Feature: ignore packages listed in package.json > pnpm.updateConfig.ignoreDependencies on update/outdated commands
#5408
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Shinyaigeek
commented
Sep 25, 2022
packages/types/src/package.ts
Outdated
| @@ -131,6 +131,9 @@ export type ProjectManifest = BaseManifest & { | |||
| allowedDeprecatedVersions?: AllowedDeprecatedVersions | |||
| allowNonAppliedPatches?: boolean | |||
| patchedDependencies?: Record<string, string> | |||
| update?: { | |||
| ignore?: string[] | |||
There was a problem hiding this comment.
I defined pnpm.update.ignore as string array. In the origin issue, pnpm.update.ignore is defined as Record<string, string>, like package: version. However, I think filtering ignoreing package with version is not necessary and it has performance overhead to get current lockfile in the process of pnpmCommands.handler, so I defined pnpm.update.ignore as string array.
There was a problem hiding this comment.
I would call it ignoreDependencies
There was a problem hiding this comment.
ignoreDependencies seems more clear, thanks! 9198dfb
Shinyaigeek
commented
Sep 25, 2022
zkochan
requested changes
Sep 25, 2022
packages/types/src/package.ts
Outdated
| @@ -131,6 +131,9 @@ export type ProjectManifest = BaseManifest & { | |||
| allowedDeprecatedVersions?: AllowedDeprecatedVersions | |||
| allowNonAppliedPatches?: boolean | |||
| patchedDependencies?: Record<string, string> | |||
| update?: { | |||
| ignore?: string[] | |||
There was a problem hiding this comment.
I would call it ignoreDependencies
.changeset/rude-vans-build.md
Outdated
Comment on lines
2
to
5
| "@pnpm/outdated": major | ||
| "@pnpm/plugin-commands-installation": major | ||
| "@pnpm/plugin-commands-outdated": major | ||
| "@pnpm/types": major |
There was a problem hiding this comment.
it is not a major change but a minor one. Major changes are breaking changes.
There was a problem hiding this comment.
OK, I will fix this. I thought wrongly that it is breaking change, but you are right. Thanks 👍
There was a problem hiding this comment.
fixed in 982ed7e. Thanks!
packages/outdated/src/outdated.ts
Outdated
| @@ -74,6 +74,10 @@ export default async function outdated ( | |||
| return | |||
| } | |||
|
|
|||
| if ((opts.manifest.pnpm?.update?.ignore ?? []).includes(alias)) { | |||
There was a problem hiding this comment.
If I understand correctly, this way the ignore field will be per package.json. This is not how the props from the pnpm field are intended to be used. Those setting are only active in the root of the workspace.
Comment on lines
226
to
231
| if (opts.update) { | ||
| params = params.filter((param) => { | ||
| const packageName = param.slice(0, param.lastIndexOf('@')) | ||
| return !(manifest?.pnpm?.update?.ignore ?? []).includes(packageName) | ||
| }) | ||
| } |
There was a problem hiding this comment.
this doesn't makes sense to me. So if I run pnpm update express and express is in the ignore list then express will not be updated? I think the ignore list should only ignore updates on pnpm update. On named updates either all the listed dependencies should be updated or an error should be thrown.
There was a problem hiding this comment.
Oh, you are right. it is not necessary to ignore packages specified with pnpm update's args. I will fix this 🙏
Shinyaigeek
force-pushed
the
feature/support-update-ignore-field
branch
2 times, most recently
from
fdf9771
to
982ed7e
Compare
zkochan
reviewed
Sep 28, 2022
packages/types/src/package.ts
Outdated
| @@ -131,6 +131,9 @@ export type ProjectManifest = BaseManifest & { | |||
| allowedDeprecatedVersions?: AllowedDeprecatedVersions | |||
| allowNonAppliedPatches?: boolean | |||
| patchedDependencies?: Record<string, string> | |||
| update?: { | |||
There was a problem hiding this comment.
Let's call this field updateConfig.
We already have a publishConfig field. And Yarn follows a similar convention.
There was a problem hiding this comment.
looks good! Thanks !! d28eb22
|
@zkochan I was going to investigate it myself, but thank you for fixing it instead! I've done most of the work, so I'll resend the review request once I've clean up the commit log and tests. |
|
Also, the code that filters out the packages in the update is not clean. I would add support of negated patterns to the update command (as a separate PR). So that you could do |
zkochan
added a commit
that referenced
this pull request
Sep 30, 2022
zkochan
added a commit
that referenced
this pull request
Sep 30, 2022
zkochan
changed the title
package.json > pnpm.update.ignore on update/outdated commandspackage.json > pnpm.updateConfig.ignoreDependencies on update/outdated commands
zkochan
force-pushed
the
feature/support-update-ignore-field
branch
from
01d0592
to
c038005
Compare
Shinyaigeek
force-pushed
the
feature/support-update-ignore-field
branch
from
c038005
to
5778256
Compare
zkochan
reviewed
Sep 30, 2022
| @@ -500,7 +516,7 @@ export function matchDependencies ( | |||
| return matchedDeps | |||
| } | |||
|
|
|||
| export function createMatcher (params: string[]) { | |||
| export function createMatcher (params: string[], ignoredPackages: string[] = []) { | |||
There was a problem hiding this comment.
there is no need to change this function. You need to pass the ignored packages through params. Just prefix them with !.
There was a problem hiding this comment.
Oh I see! I will fix soon 👍
There was a problem hiding this comment.
Fixed and force-pushed. dd6765e thanks!
There was a problem hiding this comment.
I will try to fix the error happend in a test !is-positive is not in the npm registry, or you have no permission to fetch it.
There was a problem hiding this comment.
I think this line causes the issue ( and —latest option seems to be not related). For example, with ["!react", "!eslint"] update params, and react gets into ignore pattern so matchedPatternIndex should be -1. However, eslint does not match react and override matchedPatternIndex after.
There was a problem hiding this comment.
with dependencies like below:
"dependencies": {
"react": "^16.14.0",
"react-dom": "^16.14.0"
}
and run pnpm run update '!react' --latest, react-dom only will be updated and this is expected.
However, run pnpm run update '!react' '!eslint' --latest, both of react and react-dom will be updated and this is unexpected...
Shinyaigeek
force-pushed
the
feature/support-update-ignore-field
branch
6 times, most recently
from
cbc88e6
to
a6fddbc
Compare
Shinyaigeek
force-pushed
the
feature/support-update-ignore-field
branch
from
a6fddbc
to
c4a3730
Compare
zkochan
reviewed
Sep 30, 2022
|
|
||
| if (opts.update) { | ||
| const ignoredPackages = (manifest.pnpm?.updateConfig?.ignoreDependencies ?? []) | ||
| currentInput = [...ignoredPackages.map(pkg => `!${pkg}`), ...currentInput] |
There was a problem hiding this comment.
I thought we already discussed that the ignore list will only be active when pnpm update is called without args. So why do you append currentInput?
There was a problem hiding this comment.
I thought it would be ok to append the ignored packages to the beginning of currentInput with ! because the successor params will override ! packages.
However, I have rethought that it is not friendly to ignore packages even if they are explicitly specified * params, so I will append only if the params are empty 🙏 .
Shinyaigeek
commented
Sep 30, 2022
zkochan
reviewed
Oct 1, 2022
| @@ -307,12 +312,18 @@ export default async function recursive ( | |||
|
|
|||
| const { manifest, writeProjectManifest } = manifestsByPath[rootDir] | |||
| let currentInput = [...params] | |||
| const ignoredPackages = (manifest.pnpm?.updateConfig?.ignoreDependencies ?? []) | |||
| if (opts.update && params.length === 0) { | |||
| currentInput = [...ignoredPackages.map(pkg => `!${pkg}`), ...currentInput] | |||
There was a problem hiding this comment.
why do append currentInput if it will be empty always?
There was a problem hiding this comment.
I did so because I did not want to make if statement’s condition complex, but this is not strong will so I changed if statement’s condition in this line as you say. a2dbfaa
| @@ -201,6 +199,12 @@ export default async function recursive ( | |||
| const modulesDir = localConfig.modulesDir ?? opts.modulesDir | |||
| const { manifest, writeProjectManifest } = manifestsByPath[rootDir] | |||
| let currentInput = [...params] | |||
| const ignoredPackages = (manifest.pnpm?.updateConfig?.ignoreDependencies ?? []) | |||
| if (opts.update && params.length === 0) { | |||
| currentInput = [...ignoredPackages.map(pkg => `!${pkg}`), ...currentInput] | |||
There was a problem hiding this comment.
why do append currentInput if it will be empty always?
There was a problem hiding this comment.
same as #5408 (comment)
Hmm… I separated a logic to ignore dependencies with selector pattern into the module in the first place, maybe we would like to refactor to use update module with recursive command, but this should not be in the scope this change. (and I don't know this refactoring is possible) |
|
The E2E tests were unstable. This is why you had issues. |
zkochan
approved these changes
Oct 2, 2022
1 task
kodiakhq bot
pushed a commit
to singlestone/sugar
that referenced
this pull request
Oct 22, 2022
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [pnpm](https://pnpm.io) ([source](https://togithub.com/pnpm/pnpm)) | [`7.11.0` -> `7.14.0`](https://renovatebot.com/diffs/npm/pnpm/7.11.0/7.14.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>pnpm/pnpm</summary> ### [`v7.14.0`](https://togithub.com/pnpm/pnpm/releases/tag/v7.14.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.13.6...v7.14.0) #### Minor Changes - Add `pnpm doctor` command to do checks for known common issues #### Patch Changes - Ignore the `always-auth` setting. pnpm will never reuse the registry auth token for requesting the package tarball, if the package tarball is hosted on a different domain. So, for example, if your registry is at `https://company.registry.com/` but the tarballs are hosted at `https://tarballs.com/`, then you will have to configure the auth token for both domains in your `.npmrc`: @​my-company:registry=https://company.registry.com/ //company.registry.com/=SOME_AUTH_TOKEN //tarballs.com/=SOME_AUTH_TOKEN #### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> #### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> ### [`v7.13.6`](https://togithub.com/pnpm/pnpm/releases/tag/v7.13.6) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.13.5...v7.13.6) #### Patch Changes - Downgrade `@pnpm/npm-conf` to remove annoying builtin warning [#​5518](https://togithub.com/pnpm/pnpm/issues/5518). - `pnpm link --global <pkg>` should not change the type of the dependency [#​5478](https://togithub.com/pnpm/pnpm/issues/5478). - When the `pnpm outdated` command fails, print in which directory it failed. #### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> #### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> ### [`v7.13.5`](https://togithub.com/pnpm/pnpm/releases/tag/v7.13.5) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.13.4...v7.13.5) #### Patch Changes - Print a warning when cannot read the built-in npm configuration. - Also include missing deeply linked workspace packages at headless installation [#​5034](https://togithub.com/pnpm/pnpm/issues/5034). - `pnpm outdated` should work when the package tarballs are hosted on a domain that differs from the registry's domain [#​5492](https://togithub.com/pnpm/pnpm/issues/5492). - `strict-peer-dependencies` is set to `false` by default. #### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> #### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> ### [`v7.13.4`](https://togithub.com/pnpm/pnpm/releases/tag/v7.13.4) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.13.3...v7.13.4) #### Patch Changes - `pnpm link <pkg> --global` should work when a custom target directory is specified with the `--dir` CLI option [#​5473](https://togithub.com/pnpm/pnpm/pull/5473). - It should be possible to override dependencies with local packages using overrides [#​5443](https://togithub.com/pnpm/pnpm/issues/5443). #### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> #### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> ### [`v7.13.3`](https://togithub.com/pnpm/pnpm/releases/tag/v7.13.3) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.13.2...v7.13.3) #### Patch Changes - Don't crash when `auto-install-peers` is set to `true` and installation is done on a workspace with that has the same dependencies in multiple projects [#​5454](https://togithub.com/pnpm/pnpm/issues/5454). - Add global option in `pnpm link --help` [#​5461](https://togithub.com/pnpm/pnpm/pull/5461). - Show execution time on `install`, `update`, `add`, and `remove` [#​1021](https://togithub.com/pnpm/pnpm/issues/1021). - Fix the return path of `pnpm pack`, when a custom destination directory is used [#​5471](https://togithub.com/pnpm/pnpm/issues/5471). #### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> #### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> ### [`v7.13.2`](https://togithub.com/pnpm/pnpm/releases/tag/v7.13.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.13.1...v7.13.2) #### Patch Changes - When linking commands to a directory, remove any .exe files that are already present in that target directory by the same name. This fixes an issue with pnpm global update on Windows. If pnpm was installed with the standalone script and then updated with pnpm using `pnpm add --global pnpm`, the exe file initially created by the standalone script should be removed. - When a direct dependency fails to resolve, print the path to the project directory in the error message. - `pnpm patch-commit` should work when the patch directory is specified with a trailing slash [#​5449](https://togithub.com/pnpm/pnpm/issues/5449). #### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> #### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> ### [`v7.13.1`](https://togithub.com/pnpm/pnpm/releases/tag/v7.13.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.13.0...v7.13.1) ##### Patch Changes - `pnpm update --interactive` should not list dependencies ignored via the `pnpm.updateConfig.ignoreDependencies` setting. ##### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> ##### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> ### [`v7.13.0`](https://togithub.com/pnpm/pnpm/releases/tag/v7.13.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.12.2...v7.13.0) #### Minor Changes - Ignore packages listed in `package.json` > `pnpm.updateConfig.ignoreDependencies` fields on update/outdated command [#​5358](https://togithub.com/pnpm/pnpm/issues/5358) For instance, if you don't want `webpack` automatically to be updated when you run `pnpm update --latest`, put this to your `package.json`: ```json { "pnpm": { "updateConfig": { "ignoreDependencies": ["webpack"] } } } ``` Patterns are also supported, so you may ignore for instance any packages from a scope: `@babel/*`. - It is possible now to update all dependencies except the listed ones using `!`. For instance, update all dependencies, except `lodash`: pnpm update !lodash It also works with pattends, for instance: pnpm update !@​babel/* And it may be combined with other patterns: pnpm update @​babel/* !@​babel/core #### Patch Changes - Hooks should be applied on `pnpm deploy` [#​5306](https://togithub.com/pnpm/pnpm/issues/5306). - Stop `--filter-prod` option to run command on all the projects when used on workspace. `--filter-prod` option now only filter from `dependencies` and omit `devDependencies` instead of including all the packages when used on workspace. So what was happening is that if you use `--filter-prod` on workspace root like this: ```bash pnpm --filter-prod ...build-modules exec node -e 'console.log(require(`./package.json`).name)' ``` it was printing all the package of workspace, where it should only print the package name of itself and packages where it has been added as `dependency` (not as `devDependencies`) - Don't override the root dependency when auto installing peer dependencies [#​5412](https://togithub.com/pnpm/pnpm/issues/5412). #### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> #### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> #### What's Changed * GitHub Workflows security hardening by @​sashashu[pnpm/pnpm#5405 * feat: merge readPackage hook from opts and pnpmfile by @​AGrz[pnpm/pnpm#5403 * feat: excluding deps from update by @​zkoch[pnpm/pnpm#5432 * fix: dir path repeated join in link global by @​lv[pnpm/pnpm#5434 * fix: filter-prod flag including all workspace pkgs by @​noorulh[pnpm/pnpm#5437 * Feature: ignore packages listed in `package.json > pnpm.updateConfig.ignoreDependencies` on update/outdated commands by @​Shinyaige[pnpm/pnpm#5408 * fix: don't override root deps when auto installing peers by @​zkoch[pnpm/pnpm#5442 #### New Contributors * @​sashashura made their first contributi[pnpm/pnpm#5405 * @​AGrzes made their first contributi[pnpm/pnpm#5403 * @​noorulh06 made their first contributi[pnpm/pnpm#5437 **Full Changelog**: pnpm/pnpm@v7.12.2...v7.13.0 ### [`v7.12.2`](https://togithub.com/pnpm/pnpm/releases/tag/v7.12.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.12.1...v7.12.2) ##### Patch Changes - Don't crash when auto-install-peers is true and the project has many complex circular dependencies [#​5394](https://togithub.com/pnpm/pnpm/pull/5394). - `pnpm link --global` should work with the `--dir=<path>` option [#​5371](https://togithub.com/pnpm/pnpm/pull/5371). ##### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> ##### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> ##### What's Changed * fix: error in pnpm --dir <path> link --global by @​lv[pnpm/pnpm#5371 * fix: cli crash with auto-install-peers=true by @​zkoch[pnpm/pnpm#5394 ##### New Contributors * @​lvqq made their first contributi[pnpm/pnpm#5371 **Full Changelog**: pnpm/pnpm@v7.12.1...v7.12.2 ### [`v7.12.1`](https://togithub.com/pnpm/pnpm/releases/tag/v7.12.1) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.12.0...v7.12.1) #### Patch Changes - Deduplicate peer dependencies when automatically installing them [#​5373](https://togithub.com/pnpm/pnpm/issues/5373). #### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> #### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> #### What's Changed * fix: deduplicate peer deps by @​zkoch[pnpm/pnpm#5377 **Full Changelog**: pnpm/pnpm@v7.12.0...v7.12.1 ### [`v7.12.0`](https://togithub.com/pnpm/pnpm/releases/tag/v7.12.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v7.11.0...v7.12.0) #### Minor Changes - A new setting supported in the pnpm section of the `package.json` file: `allowNonAppliedPatches`. When it is set to `true`, non-applied patches will not cause an error, just a warning will be printed. For example: ```json { "name": "foo", "version": "1.0.0", "pnpm": { "patchedDependencies": { "express@4.18.1": "patches/express@4.18.1.patch" }, "allowNonAppliedPatches": true } } ``` - Now it is possible to exclude packages from hoisting by prepending a `!` to the pattern. This works with both the `hoist-pattern` and `public-hoist-pattern` settings. For instance: public-hoist-pattern[]='*types*' public-hoist-pattern[]='!@​types/react' hoist-pattern[]='*eslint*' hoist-pattern[]='!*eslint-plugin*' Ref [#​5272](https://togithub.com/pnpm/pnpm/issues/5272) #### Patch Changes - When the same dependency with missing peers is used in multiple workspace projects, install the missing peers in each workspace project [#​4820](https://togithub.com/pnpm/pnpm/issues/4820). - `pnpm patch` should work on files that don't have an end of line [#​5320](https://togithub.com/pnpm/pnpm/issues/5320). - Fix `pnpm patch` using a custom `--edit-dir`. #### Our Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80"></a> </td> <td align="center" valign="middle"> <a href="https://nhost.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/nhost.svg" width="180"></a> </td> <td align="center" valign="middle"> <a href="https://novu.co/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/novu.svg" width="180"></a> </td> </tr> </tbody> </table> #### Our Silver Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://prisma.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/prisma.svg" width="180"> </a> </td> <td align="center" valign="middle"> <a href="https://leniolabs.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/leniolabs.jpg" width="80"> </a> </td> <td align="center" valign="middle"> <a href="https://vercel.com/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/vercel.svg" width="180"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://www.takeshape.io/?utm_source=pnpm&utm_medium=readme" target="_blank"> <img src="https://pnpm.io/img/users/takeshape.svg" width="280"> </a> </td> <td align="center" valign="middle"> <a href="https://doppler.com/?utm_source=pnpm&utm_medium=readme#gh-light-mode-only" target="_blank"> <img src="https://pnpm.io/img/users/doppler.svg" width="280"> </a> </td> </tr> </tbody> </table> #### What's Changed * fix(patch): allow to edit a package in any directory by @​zkoch[pnpm/pnpm#5331 * feat(matcher): ignore patterns by @​LuciNy[pnpm/pnpm#5336 * fix(patch): ignore No newline at end of file by @​await-o[pnpm/pnpm#5321 * feat(patch): allow non-applied patches by @​larrybahr-ocel[pnpm/pnpm#5354 * chore: update @​pnpm/meta-updater by @​ibe[pnpm/pnpm#5360 * fix: auto-install-peers in a workspace by @​zkoch[pnpm/pnpm#5359 #### New Contributors * @​await-ovo made their first contributi[pnpm/pnpm#5321 * @​larrybahr-ocelot made their first contributi[pnpm/pnpm#5354 **Full Changelog**: pnpm/pnpm@v7.11.0...v7.12.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/singlestone/sugar). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4yMzYuMSIsInVwZGF0ZWRJblZlciI6IjMyLjI0MS45In0=-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes: #5358
Motivation 🔥
supports a function to ignore packages listed in
package.json > pnpm.update.ignoreon update/outdated commands likenpm-check-updatesto cover some usecase.Goal 🚗
when we run
update/outdatedcommands with the package.json with the fields like below:{ ... "pnpm": { "updates": { "ignore": [ ...packages ] } } }pnpm will ignore packages listed in
package.json > pnpm.update.ignoreon update/outdated commands likenpm-check-updatesTasks
update.ignorefields in "pnpm"package.json > pnpm.update.ignoreon updatepackage.json > pnpm.update.ignoreon outdated