Update dependency pnpm to v6.35.1

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
pnpm (source)	6.12.0 -> 6.35.1

---

Release Notes

pnpm/pnpm (pnpm)

v6.35.1

Compare Source

Patch Changes

• Replace environment variable placeholders with their values, when reading .npmrc files in subdirectories inside a workspace #​2570.
• Don't fail if cannot override the name field of the error object #​5572.

v6.35.0

Compare Source

Patch Changes

• Installing a package with bin that points to an .exe file on Windows #​5159.

• Ignore the always-auth setting.

  pnpm will never reuse the registry auth token for requesting the package tarball, if the package tarball is hosted on a different domain.

  So, for example, if your registry is at https://company.registry.com/ but the tarballs are hosted at https://tarballs.com/, then you will have to configure the auth token for both domains in your .npmrc:

  @​my-company:registry=https://company.registry.com/
  //company.registry.com/=SOME_AUTH_TOKEN
  //tarballs.com/=SOME_AUTH_TOKEN
  

• When an error happens during installation of a subdependency, print some context information in order to be able to locate that subdependency. Print the exact chain of packages that led to the problematic dependency.

v6.34.0

Compare Source

Minor Changes

• When ignore-compatibility-db is set to true, the compatibility database will not be used to patch dependencies #​5132.

Full Changelog: pnpm/pnpm@v6.33.1...v6.34.0

v6.33.1

Compare Source

Patch Changes

• Don't print any info messages about .pnpmfile.cjs #​5027.
• Do not print a package with unchanged version in the installation summary #​5032.
• Remove file reporter logging. Logged file is not useful #​4949.

v6.33.0

Compare Source

v6.32.25

Compare Source

Patch Changes

• pnpm audit --fix should not add an override for a vulnerable package that has no fixes released.
• Resolve native workspace path for case-insensitive file systems #​4904.
• pnpm env use should throw an error on a system that use the MUSL libc.

v6.32.24

Compare Source

Patch Changes

• Don't crash when pnpm update --interactive is cancelled with Ctrl+c.

• The use-node-version setting should work with prerelease Node.js versions. For instance:

  use-node-version=18.0.0-rc.3
  

v6.32.23

Compare Source

Patch Changes

• Packages that should be built are always cloned or copied from the store. This is required to prevent the postinstall scripts from modifying the original source files of the package #​4898.

v6.32.22

Compare Source

Patch Changes

• Don't fail when the cafile setting is specified #​4877. This fixes a regression introduced in pnpm v6.32.21.
• Add better hints to the peer dependency issue errors.

v6.32.21

Compare Source

Patch Changes

• Report only the first occurence of a deprecated package.

v6.32.20

Compare Source

Patch Changes

• Suggest to update using Corepack when pnpm was installed via Corepack.
• It should be possible to install a git-hosted package that has no package.json file #​4822.
• When the same package is found several times in the dependency graph, correctly autoinstall its missing peer dependencies at all times #​4820.

v6.32.19

Compare Source

Patch Changes

• Improve the performance of the build sequence calculation step #​4815.
• Correctly detect repeated dependency sequence during resolution #​4813.

v6.32.18

Compare Source

Patch Changes

• Don't fail on projects with linked dependencies, when auto-install-peers is set to true #​4796.
• NODE_ENV=production pnpm install --dev should only install dev deps #​4745.

Full Changelog: pnpm/pnpm@v6.32.17...v6.32.18

v6.32.17

Compare Source

Patch Changes

• Correctly detect the active Node.js version, when the pnpm CLI is bundled to an executable #​4203.

v6.32.16

Compare Source

Patch Changes

• When auto-install-peers is set to true, automatically install missing peer dependencies without writing them to package.json as dependencies. This makes pnpm handle peer dependencies the same way as npm v7 #​4776.

v6.32.15

Compare Source

Patch Changes

• Don't fail to create the command shim files if the target directory doesn't exist.
• pnpm setup should not fail on Windows if PNPM_HOME is not yet in the system registry #​4757
• pnpm dlx shouldn't modify the lockfile in the current working directory #​4743.

v6.32.14

Compare Source

Patch Changes

• Sanitize the directory names created inside node_modules/.pnpm and inside the global store #​4716
• Resolve commits from GitHub via https #​4734.

Full Changelog: pnpm/pnpm@v6.32.13...v6.32.14

v6.32.13

Compare Source

Patch Changes

• pnpm setup should update the config of the current shell, not the preferred shell.
• pnpm dlx should work with git-hosted packages. For example: pnpm dlx gengjiawen/envinfo #​4714.
• pnpm setup should not override the PNPM_HOME env variable on Windows, unless --force is used.
• All arguments after pnpm create <pkg> should be passed to the executed create app package. So pnpm create next-app --typescript should work`.
• pnpm run --stream should prefix the output with directory #​4702

Full Changelog: pnpm/pnpm@v6.32.12...v6.32.13

v6.32.12

Compare Source

Patch Changes

• Use Yarn's compatibility database to patch broken packages in the ecosystem with package extensions.
• pnpm dlx should work when the bin name of the executed package isn't the same as the package name #​4672.
• pnpm prune works in a workspace #​4647.
• pnpm prune does not remove hoisted dependencies.
• pnpm dlx should print messages about installation to stderr #​1698.

v6.32.11

Compare Source

Patch Changes

• pnpm publish should work correctly in a workspace, when the latest npm CLI is installed #​4348.
• Installation shouldn't fail when a package from node_modules is moved to the node_modules/.ignored subfolder and a package with that name is already present in `node_modules/.ignored' #​4626.

v6.32.10

Compare Source

Patch Changes

• It should be possible to use a chain of local file dependencies #​4611.
• Filtering by directory should work with directories that have unicode chars in the name #​4595.

v6.32.9

Compare Source

Patch Changes

• Fix an error with peer resolutions, which was happening when there was a circular dependency and another dependency that had the name of the circular dependency as a substring.

• When pnpm exec is running a command in a workspace project, the commands that are in the dependencies of that workspace project should be in the PATH #​4481.

• Hide "WARN deprecated" messages on loglevel error #​4507

  Don't show the progress bar when loglevel is set to warn or error.

v6.32.8

Compare Source

Patch Changes

• Don't check the integrity of the store with the package version from the lockfile, when the package was updated #​4580.
• Don't update a direct dependency that has the same name as a dependency in the workspace, when adding a new dependency to a workspace project #​4575.

v6.32.7

Compare Source

Patch Changes

• Setting the auto-install-peers to true should work.

v6.32.6

Compare Source

Patch Changes

• Linked in dependencies should be considered when resolving peer dependencies #​4541.
• Peer dependency should be correctly resolved from the workspace, when it is declared using a workspace protocol #​4529.

v6.32.5

Compare Source

Patch Changes

• dependenciesMeta should be saved into the lockfile, when it is added to the package manifest by a hook.

v6.32.4

Compare Source

Patch Changes

• Show a friendly error message when it is impossible to get the current Git branch name during publish #​4488.
• When checking if the lockfile is up-to-date, an empty dependenciesMeta field in the manifest should be satisfied by a not set field in the lockfile #​4463.
• It should be possible to reference a workspace project that has no version specified in its package.json #​4487.

v6.32.3

Compare Source

Patch Changes

• 4941f31: The location of an injected directory dependency should be correctly located, when there is a chain of local dependencies (declared via the file: protocol`).

  The next scenario was not working prior to the fix. There are 3 projects in the same folder: foo, bar, qar.

  foo/package.json:

  {
    "name": "foo",
    "dependencies": {
      "bar": "file:../bar"
    },
    "dependenciesMeta": {
      "bar": {
        "injected": true
      }
    }
  }

  bar/package.json:

  {
    "name": "bar",
    "dependencies": {
      "qar": "file:../qar"
    },
    "dependenciesMeta": {
      "qar": {
        "injected": true
      }
    }
  }

  qar/package.json:

  {
    "name": "qar"
  }

  Related PR: #​4415.

v6.32.2

Compare Source

Patch Changes

• In order to guarantee that only correct data is written to the store, data from the lockfile should not be written to the store. Only data directly from the package tarball or package metadata #​4395.
• Throw a meaningful error message on pnpm install when the lockfile is broken and node-linker is set to hoisted #​4387.

v6.32.1

Compare Source

Patch Changes

• pnpm publish should work correctly in a workspace, when the latest npm CLI is installed #​4348.
• Installation shouldn't fail when a package from node_modules is moved to the node_modules/.ignored subfolder and a package with that name is already present in `node_modules/.ignored' #​4626.

v6.32.0

Compare Source

Minor Changes

• A new setting is supported in the pnpm section of the package.json file #​4001. onlyBuiltDependencies is an array of package names that are allowed to be executed during installation. If this field exists, only mentioned packages will be able to run install scripts.

  {
    "pnpm": {
      "onlyBuiltDependencies": ["fsevents"]
    }
  }

• -F is a short alias of --filter #​3467.

• When adding a new dependency, use the version specifier from the overrides, when present #​4313.

  Normally, if the latest version of foo is 2.0.0, then pnpm add foo installs foo@^2.0.0. This behavior changes if foo is specified in an override:

  {
    "pnpm": {
      "overrides": {
        "foo": "1.0.0"
      }
    }
  }

  In this case, pnpm add foo will add [email protected] to the dependency. However, if a version is explicitly specifying, then the specified version will be used and the override will be ignored. So pnpm add foo@0 will install v0 and it doesn't matter what is in the overrides.

Patch Changes

• Ignore case, when verifying package name in the store #​4367.
• When a peer dependency range is extended with *, just replace any range with *.
• When some dependency types are skipped, let the user know via the installation summary.

v6.31.0

Compare Source

Minor Changes

• Added --shell-mode/-c option support to pnpm exec #​4328

  • --shell-mode: shell interpreter. See: https://github.com/sindresorhus/execa/tree/484f28de7c35da5150155e7a523cbb20de161a4f#shell

  Usage example:

  pnpm -r --shell-mode exec -- echo \"\$PNPM_PACKAGE_NAME\"
  pnpm -r -c exec -- echo \"\$PNPM_PACKAGE_NAME\"

  {
    "scripts": {
      "check": " pnpm -r --shell-mode exec -- echo \"\\$PNPM_PACKAGE_NAME\""
    }
  }

Patch Changes

• Remove meaningless keys from publishConfig when the pack or publish commands are used #​4311
• The pnpx, pnpm dlx, pnpm create, and pnpm exec commands should set the npm_config_user_agent env variable #​3985.

v6.30.1

Compare Source

Patch Changes

• This fixes an issue introduced in pnpm v6.30.0.

  When a package is not linked to node_modules, no info message should be printed about it being "relinked" from the store #​4314.

v6.30.0

Compare Source

Minor Changes

• When checking that a package is linked from the store, check the existence of the package and read its stats with a single filesystem operation #​4304.

v6.29.2

Compare Source

Patch Changes

• node_modules directories inside injected dependencies should not be overwritten #​4299.

v6.29.1

Compare Source

Patch Changes

• Installation should not hang when there are broken symlinks in node_modules.

v6.29.0

Compare Source

Minor Changes

• Add support of the update-notifier configuration option #​4158.

Patch Changes

• A package should be able to be a dependency of itself.

v6.28.0

Compare Source

Minor Changes

• New option added: embed-readme. When false, pnpm publish doesn't save the readme file's content to package.json before publish #​4265.

Patch Changes

• pnpm exec should look for the executed command in the node_modules/.bin directory that is relative to the current working directory. Only after that should it look for the executable in the workspace root.

v6.27.2

Compare Source

Patch Changes

• Injected dependencies should work properly in projects that use the hoisted node linker #​4259.

v6.27.1

Compare Source

Patch Changes

• peerDependencyRules should work when both overrides and packageExtensions are present as well #​4255.
• pnpm list should show information whether a package is private or not #​4246.

v6.27.0

Compare Source

Minor Changes

• Side effects cache is not an experimental feature anymore.

  Side effects cache is saved separately for packages with different dependencies. So if foo has bar in the dependencies, then a separate cache will be created each time foo is installed with a different version of bar #​4238.

Patch Changes

• Update command should work when there is a dependency with empty version in devDependencies #​4196.
• Side effects cache should work in a workspace.

v6.26.1

Compare Source

Patch Changes

• During installation, override any symlinks in node_modules. This was an issue only with node-linker=hoisted #​4229.
• Print warnings about deprecated subdependencies #​4227.

v6.26.0

Compare Source

Minor Changes

• In order to mute some types of peer dependency warnings, a new section in package.json may be used for declaring peer dependency warning rules. For example, the next configuration will turn off any warnings about missing babel-loader peer dependency and about @angular/common, when the wanted version of @angular/common is not v13.

  {
    "name": "foo",
    "version": "0.0.0",
    "pnpm": {
      "peerDependencyRules": {
        "ignoreMissing": ["babel-loader"],
        "allowedVersions": {
          "@​angular/common": "13"
        }
      }
    }
  }

• New setting supported: auto-install-peers. When it is set to true, pnpm add <pkg> automatically installs any missing peer dependencies as devDependencies #​4213.

v6.25.1

Compare Source

Patch Changes

• Run the install scripts of hoisted dependencies in a workspace with no root project #​4209.

v6.25.0

Compare Source

Minor Changes

• New installation mode added that creates a flat node_modules directory without the usage of symlinks. This is similar to the one created by npm and Yarn Classic.

  To use this new installation mode, set the node-linker setting to hoisted. These are the supported values of node-linker:

  • isolated - the default value.
  • hoisted - flat node_modules without symlinks.
  • pnp - no node_modules. Yarn's Plug'n'Play managed by pnpm.

  Related issue: #​4073

• Add support for token helper, a command line tool to obtain a token.

  A token helper is an executable, set in the user's .npmrc which outputs an auth token. This can be used in situations where the authToken is not a constant value, but is something that refreshes regularly, where a script or other tool can use an existing refresh token to obtain a new access token.

  The configuration for the path to the helper must be an absolute path, with no arguments. In order to be secure, it is only permitted to set this value in the user .npmrc, otherwise a project could place a value in a project local .npmrc and run arbitrary executables.

  Usage example:

  ; Setting a token helper for the default registry
  tokenHelper=/home/ivan/token-generator
  
  ; Setting a token helper for the specified registry
  //registry.corp.com:tokenHelper=/home/ivan/token-generator

  Related PRs:

  • pnpm/credentials-by-uri#2
  • #​4163

• New CLI option: --ignore-workspace. When used, pnpm ignores any workspace configuration found in the current or parent directories.

• If use-beta-cli is true, then don't set npm_config_argv env variable for scripts #​4175.

v6.24.4

Compare Source

Patch Changes

• Don't throw an error during install when the bin of a dependency points to a path that doesn't exist #​3763.

• When reporting unmet peer dependency issues, if the peer dependency is resolved not from a dependency installed by the user, then print the name of the parent package that has the bad peer dependency installed as a dependency.

  

• Injected subdependencies should be hard linked as well. So if button is injected into card and card is injected into page, then both button and card should be injected into page #​4167.

v6.24.3

Compare Source

Patch Changes

• Install with --frozen-lockfile should not fail when the project has injected dependencies and a dedicated lockfile #​4098.

v6.24.2

Compare Source

Patch Changes

• If pnpm previously failed to install node when the use-node-version option is set, that download and install will now be re-attempted when pnpm is ran again #​4104.

• Don't warn about unmet peer dependency when the peer is resolved from a prerelease version #​4144.

  For instance, if a project has react@* as a peer dependency, then react 16.0.0-rc.0 should not cause a warning.

• pnpm update pkg should not fail if pkg not found as a direct dependency, unless --depth=0 is passed as a CLI option #​4122.

• When printing peer dependency issues, print the "*" range in double quotes. This will make it easier to copy the package resolutions and put them to the end of a pnpm add command for execution.

v6.24.1

Compare Source

Patch Changes

• If making an intersection of peer dependency ranges does not succeed, install should not crash #​4134.
• A new line should be between the summary about conflicting peers and non-conflicting ones.
• Always return an error message when the preparation of a package fails.
• pnpm publish should add the content of the README.md file to the readme field of the published package's package.json files #​4117.
• pnpm publish should work with the --otp option #​4115.

v6.24.0

Compare Source

Minor Changes

• Peer dependency issues are grouped and rendered in a nice hierarchy view.

  This is how the peer dependency issues were printed in previous versions:

  

  This is how they are displayed in pnpm v6.24:

  

• New option added for: node-mirror:<releaseDir> #​4083. The string value of this dynamic option is used as the base URL for downloading node when use-node-version is specified. The <releaseDir> portion of this argument can be any dir in https://nodejs.org/download. Which <releaseDir> dynamic config option gets selected depends on the value of use-node-version. If 'use-node-version' is a simple x.x.x version string, <releaseDir> becomes release and node-mirror:release is read. Defaults to https://nodejs.org/download/<releaseDir>/.

• 927c4a0: A new option --aggregate-output for append-only reporter is added. It aggregates lifecycle logs output for each command that is run in parallel, and only prints command logs when command is finished.

  Related discussion: #​4070.

Patch Changes

• Don't fail when the version of a package in the store is not a semver version #​4077.

• pnpm store prune should not fail if there are unexpected subdirectories in the content-addressable store #​4072.

• Don't make unnecessary retries when fetching Git-hosted packages #​2731.

• pnpm should read the auth token of a github-registry-hosted package, when the registry path contains the owner #​4034.

  So this should work:

  @​owner:registry=https://npm.pkg.github.com/owner
  //npm.pkg.github.com/:_authToken=<token>
  

• When strict-peer-dependencies is used, don't fail on the first peer dependency issue. Print all the peer dependency issues and then stop the installation process #​4082.

• When sorting workspace projects, don't ignore the manifests of those that don't have a version field #​3933.

v6.23.6

Compare Source

Patch Changes

• Fixes a regression introduced in pnpm v6.23.3 via #​4044.

  The temporary directory to which the Git-hosted package is downloaded should not be removed prematurely #​4064.

v6.23.5

Compare Source

Patch Changes

• pnpm audit should work when a proxy is configured for the registry #​3755.
• Revert the change that was made in pnpm v6.23.2 causing a regression describe in #​4052.

v6.23.4

Compare Source

Patch Changes

• Non-standard tarball URL should be correctly calculated when the registry has no trailing slash in the configuration file #​4052. This is a regression caused introduced in v6.23.2 caused by #​4032.

v6.23.3

Compare Source

Patch Changes

• pnpm import should work with a lockfile generated by Yarn Berry #​3993.
• When preparation of a git-hosted package fails, do not refetch it #​4044.

v6.23.2

Compare Source

Patch Changes

• pnpm should read the auth token of a github-registry-hosted package, when the registry path contains the owner #​4034.

  So this should work:

  @​owner:registry=https://npm.pkg.github.com/owner
  //npm.pkg.github.com/:_authToken=<token>
  

• When checking the correctness of the package data in the lockfile, don't use exact version comparison. v1.0.0 should be considered to be the same as 1.0.0. This fixes some edge cases when a package is published with a non-normalized version specifier in its package.json #​4036.

v6.23.1

Compare Source

Patch Changes

• pnpm setup should create shell rc files for pnpm path configuration if no such file exists prior #​4027.
• The postinstall scripts of dependencies should be executed after the root dependencies of the project are symlinked #​4018.
• pnpm dlx will now support version specifiers for packages. E.g. pnpm dlx create-svelte@next #​4023.

v6.23.0

Compare Source

Minor Changes

• New setting added: scripts-prepend-node-path. This setting can be true, false, or warn-only.

  When true, the path to the node executable with which pnpm executed is prepended to the PATH of the scripts.

  When warn-only, pnpm will print a warning if the scripts run with a node binary that differs from the node binary executing the pnpm CLI.

Patch Changes

• The path to the node executable that executes pnpm should not be added to the PATH, when running scripts.
• pnpm env use should download the right Node.js tarball on Raspberry Pi #​4007.
• HTTP requests should be retried when the server responds with on of 408, 409, 420, 429 status codes.

v6.22.2

Compare Source

Patch Changes

• pnpm exec should exit with the exit code of the child process. This fixes a regression introduced in pnpm v6.20.4 via #​3951.
• node-gyp from the dependencies should be preferred over the node-gyp that is bundled with pnpm, when running scripts #​2135.
• pnpm dlx pnpm should not break the globally installed pnpm CLI.

v6.22.1

Compare Source

Patch Changes

• Downgrading p-memoize to v4.0.1. pnpm v6.22.0 started to print the next warning #​3989:

  (node:132923) TimeoutOverflowWarning: Infinity does not fit into a 32-bit signed integer.
  

v6.22.0

Compare Source

Minor Changes

• Added --reverse option support to pnpm exec #​3984.

  Usage example:

  pnpm --reverse -r exec pwd
  

Patch Changes

• peerDependencies ranges should be compared loosely #​3753.
• Don't fail if a linked directory is not found. Just print a warning about it #​3746.

v6.21.1

Compare Source

Patch Changes

• When the store location is a relative location, pick the store location relative to the workspace root directory location #​3976.
• Don't crash if a bin file cannot be created because the source files could not be found.
• Use the system default Node.js version to check package compatibility #​3785.

v6.21.0

Compare Source

Minor Changes

• Support async hooks #​3955.
• Added support for a new lifecycle script: pnpm:devPreinstall. This script works only in the root package.json file, only during local development, and runs before installation happens #​3968.

Patch Changes

• Installing a workspace project with an injected dependency from a non-root directory should not fail #​3970.
• Escape the arguments that are passed to the scripts #​3907.

v6.20.4

Compare Source

Patch Changes

• Do not index the project directory if it should not be hard linked to any other project #​3949.
• The CLI should not exit before all the output is printed #​3526.

v6.20.3

Compare Source

Patch Changes

• All the dependenciesMeta fields should be duplicated to the lockfile.

v6.20.2

Compare Source

Patch Changes

• pnpm import should be able to import a workspace lockfile #​3908.
• Don't run pre/post scripts by default with recursive run commands #​3903.
• pnpm env use should use the network/proxy settings to make HTTP requests #​3942.
• It should be possible to install a git-hosted package that has a port in its URL #​3944.
• pnpm create and pnpm dlx should work with scoped packages #​3916.

v6.20.1

Compare Source

Patch Changes

• Fix broken artifacts of @pnpm/exe. This doesn't affect the pnpm package.

  Related issue: #​3937. This was a bug introduced by #​3896.

v6.20.0

Compare Source

Minor Changes

• New property supported via the dependenciesMeta field of package.json: injected. When injected is set to true, the package will be hard linked to node_modules, not symlinked #​3915.

  For instance, the following package.json in a workspace will create a symlink to bar in the node_modules directory of foo:

  {
    "name": "foo",
    "dependencies": {
      "bar": "workspace:1.0.0"
    }
  }

  But what if bar has react in its peer dependencies? If all projects in the monorepo use the same version of react, then no problem. But what if bar is required by foo that uses react 16 and qar with react 17? In the past, you'd have to choose a single version of react and install it as dev dependency of bar. But now with the injected field you can inject bar to a package, and bar will be installed with the react version of that package.

  So this will be the package.json of foo:

  {
    "name": "foo",
    "dependencies": {
      "bar": "workspace:1.0.0",
      "react": "16"
    },
    "dependenciesMeta": {
      "bar": {
        "injected": true
      }
    }
  }

  bar will be hard linked into the dependencies of foo, and react 16 will be linked to the dependencies of foo/node_modules/bar.

  And this will be the package.json of qar:

  {
    "name": "qar",
    "dependencies": {
      "bar": "workspace:1.0.0",
      "react": "17"
    },
    "dependenciesMeta": {
      "bar": {
        "injected": true
      }
    }
  }

  bar will be hard linked into the dependencies of qar, and react 17 will be linked to the dependencies of qar/node_modules/bar.

Patch Changes

• Buffer warnings fixed #​3932.

v6.19.1

Compare Source

Patch Changes

• Proxy URLs with special characters in credentials should work #​3925.
• Don't print info message about conflicting command names #​3912.

v6.19.0

Compare Source

Minor Changes

• Package scope is optional when filtering by package name #​3485.

  So the next two commands will both find @pnpm/core:

  pnpm test --filter core
  pnpm test --filter @​pnpm/core
  

  However, if the workspace contains @types/core and @pnpm/core, --filter=core will not work.

• Allow a system's package manager to override pnpm's default settings

Patch Changes

• pnpm install --global should link global packages to specific Node.js versions only if Node.js was installed by pnpm #​3910.
• It should be possible to alias a workspace package that has a name with a scope #​3899.
• pnpm store path added to the output of pnpm store.

v6.18.0

Compare Source

Minor Changes

• pnpm env use:
  • allow to install the latest Node.js release #​3879:

    pnpm env use -g latest
    

  • allow to install prerelease versions of Node.js #​3892:

    pnpm env use -g 16.0.0-rc.0
    pnpm env use -g nightly
    pnpm env use -g nightly/16
    

• maxsockets: a new setting to configure the maximum number of connections to use per origin (protocol/host/post combination) #​3889.

Patch Changes

• Installing Git-hosted dependencies should work using URLs with colon. For instance, pnpm add ssh://[email protected]:foo/bar.git #​3882.
• Autofix command files with Windows line endings on the shebang line #​3887.

v6.17.2

Compare Source

Patch Changes

• Dedupe dependencies when adding new ones or updating existing ones #​2222.
• Only check for CLI updates when pnpm install or pnpm add is executed #​3874.
• Use a single global config file (at ~/.config/pnpm/npmrc) for all npm versions, when npm is installed via pnpm env use #​3873.
• Add information about the --force option into pnpm install --help #​3878.
• Allow to pass the --cache-dir and --save-prefix CLI options.

v6.17.1

Compare Source

Patch Changes

• pnpm env use should create a symlink to the Node.js executable, not a command shim #​3869.
• Attach the globally installed packages to the system default Node.js executable #​3870.
• The .pnpm-debug.log file is not written when pnpm CLI exits with an expected non-zero exit code. For instance, when vulnerabilities are found by the pnpm audit command #​3832.
• Suggest pnpm install --force to refetch modified packages #​3867.

v6.17.0

Compare Source

Minor Changes

• New hook supported for filtering out info and warning logs: filterLog(log) => boolean #​3802.
• New command added: pnpm create is similar to yarn create #​3829.
• pnpm dlx supports the --silent option #​3839.

Patch Changes

• Add link to the docs to the help output of the dlx, exec, root, and bin commands #​3838.
• Don't print anything except the JSON output, when the --json option is used #​3844.

v6.16.1

Compare Source

Patch Changes

• Installation should not fail if the installed package has no package.json #​3782.
• Hoisting should work when the dependencies of only a subset of workspace projects are installed #​3806.
• Upgraded ansi-regex to v5.0.1 in order to fix a security vulnerability CVE-2021-3807.

v6.16.0

Compare Source

Minor Changes

• New setting added: changed-files-ignore-pattern. It allows to ignore changed files by glob patterns when filtering for changed projects since the specified commit/branch #​3797.
• New setting added: extend-node-path. When it is set to false, pnpm does not set the NODE_PATH environment variable in the command shims #​3799.

Patch Changes

• Pick the right extension for command files. It is important to write files with .CMD extension on case sensitive Windows drives #​3804.

v6.15.2

Compare Source

Patch Changes

• pnpm add --global <pkg> should use an exact path to the Node.js executable to create the command shim. This way, the globally install package will work even if the system-wide Node.js is switched to another version #​3780.
• pnpm install --fix-lockfile should not ignore the dependencies field in the existing lockfile #​3774.
• When use-beta-cli is true, the global packages directory is inside the pnpm home directory #​3781.
• pnpm install --frozen-lockfile should not fail if a project has a local directory dependency that has no manifest (package.json file) #​3793.
• Don't override the bin files of direct dependencies with the bin files of hoisted dependencies #​3795.

v6.15.1

Compare Source

Patch Changes

• A security vulnerability fixed. When commands are executed on Windows, they should not be searched for in the current working directory.
• pnpm import should never run scripts #​3750.

v6.15.0

Compare Source

Minor Changes

• pnpm install --fix-lockfile allows to fix a broken lockfile #​3729.
• New setting supported: global-bin-dir. global-bin-dir allows to set the target directory for the bin files of globally installed packages #​3762.

Patch Changes

• The pnpm CLI should not silently exit on bad HTTPS requests #​3768.

v6.14.7

Compare Source

Patch Changes

• Use correct GitLab tarball URL #​3643.
• Accept gzip and deflate encoding from the registry #​3745.
• Print error codes in error messages #​3748.
• Allow the $ sign to be a command name #​3679.

v6.14.6

Compare Source

Patch Changes

• pnpm setup should add pnpm to the PATH on Windows #​3734.
• pnpm env should not create PowerShell command shims to fix issues on Windows #​3711.
• overrides should work with selectors that specify the parent package with a version range #​3732.

v6.14.5

Compare Source

Patch Changes

• A broken package.json should not make pnpm exit without any message #​3705.
• pnpm dlx should allow to pass multiple packages for installation #​3710.
• The pnpm home directory should be always preferred when searching for a global bin directory #​3723.
• pnpm setup should not remove the pnpm CLI executable, just copy it to the pnpm home directory #​3724.
• It should be possible to set cache-dir and state-dir through config files #​3727.

v6.14.4

[Compare Source](https://redirect.g

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.