Update pnpm to v7.9.5

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	7.5.0 -> 7.9.5

---

Release Notes

pnpm/pnpm

v7.9.5

Compare Source

Patch Changes

• Set NODE_PATH when prefer-symlinked-executables is enabled #​5251.
• Fail with a meaningful error when the audit endpoint doesn't exist #​5200.
• Symlink a local dependency to node_modules, even if the target directory doesn't exist #​5219.

Our Gold Sponsors

Our Silver Sponsors

What's Changed

• Fix pnpm audit bad API response on private registry by @​timtong19https://github.com/pnpm/pnpm/pull/5246l/5246
• fix: set NODE_PATH when is turned on by @​d3https://github.com/pnpm/pnpm/pull/5251l/5251
• fix: symlink local dep even when target dir does not exist by @​zkochhttps://github.com/pnpm/pnpm/pull/5253l/5253
• fix: only set extraEnv for preferSymlinkedExecutables if it's not windows by @​d3https://github.com/pnpm/pnpm/pull/5256l/5256

New Contributors

• @​timtong1982 made their first contributihttps://github.com/pnpm/pnpm/pull/5246l/5246

Full Changelog: pnpm/pnpm@v7.9.4...v7.9.5

v7.9.4

Compare Source

Patch Changes

• Auto install peer dependencies when auto-install-peers is set to true and the lockfile is up to date #​5213.
• pnpm env: for Node.js<16 install the x64 build on Darwin ARM as ARM build is not available #​5239.
• pnpm env: log a message when the node.js tarball starts the download #​5241.
• Fix pnpm install --merge-git-branch-lockfile when the lockfile is up to date #​5212.

Our Gold Sponsors

Our Silver Sponsors

What's Changed

• feat(cafs): extend cafs with getFilePathByModeInCafs by @​d3https://github.com/pnpm/pnpm/pull/5232l/5232
• fix: mergeGitBranchLockfiles when merged lockfile is up-to-date by @​chengcybhttps://github.com/pnpm/pnpm/pull/5233l/5233
• test: all test packages should be from the @​pnpm.e2e scope by @&#8203https://github.com/pnpm/pnpm/pull/5211pm/pull/5211
• fix: node<16 download fail on arm chips on macos by @​ambar-arkhttps://github.com/pnpm/pnpm/pull/5239l/5239
• feat(env): show state on fetching node by @​JacobLinCohttps://github.com/pnpm/pnpm/pull/5241l/5241
• Fix: install peerDeps which is not optional on headless install by @​Shinyaigehttps://github.com/pnpm/pnpm/pull/5243l/5243

New Contributors

• @​ambar-arkin made their first contributihttps://github.com/pnpm/pnpm/pull/5239l/5239
• @​JacobLinCool made their first contributihttps://github.com/pnpm/pnpm/pull/5241l/5241
• @​Shinyaigeek made their first contributihttps://github.com/pnpm/pnpm/pull/5243l/5243

Full Changelog: pnpm/pnpm@v7.9.3...v7.9.4

v7.9.3

Compare Source

Patch Changes

• Remove legacy signal handlers #​5224

Our Gold Sponsors

Our Silver Sponsors

What's Changed

• fix: remove legacy signal handlers by @​d3https://github.com/pnpm/pnpm/pull/5224l/5224

Full Changelog: pnpm/pnpm@v7.9.2...v7.9.3

v7.9.2

Compare Source

Patch Changes

• When the same package is both in "peerDependencies" and in "dependencies", treat this dependency as a peer dependency if it may be resolved from the dependencies of parent packages #​5210.
• Update node-gyp to v9.
• Update the compatibility database.

Our Gold Sponsors

Our Silver Sponsors

v7.9.1

Compare Source

Patch Changes

• pnpm setup: don't use setx to set env variables on Windows.

Our Gold Sponsors

Our Silver Sponsors

v7.9.0

Compare Source

Minor Changes

• When ignore-dep-scripts is true, ignore scripts of dependencies but run the scripts of the project.
• When ignore-compatibility-db is set to true, the compatibility database will not be used to patch dependencies #​5132.
• Print the versions of packages in peer dependency warnings and errors.
• Support a new hook for passing a custom package importer to the store controller.

Patch Changes

• Don't print the same deprecation warning multiple times.
• On POSIX pnpm setup should suggest users to source the config instead of restarting the terminal.
• Installing a package with bin that points to an .exe file on Windows #​5159.
• Fix bug where the package manifest was not resolved if verify-store-integrity is set to false.
• Fix sorting of keys in lockfile to make it more deterministic and prevent unnecessary churn in the lockfile #​5151.
• Don't create a separate bundle for pnpx.

Our Gold Sponsors

Our Silver Sponsors

v7.8.0

Compare Source

Minor Changes

• When publishConfig.directory is set, only symlink it to other workspace projects if publishConfig.linkDirectory is set to true. Otherwise, only use it for publishing #​5115.

Patch Changes

• Don't incorrectly identify a lockfile out-of-date when the package has a publishConfig.directory field #​5124.
• Don't crash when a config file contains a setting with an env variable that doesn't exist #​5093.

Our Gold Sponsors

Our Silver Sponsors

What's Changed

• fix: don't incorrectly identify a lockfile out-of-date by @​zkochhttps://github.com/pnpm/pnpm/pull/5126l/5126
• feat: publishConfig.linkDirectory by @​zkochhttps://github.com/pnpm/pnpm/pull/5125l/5125
• fix: don't crash on a .npmrc with missing env var by @​zkochhttps://github.com/pnpm/pnpm/pull/5127l/5127
• chore: fix typo by @​LuciNyhttps://github.com/pnpm/pnpm/pull/5128l/5128

New Contributors

• @​LuciNyan made their first contributihttps://github.com/pnpm/pnpm/pull/5128l/5128

Full Changelog: pnpm/pnpm@v7.7.1...v7.8.0

v7.7.1

Compare Source

Patch Changes

• pnpm should not consider a lockfile out-of-date if auto-install-peers is set to true and the peer dependency is in devDependencies or optionalDependencies #​5080.
• Don't incorrectly consider a lockfile out-of-date when workspace:^ or workspace:~ version specs are used in a workspace.

Our Gold Sponsors

Our Silver Sponsors

What's Changed

• fix: frozen install in a project with peer deps and auto-install-peers=true by @​zkochhttps://github.com/pnpm/pnpm/pull/5120l/5120
• fix: don't incorrectly consider a lockfile to be out-of-date by @​zkochhttps://github.com/pnpm/pnpm/pull/5121l/5121

Full Changelog: pnpm/pnpm@v7.7.0...v7.7.1

v7.7.0

Compare Source

Minor Changes

• Add experimental lockfile format that should merge conflict less in the importers section. Enabled by setting the use-inline-specifiers-lockfile-format = true feature flag in .npmrc.

  If this feature flag is committed to a repo, we recommend setting the minimum allowed version of pnpm to this release in the package.json engines field. Once this is set, older pnpm versions will throw on invalid lockfile versions.

• Add publishDirectory field to the lockfile and relink the project when it changes.

• verify-store-integrity=false makes pnpm skip checking the integrities of files in the global content-addressable store.

• Allow to set only-built-dependencies[] through .npmrc.

Patch Changes

• It should be possible to publish a package with local dependencies from a custom publish directory (set via publishConfig.directory) #​3901.
• pnpm deploy should inject local dependencies of all types (dependencies, optionalDependencies, devDependencies) #​5078.
• When a project in a workspace has a publishConfig.directory set, dependent projects should install the project from that directory #​3901
• pnpm deploy: accept absolute paths and use cwd instead of workspaceDir for deploy target directory #​4980.
• pnpm setup should update .zshrc in the right directory when a $ZDOTDIR is set.

Our Gold Sponsors

Our Silver Sponsors

What's Changed

• fix(deploy): inject all types of deps by @​zkochhttps://github.com/pnpm/pnpm/pull/5084l/5084
• fix(make-dedicated-lockfile): prepublishOnly script is automatically … by @​zkochhttps://github.com/pnpm/pnpm/pull/5083l/5083
• fix: symlink a workspace pkg correctly, when it has a custom publish dir by @​zkochhttps://github.com/pnpm/pnpm/pull/5089l/5089
• feat: add experimental use-inline-specifiers-lockfile-format by @​gluxhttps://github.com/pnpm/pnpm/pull/5091l/5091
• fix: plugin-commands-deploy use path resolve on deploy target dir by @​AWahttps://github.com/pnpm/pnpm/pull/5026l/5026
• fix: relink the project when its publish directory changes by @​zkochhttps://github.com/pnpm/pnpm/pull/5109l/5109
• fix: don't include specifiers field in new experimental lockfile format by @​zkochhttps://github.com/pnpm/pnpm/pull/5110l/5110
• feat: verify-store-integrity by @​zkochhttps://github.com/pnpm/pnpm/pull/5112l/5112

New Contributors

• @​AWare made their first contributihttps://github.com/pnpm/pnpm/pull/5026l/5026

Full Changelog: pnpm/pnpm@v7.6.0...v7.7.0

v7.6.0

Compare Source

Minor Changes

• A new setting supported: prefer-symlinked-executables. When true, pnpm will create symlinks to executables in
  node_modules/.bin instead of command shims (but on POSIX systems only).

  This setting is true by default when node-linker is set to hoisted.

  Related issue: #​4782.

• When lockfile-include-tarball-url is set to true, every entry in pnpm-lock.yaml will contain the full URL to the package's tarball #​5054.

Patch Changes

• pnpm deploy should include all dependencies by default #​5035.

• Don't print warnings about file verifications. Just print info messages instead.

• pnpm publish --help should print the --recursive and --filter options #​5019.

• It should be possible to run exec/run/dlx with the --use-node-version option.

• pnpm deploy should not modify the lockfile #​5071

• pnpm deploy should not fail in CI #​5071

• When auto-install-peers is set to true, automatically install direct peer dependencies #​5028.

  So if your project the next manifest:

  {
    "dependencies": {
      "lodash": "^4.17.21"
    },
    "peerDependencies": {
      "react": "^18.2.0"
    }
  }

  pnpm will install both lodash and react as a regular dependencies.

Our Gold Sponsors

Our Silver Sponsors

What's Changed

• pnpm rebuild accepts --store-dir by @​chengcybhttps://github.com/pnpm/pnpm/pull/5036l/5036
• fix(deploy): include all deps by default by @​zkochhttps://github.com/pnpm/pnpm/pull/5040l/5040
• chore(deps): upgrade nock to v13 by @​mcmxcdhttps://github.com/pnpm/pnpm/pull/5043l/5043
• fix: log more info on HTTP error by @​zkochhttps://github.com/pnpm/pnpm/pull/4917l/4917
• fix: document the -r option by @​zkochhttps://github.com/pnpm/pnpm/pull/5044l/5044
• chore(deps): upgrade sinon to v14 by @​mcmxcdhttps://github.com/pnpm/pnpm/pull/5045l/5045
• fix(audit): add authentication to pnpm-audit by @​slhttps://github.com/pnpm/pnpm/pull/5053l/5053
• feat: prefer-symlinked-executables by @​zkochhttps://github.com/pnpm/pnpm/pull/5048l/5048
• chore: update pnpm-workspace.yaml by @​ayu142https://github.com/pnpm/pnpm/pull/5060l/5060
• feat: add lockfile-include-tarball-url option by @​MBelnihttps://github.com/pnpm/pnpm/pull/5054l/5054
• fix: auto install root peer deps when auto-install-peers=true by @​zkochhttps://github.com/pnpm/pnpm/pull/5067l/5067
• fix(deploy): don't modify the lockfile and fail in CI by @​zkochhttps://github.com/pnpm/pnpm/pull/5074l/5074

New Contributors

• @​mcmxcdev made their first contributihttps://github.com/pnpm/pnpm/pull/5043l/5043
• @​sled made their first contributihttps://github.com/pnpm/pnpm/pull/5053l/5053
• @​ayu14214 made their first contributihttps://github.com/pnpm/pnpm/pull/5060l/5060
• @​MBelniak made their first contributihttps://github.com/pnpm/pnpm/pull/5054l/5054

Full Changelog: pnpm/pnpm@v7.5.2...v7.6.0

v7.5.2

Compare Source

Patch Changes

• Don't print any info messages about .pnpmfile.cjs #​5027.
• Do not print a package with unchanged version in the installation summary #​5031.

Our Gold Sponsors

Our Silver Sponsors

What's Changed

• fix: summary reporting by @​zkochhttps://github.com/pnpm/pnpm/pull/5031l/5031
• fix: don't print info messages about .pnpmfile.cjs by @​zkochhttps://github.com/pnpm/pnpm/pull/5032l/5032

Full Changelog: pnpm/pnpm@v7.5.1...v7.5.2

v7.5.1

Compare Source

Patch Changes

• Don't symlink the autoinstalled peer dependencies to the root of node_modules #​4988.
• Avoid retaining a copy of the contents of files deleted during patching #​5003.
• Remove file reporter logging. Logged file is not useful #​4949.

Our Gold Sponsors

Our Silver Sponsors

What's Changed

• fix: don't symlink the autoinstalled peers to the root of node_modules by @​zkochhttps://github.com/pnpm/pnpm/pull/4998l/4998
• feat: use irreversible-delete in pnpm patch-commit by @​webstrahttps://github.com/pnpm/pnpm/pull/5008l/5008
• feat(file-reporter): remove file reporter by @​william29https://github.com/pnpm/pnpm/pull/5012l/5012

New Contributors

• @​webstrand made their first contributihttps://github.com/pnpm/pnpm/pull/5008l/5008
• @​william2958 made their first contributihttps://github.com/pnpm/pnpm/pull/5012l/5012

Full Changelog: pnpm/pnpm@v7.5.0...v7.5.1

---

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will now ignore this update (7.9.5). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.