.
• Vulnerabilities that don't have CVEs codes should not be skipped by pnpm audit if an ignoreCves list is declared in package.json #​5756.
• It should be possible to use overrides with absolute file paths #​5754.
• pnpm audit --json should ignore vulnerabilities listed in auditConfig.ignoreCves #​5734.
• pnpm licenses should print help, not just an error message #​5745.

Our Gold Sponsors

Our Silver Sponsors

v7.18.0

Compare Source

Minor Changes

• Overrides may be defined as a reference to a spec for a direct dependency by prefixing the name of the package you wish the version to match with a `# pnpm.

  {
    "dependencies": {
      "foo": "^1.0.0"
    },
    "overrides": {
      // the override is defined as a reference to the dependency
      "foo": "$foo",
      // the referenced package does not need to match the overridden one
      "bar": "$foo"
    }
  }

  Issue: #​5703

Patch Changes

• pnpm audit should work when the project's package.json has no version field #​5728
• Dependencies specified via * should be updated to semver ranges by pnpm update #​5681.
• It should be possible to override a dependency with a local package using relative path from the workspace root directory #​5493.
• Exit with non-zero exit code when child process exits with a non-zero exit clode #​5525.
• pnpm add should prefer local projects from the workspace, even if they use prerelease versions #​5316

Our Gold Sponsors

Our Silver Sponsors

v7.17.1

Compare Source

Patch Changes

• pnpm set-script and pnpm pkg are passed through to npm #​5683.
• pnpm publish <tarball path> should exit with non-0 exit code when publish fails #​5396.
• readPackage hooks should not modify the package.json files in a workspace #​5670.
• Comments in package.json5 are preserver #​2008.
• pnpm setup should create PNPM_HOME as a non-expandable env variable on Windows #​4658.
• Fix the CLI help of the pnpm licenses command.

Our Gold Sponsors

Our Silver Sponsors

v7.17.0

Compare Source

Minor Changes

• Added a new command pnpm licenses list, which displays the licenses of the packages #​2825

Patch Changes

• pnpm update --latest !foo should not update anything if the only dependency in the project is the ignored one #​5643.
• pnpm audit should send the versions of workspace projects for audit.
• Hoisting with symlinks should not override external symlinks and directories in the root of node_modules.
• The pnpm.updateConfig.ignoreDependencies setting should work with multiple dependencies in the array #​5639.

Our Gold Sponsors

Our Silver Sponsors

v7.16.1

Compare Source

Patch Changes

• Sync all injected dependencies when hoisted node linker is used #​5630

Our Gold Sponsors

Our Silver Sponsors

v7.16.0

Compare Source

Minor Changes

• Support pnpm env list to list global or remote Node.js versions #​5546.

Patch Changes

• Replace environment variable placeholders with their values, when reading .npmrc files in subdirectories inside a workspace #​2570.
• Fix an error that sometimes happen on projects with linked local dependencies #​5327.

Our Gold Sponsors

Our Silver Sponsors

v7.15.0

Compare Source

Minor Changes

• Support --format=json option to output outdated packages in JSON format with outdated command #​2705.

  pnpm outdated --format=json
  #or
  pnpm outdated --json

• A new setting supported for ignoring vulnerabilities by their CVEs. The ignored CVEs may be listed in the pnpm.auditConfig.ignoreCves field of package.json. For instance:

  {
    "pnpm": {
      "auditConfig": {
        "ignoreCves": [
          "CVE-2019-10742",
          "CVE-2020-28168",
          "CVE-2021-3749",
          "CVE-2020-7598"
        ]
      }
    }
  }

Patch Changes

• The reporter should not crash when the CLI process is kill during lifecycle scripts execution #​5588.
• Installation shouldn't fail when the injected dependency has broken symlinks. The broken symlinks should be just skipped #​5598.

Our Gold Sponsors

Our Silver Sponsors

Mend Renovate. View repository job log here.

[netlify]

✅ Deploy Preview for viden ready!

Name	Link
🔨 Latest commit	d298940
🔍 Latest deploy log	https://app.netlify.com/sites/viden/deploys/63bba03b121eae00081e4938
😎 Deploy Preview	https://deploy-preview-13--viden.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.