@pnpm/deps.compliance.commands 1101.5.1 → 1101.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/CHANGELOG.md +752 -0
  2. package/package.json +29 -29
package/CHANGELOG.md ADDED
@@ -0,0 +1,752 @@
1
+ # @pnpm/deps.compliance.commands
2
+
3
+ ## 1101.5.3
4
+
5
+ ### Patch Changes
6
+
7
+ - @pnpm/installing.commands@1100.10.4
8
+ - @pnpm/lockfile.utils@1100.1.2
9
+ - @pnpm/config.reader@1101.11.2
10
+ - @pnpm/deps.compliance.audit@1101.0.21
11
+ - @pnpm/deps.compliance.license-scanner@1100.0.24
12
+ - @pnpm/deps.compliance.sbom@1100.3.2
13
+ - @pnpm/lockfile.fs@1100.1.10
14
+
15
+ ## 1101.5.2
16
+
17
+ ### Patch Changes
18
+
19
+ - Updated dependencies [f8058eb]
20
+ - Updated dependencies [9318a11]
21
+ - Updated dependencies [5a4daec]
22
+ - @pnpm/lockfile.fs@1100.1.9
23
+ - @pnpm/config.reader@1101.11.1
24
+ - @pnpm/installing.commands@1100.10.3
25
+ - @pnpm/deps.compliance.audit@1101.0.20
26
+ - @pnpm/deps.compliance.license-scanner@1100.0.23
27
+
28
+ ## 1101.5.1
29
+
30
+ ### Patch Changes
31
+
32
+ - Updated dependencies [be6505a]
33
+ - Updated dependencies [3425e80]
34
+ - Updated dependencies [806c3ec]
35
+ - Updated dependencies [c121235]
36
+ - Updated dependencies [dcabb78]
37
+ - @pnpm/installing.commands@1100.10.2
38
+ - @pnpm/config.reader@1101.11.0
39
+ - @pnpm/deps.compliance.sbom@1100.3.1
40
+ - @pnpm/lockfile.types@1100.0.13
41
+ - @pnpm/lockfile.utils@1100.1.1
42
+ - @pnpm/deps.compliance.audit@1101.0.19
43
+ - @pnpm/deps.compliance.license-scanner@1100.0.22
44
+ - @pnpm/lockfile.fs@1100.1.8
45
+ - @pnpm/lockfile.walker@1100.0.13
46
+ - @pnpm/config.writer@1100.0.15
47
+
48
+ ## 1101.5.0
49
+
50
+ ### Minor Changes
51
+
52
+ - 6c35a43: Added `--exclude-peers` to `pnpm sbom`. With `auto-install-peers` (the default), peer dependencies resolve into the lockfile and are otherwise indistinguishable from the package's own dependencies. The flag drops peer dependencies (and any transitive subtree reachable only through them) from the SBOM. CycloneDX 1.7 has no scope or relationship that expresses "consumer-provided peer", so omission is the only spec-clean handling. The flag name matches `pnpm list --exclude-peers`; note the SBOM flag prunes a peer's exclusive subtree, which is stricter than `pnpm list` (which only hides leaf peers).
53
+
54
+ ### Patch Changes
55
+
56
+ - 25a829e: `pnpm audit --fix` now writes a single combined `minimumReleaseAgeExclude` entry per package (e.g. `axios@0.18.1 || 0.21.1`) instead of one entry per version, matching the format documented for the setting. Existing per-version entries in `pnpm-workspace.yaml` are merged into the combined form rather than left as duplicates. Installs that auto-collect immature versions into `minimumReleaseAgeExclude` now report the same combined entries, so the "Added N entries" message matches what is written to the manifest [#12534](https://github.com/pnpm/pnpm/issues/12534).
57
+ - 17e7f2c: `pnpm sbom` now emits a CycloneDX `issue-tracker` external reference for components (and the root) whose `package.json` declares a `bugs` URL. Email-only `bugs` entries are skipped, since the reference requires a URL.
58
+ - Updated dependencies [25a829e]
59
+ - Updated dependencies [bae694f]
60
+ - Updated dependencies [d3f68e2]
61
+ - Updated dependencies [6545793]
62
+ - Updated dependencies [fbdc0eb]
63
+ - Updated dependencies [0ec878d]
64
+ - Updated dependencies [6c35a43]
65
+ - Updated dependencies [17e7f2c]
66
+ - Updated dependencies [a84d2a1]
67
+ - Updated dependencies [852d537]
68
+ - @pnpm/installing.commands@1100.10.1
69
+ - @pnpm/config.version-policy@1100.1.6
70
+ - @pnpm/lockfile.utils@1100.1.0
71
+ - @pnpm/deps.compliance.audit@1101.0.18
72
+ - @pnpm/workspace.project-manifest-reader@1100.0.14
73
+ - @pnpm/deps.compliance.sbom@1100.3.0
74
+ - @pnpm/error@1100.0.1
75
+ - @pnpm/config.writer@1100.0.14
76
+ - @pnpm/lockfile.types@1100.0.12
77
+ - @pnpm/deps.compliance.license-scanner@1100.0.21
78
+ - @pnpm/lockfile.fs@1100.1.7
79
+ - @pnpm/deps.security.signatures@1101.2.3
80
+ - @pnpm/cli.utils@1101.0.13
81
+ - @pnpm/config.reader@1101.10.1
82
+ - @pnpm/network.auth-header@1101.1.3
83
+ - @pnpm/store.path@1100.0.2
84
+ - @pnpm/lockfile.walker@1100.0.12
85
+
86
+ ## 1101.4.0
87
+
88
+ ### Minor Changes
89
+
90
+ - 1495cb0: Added per-package SBOM generation with `--out` and `--split` flags. Use `--out out/%s.cdx.json` to write one SBOM per workspace package to individual files, or `--split` for NDJSON output to stdout. When `--filter` selects a single package, the SBOM root component now uses that package's metadata. Workspace inter-dependencies (`workspace:` protocol) and their transitive dependencies are included. Author, repository, and license fall back to the root manifest when the package doesn't define them.
91
+
92
+ ### Patch Changes
93
+
94
+ - Updated dependencies [302a2f7]
95
+ - Updated dependencies [c112b61]
96
+ - Updated dependencies [61969fb]
97
+ - Updated dependencies [9d79ba1]
98
+ - Updated dependencies [0474a9c]
99
+ - Updated dependencies [223d060]
100
+ - Updated dependencies [0474a9c]
101
+ - Updated dependencies [6d35338]
102
+ - Updated dependencies [dcededc]
103
+ - Updated dependencies [1495cb0]
104
+ - Updated dependencies [eba03e0]
105
+ - @pnpm/config.reader@1101.10.0
106
+ - @pnpm/installing.commands@1100.10.0
107
+ - @pnpm/lockfile.fs@1100.1.6
108
+ - @pnpm/deps.compliance.sbom@1100.2.0
109
+ - @pnpm/deps.compliance.audit@1101.0.17
110
+ - @pnpm/deps.compliance.license-scanner@1100.0.20
111
+
112
+ ## 1101.3.5
113
+
114
+ ### Patch Changes
115
+
116
+ - 8dcd9a0: Fix garbled summary line after submitting `pnpm update -i` and `pnpm audit --fix -i`. The interactive checkbox prompt previously printed every selected choice's full table row (label, current/target versions, workspace, URL) joined by commas, producing a wall of text after pressing Enter. The summary now lists only the selected package names (or vulnerability keys) by setting an explicit `short` per choice; the in-progress selection UI is unchanged.
117
+ - a31faa7: Updated dependency ranges. Notably:
118
+
119
+ - `@pnpm/logger` peer dependency range moved to `^1100.0.0`.
120
+ - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions).
121
+ - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1.
122
+ - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4.
123
+
124
+ - Updated dependencies [8dcd9a0]
125
+ - Updated dependencies [86e70d2]
126
+ - Updated dependencies [61810aa]
127
+ - Updated dependencies [f20ad8f]
128
+ - Updated dependencies [ab0b7d1]
129
+ - Updated dependencies [74a2dc9]
130
+ - Updated dependencies [681b593]
131
+ - Updated dependencies [d50d691]
132
+ - Updated dependencies [a31faa7]
133
+ - @pnpm/installing.commands@1100.9.0
134
+ - @pnpm/config.reader@1101.9.0
135
+ - @pnpm/lockfile.utils@1100.0.13
136
+ - @pnpm/network.auth-header@1101.1.2
137
+ - @pnpm/types@1101.3.2
138
+ - @pnpm/lockfile.fs@1100.1.5
139
+ - @pnpm/cli.utils@1101.0.12
140
+ - @pnpm/deps.compliance.audit@1101.0.16
141
+ - @pnpm/deps.compliance.license-scanner@1100.0.19
142
+ - @pnpm/deps.compliance.sbom@1100.1.9
143
+ - @pnpm/deps.security.signatures@1101.2.2
144
+ - @pnpm/object.key-sorting@1100.0.1
145
+ - @pnpm/workspace.project-manifest-reader@1100.0.13
146
+ - @pnpm/cli.meta@1100.0.8
147
+ - @pnpm/config.pick-registry-for-package@1100.0.9
148
+ - @pnpm/config.writer@1100.0.13
149
+ - @pnpm/lockfile.types@1100.0.11
150
+ - @pnpm/lockfile.walker@1100.0.11
151
+
152
+ ## 1101.3.4
153
+
154
+ ### Patch Changes
155
+
156
+ - Updated dependencies [bc9ed78]
157
+ - Updated dependencies [d976edf]
158
+ - Updated dependencies [615c669]
159
+ - @pnpm/config.reader@1101.8.0
160
+ - @pnpm/installing.commands@1100.8.0
161
+ - @pnpm/cli.utils@1101.0.11
162
+ - @pnpm/deps.compliance.license-scanner@1100.0.18
163
+ - @pnpm/deps.compliance.audit@1101.0.15
164
+ - @pnpm/deps.security.signatures@1101.2.1
165
+ - @pnpm/workspace.project-manifest-reader@1100.0.12
166
+ - @pnpm/deps.compliance.sbom@1100.1.8
167
+
168
+ ## 1101.3.3
169
+
170
+ ### Patch Changes
171
+
172
+ - Updated dependencies [822beb5]
173
+ - Updated dependencies [3537020]
174
+ - Updated dependencies [894ea6a]
175
+ - Updated dependencies [6b5d91a]
176
+ - Updated dependencies [027196b]
177
+ - Updated dependencies [5f2bb9f]
178
+ - Updated dependencies [1017c36]
179
+ - Updated dependencies [e4d2fe0]
180
+ - Updated dependencies [bf1b731]
181
+ - @pnpm/config.reader@1101.7.0
182
+ - @pnpm/deps.security.signatures@1101.2.0
183
+ - @pnpm/installing.commands@1100.7.3
184
+ - @pnpm/cli.common-cli-options-help@1100.0.2
185
+ - @pnpm/types@1101.3.1
186
+ - @pnpm/cli.meta@1100.0.7
187
+ - @pnpm/cli.utils@1101.0.10
188
+ - @pnpm/config.pick-registry-for-package@1100.0.8
189
+ - @pnpm/config.writer@1100.0.12
190
+ - @pnpm/deps.compliance.audit@1101.0.14
191
+ - @pnpm/deps.compliance.license-scanner@1100.0.17
192
+ - @pnpm/deps.compliance.sbom@1100.1.7
193
+ - @pnpm/lockfile.fs@1100.1.4
194
+ - @pnpm/lockfile.types@1100.0.10
195
+ - @pnpm/lockfile.utils@1100.0.12
196
+ - @pnpm/lockfile.walker@1100.0.10
197
+ - @pnpm/network.auth-header@1101.1.1
198
+ - @pnpm/workspace.project-manifest-reader@1100.0.11
199
+
200
+ ## 1101.3.2
201
+
202
+ ### Patch Changes
203
+
204
+ - Updated dependencies [5192edf]
205
+ - Updated dependencies [a017bf3]
206
+ - @pnpm/network.auth-header@1101.1.0
207
+ - @pnpm/config.reader@1101.6.0
208
+ - @pnpm/types@1101.3.0
209
+ - @pnpm/installing.commands@1100.7.2
210
+ - @pnpm/deps.compliance.audit@1101.0.13
211
+ - @pnpm/deps.security.signatures@1101.1.6
212
+ - @pnpm/cli.meta@1100.0.6
213
+ - @pnpm/cli.utils@1101.0.9
214
+ - @pnpm/config.pick-registry-for-package@1100.0.7
215
+ - @pnpm/config.writer@1100.0.11
216
+ - @pnpm/deps.compliance.license-scanner@1100.0.16
217
+ - @pnpm/deps.compliance.sbom@1100.1.6
218
+ - @pnpm/lockfile.fs@1100.1.3
219
+ - @pnpm/lockfile.types@1100.0.9
220
+ - @pnpm/lockfile.utils@1100.0.11
221
+ - @pnpm/lockfile.walker@1100.0.9
222
+ - @pnpm/workspace.project-manifest-reader@1100.0.10
223
+
224
+ ## 1101.3.1
225
+
226
+ ### Patch Changes
227
+
228
+ - Updated dependencies [719cc21]
229
+ - @pnpm/deps.compliance.audit@1101.0.12
230
+ - @pnpm/installing.commands@1100.7.1
231
+
232
+ ## 1101.3.0
233
+
234
+ ### Minor Changes
235
+
236
+ - 2cadfb5: Replaced `enquirer` with `@inquirer/prompts` for all interactive prompts. Fixes the `update -i` scrolling overflow bug where long choice lists were clipped in the terminal [#6643](https://github.com/pnpm/pnpm/issues/6643).
237
+
238
+ **User-facing changes:**
239
+
240
+ - `pnpm update -i` / `pnpm update -i --latest`: Scrolling now works correctly when many packages are available; the new library uses visual-line-aware pagination via `usePagination`
241
+ - `pnpm audit --fix -i`: Same scrolling fix for vulnerability selection
242
+ - `pnpm approve-builds`: Interactive build approval prompts updated
243
+ - `pnpm patch`: Version selection and "apply to all" prompts updated
244
+ - `pnpm patch-remove`: Patch removal selection updated
245
+ - `pnpm publish`: Branch confirmation prompt updated
246
+ - `pnpm login`: Credential prompts updated
247
+ - `pnpm run` / `pnpm exec` (with `verifyDepsBeforeRun=prompt`): Confirmation prompt updated
248
+
249
+ Vim-style `j`/`k` keys still work for up/down navigation in all interactive prompts.
250
+
251
+ **Internal:** The `OtpEnquirer` and `LoginEnquirer` DI interfaces changed from `{ prompt }` to `{ input }` / `{ input, password }` respectively. Plugins or custom builds that inject their own enquirer mock will need to update.
252
+
253
+ ### Patch Changes
254
+
255
+ - Updated dependencies [a39a83d]
256
+ - Updated dependencies [2cadfb5]
257
+ - @pnpm/config.reader@1101.5.0
258
+ - @pnpm/installing.commands@1100.7.0
259
+ - @pnpm/deps.compliance.audit@1101.0.11
260
+ - @pnpm/deps.security.signatures@1101.1.5
261
+
262
+ ## 1101.2.8
263
+
264
+ ### Patch Changes
265
+
266
+ - Updated dependencies [a23956e]
267
+ - Updated dependencies [aa6149d]
268
+ - Updated dependencies [a456dc7]
269
+ - Updated dependencies [572842a]
270
+ - Updated dependencies [e55f4b5]
271
+ - Updated dependencies [35d2355]
272
+ - @pnpm/config.reader@1101.4.1
273
+ - @pnpm/network.auth-header@1101.0.0
274
+ - @pnpm/installing.commands@1100.6.0
275
+ - @pnpm/workspace.project-manifest-reader@1100.0.9
276
+ - @pnpm/lockfile.utils@1100.0.10
277
+ - @pnpm/types@1101.2.0
278
+ - @pnpm/cli.utils@1101.0.8
279
+ - @pnpm/deps.compliance.audit@1101.0.10
280
+ - @pnpm/deps.compliance.license-scanner@1100.0.15
281
+ - @pnpm/deps.compliance.sbom@1100.1.5
282
+ - @pnpm/lockfile.fs@1100.1.2
283
+ - @pnpm/cli.meta@1100.0.5
284
+ - @pnpm/config.pick-registry-for-package@1100.0.6
285
+ - @pnpm/config.writer@1100.0.10
286
+ - @pnpm/lockfile.types@1100.0.8
287
+ - @pnpm/lockfile.walker@1100.0.8
288
+ - @pnpm/deps.security.signatures@1101.1.4
289
+
290
+ ## 1101.2.7
291
+
292
+ ### Patch Changes
293
+
294
+ - Updated dependencies [d7da112]
295
+ - Updated dependencies [3b62f9d]
296
+ - Updated dependencies [212315d]
297
+ - @pnpm/workspace.project-manifest-reader@1100.0.8
298
+ - @pnpm/config.reader@1101.4.0
299
+ - @pnpm/installing.commands@1100.5.0
300
+ - @pnpm/cli.utils@1101.0.7
301
+ - @pnpm/deps.compliance.license-scanner@1100.0.14
302
+ - @pnpm/deps.compliance.sbom@1100.1.4
303
+
304
+ ## 1101.2.6
305
+
306
+ ### Patch Changes
307
+
308
+ - Updated dependencies [881a865]
309
+ - @pnpm/installing.commands@1100.4.2
310
+
311
+ ## 1101.2.5
312
+
313
+ ### Patch Changes
314
+
315
+ - Updated dependencies [097983f]
316
+ - @pnpm/config.pick-registry-for-package@1100.0.5
317
+ - @pnpm/installing.commands@1100.4.1
318
+
319
+ ## 1101.2.4
320
+
321
+ ### Patch Changes
322
+
323
+ - Updated dependencies [3687b0e]
324
+ - Updated dependencies [ced20cb]
325
+ - Updated dependencies [a620557]
326
+ - Updated dependencies [9cb48bb]
327
+ - Updated dependencies [d1b340f]
328
+ - Updated dependencies [b206a15]
329
+ - Updated dependencies [64afc92]
330
+ - @pnpm/config.reader@1101.3.3
331
+ - @pnpm/installing.commands@1100.4.0
332
+ - @pnpm/lockfile.fs@1100.1.1
333
+ - @pnpm/types@1101.1.1
334
+ - @pnpm/deps.compliance.audit@1101.0.9
335
+ - @pnpm/deps.compliance.license-scanner@1100.0.13
336
+ - @pnpm/deps.compliance.sbom@1100.1.3
337
+ - @pnpm/lockfile.types@1100.0.7
338
+ - @pnpm/lockfile.utils@1100.0.9
339
+ - @pnpm/cli.utils@1101.0.6
340
+ - @pnpm/workspace.project-manifest-reader@1100.0.7
341
+ - @pnpm/cli.meta@1100.0.4
342
+ - @pnpm/config.pick-registry-for-package@1100.0.4
343
+ - @pnpm/config.writer@1100.0.9
344
+ - @pnpm/lockfile.walker@1100.0.7
345
+ - @pnpm/network.auth-header@1100.0.3
346
+ - @pnpm/deps.security.signatures@1101.1.3
347
+
348
+ ## 1101.2.3
349
+
350
+ ### Patch Changes
351
+
352
+ - Updated dependencies [4195766]
353
+ - Updated dependencies [020ac45]
354
+ - Updated dependencies [d3f8408]
355
+ - Updated dependencies [6e93f35]
356
+ - Updated dependencies [a62f959]
357
+ - Updated dependencies [ba2c884]
358
+ - Updated dependencies [2a9bd89]
359
+ - Updated dependencies [8df408c]
360
+ - @pnpm/installing.commands@1100.3.0
361
+ - @pnpm/config.reader@1101.3.2
362
+ - @pnpm/lockfile.fs@1100.1.0
363
+ - @pnpm/deps.compliance.sbom@1100.1.2
364
+ - @pnpm/lockfile.types@1100.0.6
365
+ - @pnpm/lockfile.utils@1100.0.8
366
+ - @pnpm/deps.compliance.audit@1101.0.8
367
+ - @pnpm/deps.compliance.license-scanner@1100.0.12
368
+ - @pnpm/lockfile.walker@1100.0.6
369
+ - @pnpm/cli.utils@1101.0.5
370
+ - @pnpm/deps.security.signatures@1101.1.2
371
+ - @pnpm/workspace.project-manifest-reader@1100.0.6
372
+ - @pnpm/config.writer@1100.0.8
373
+
374
+ ## 1101.2.2
375
+
376
+ ### Patch Changes
377
+
378
+ - Updated dependencies [180aee9]
379
+ - @pnpm/installing.commands@1100.2.2
380
+ - @pnpm/lockfile.fs@1100.0.8
381
+ - @pnpm/cli.utils@1101.0.4
382
+ - @pnpm/config.reader@1101.3.1
383
+ - @pnpm/workspace.project-manifest-reader@1100.0.5
384
+ - @pnpm/deps.compliance.audit@1101.0.7
385
+ - @pnpm/deps.security.signatures@1101.1.1
386
+ - @pnpm/deps.compliance.license-scanner@1100.0.11
387
+ - @pnpm/deps.compliance.sbom@1100.1.1
388
+
389
+ ## 1101.2.1
390
+
391
+ ### Patch Changes
392
+
393
+ - @pnpm/installing.commands@1100.2.1
394
+
395
+ ## 1101.2.0
396
+
397
+ ### Minor Changes
398
+
399
+ - 6ac06cb: Added `pnpm audit signatures` to verify ECDSA registry signatures for installed packages against keys from `/-/npm/v1/keys` [#7909](https://github.com/pnpm/pnpm/issues/7909). Scoped registries are respected, and registries without signing keys are skipped.
400
+
401
+ ### Patch Changes
402
+
403
+ - Updated dependencies [6ac06cb]
404
+ - Updated dependencies [b61e268]
405
+ - Updated dependencies [87b4bac]
406
+ - Updated dependencies [e1e29c1]
407
+ - @pnpm/deps.security.signatures@1101.1.0
408
+ - @pnpm/config.reader@1101.3.0
409
+ - @pnpm/types@1101.1.0
410
+ - @pnpm/deps.compliance.sbom@1100.1.0
411
+ - @pnpm/installing.commands@1100.2.0
412
+ - @pnpm/deps.compliance.audit@1101.0.6
413
+ - @pnpm/cli.meta@1100.0.3
414
+ - @pnpm/cli.utils@1101.0.3
415
+ - @pnpm/config.pick-registry-for-package@1100.0.3
416
+ - @pnpm/config.writer@1100.0.7
417
+ - @pnpm/deps.compliance.license-scanner@1100.0.10
418
+ - @pnpm/lockfile.fs@1100.0.7
419
+ - @pnpm/lockfile.types@1100.0.5
420
+ - @pnpm/lockfile.utils@1100.0.7
421
+ - @pnpm/lockfile.walker@1100.0.5
422
+ - @pnpm/network.auth-header@1100.0.2
423
+ - @pnpm/workspace.project-manifest-reader@1100.0.4
424
+
425
+ ## 1101.1.11
426
+
427
+ ### Patch Changes
428
+
429
+ - Updated dependencies [e9e876c]
430
+ - Updated dependencies [15e9e35]
431
+ - @pnpm/config.reader@1101.2.2
432
+ - @pnpm/installing.commands@1100.1.12
433
+ - @pnpm/deps.compliance.license-scanner@1100.0.9
434
+ - @pnpm/deps.compliance.sbom@1100.0.9
435
+
436
+ ## 1101.1.10
437
+
438
+ ### Patch Changes
439
+
440
+ - Updated dependencies [cfa271b]
441
+ - @pnpm/lockfile.utils@1100.0.6
442
+ - @pnpm/deps.compliance.audit@1101.0.5
443
+ - @pnpm/deps.compliance.license-scanner@1100.0.8
444
+ - @pnpm/deps.compliance.sbom@1100.0.8
445
+ - @pnpm/lockfile.fs@1100.0.6
446
+ - @pnpm/installing.commands@1100.1.11
447
+
448
+ ## 1101.1.9
449
+
450
+ ### Patch Changes
451
+
452
+ - Updated dependencies [27425d7]
453
+ - Updated dependencies [707a879]
454
+ - @pnpm/lockfile.fs@1100.0.5
455
+ - @pnpm/lockfile.types@1100.0.4
456
+ - @pnpm/lockfile.utils@1100.0.5
457
+ - @pnpm/config.reader@1101.2.1
458
+ - @pnpm/installing.commands@1100.1.10
459
+ - @pnpm/deps.compliance.audit@1101.0.4
460
+ - @pnpm/deps.compliance.license-scanner@1100.0.7
461
+ - @pnpm/deps.compliance.sbom@1100.0.7
462
+ - @pnpm/lockfile.walker@1100.0.4
463
+ - @pnpm/config.writer@1100.0.6
464
+
465
+ ## 1101.1.8
466
+
467
+ ### Patch Changes
468
+
469
+ - Updated dependencies [8fdd9a9]
470
+ - Updated dependencies [5f34a8d]
471
+ - Updated dependencies [c969392]
472
+ - Updated dependencies [817b1b4]
473
+ - Updated dependencies [c969392]
474
+ - Updated dependencies [2de318b]
475
+ - @pnpm/config.reader@1101.2.0
476
+ - @pnpm/installing.commands@1100.1.9
477
+ - @pnpm/config.writer@1100.0.5
478
+
479
+ ## 1101.1.7
480
+
481
+ ### Patch Changes
482
+
483
+ - Updated dependencies [f6bc1db]
484
+ - @pnpm/installing.commands@1100.1.8
485
+
486
+ ## 1101.1.6
487
+
488
+ ### Patch Changes
489
+
490
+ - Updated dependencies [42a8f29]
491
+ - @pnpm/config.reader@1101.1.4
492
+ - @pnpm/installing.commands@1100.1.7
493
+
494
+ ## 1101.1.5
495
+
496
+ ### Patch Changes
497
+
498
+ - Updated dependencies [184ce26]
499
+ - Updated dependencies [6b891a5]
500
+ - @pnpm/workspace.project-manifest-reader@1100.0.3
501
+ - @pnpm/deps.compliance.license-scanner@1100.0.6
502
+ - @pnpm/cli.common-cli-options-help@1100.0.1
503
+ - @pnpm/deps.compliance.audit@1101.0.3
504
+ - @pnpm/installing.commands@1100.1.6
505
+ - @pnpm/config.reader@1101.1.3
506
+ - @pnpm/config.writer@1100.0.4
507
+ - @pnpm/cli.command@1100.0.1
508
+ - @pnpm/store.path@1100.0.1
509
+ - @pnpm/cli.utils@1101.0.2
510
+ - @pnpm/cli.meta@1100.0.2
511
+ - @pnpm/lockfile.utils@1100.0.4
512
+ - @pnpm/deps.compliance.sbom@1100.0.6
513
+ - @pnpm/lockfile.types@1100.0.3
514
+ - @pnpm/lockfile.fs@1100.0.4
515
+ - @pnpm/lockfile.walker@1100.0.3
516
+
517
+ ## 1101.1.4
518
+
519
+ ### Patch Changes
520
+
521
+ - @pnpm/cli.utils@1101.0.1
522
+ - @pnpm/deps.compliance.license-scanner@1100.0.5
523
+ - @pnpm/installing.commands@1100.1.5
524
+
525
+ ## 1101.1.3
526
+
527
+ ### Patch Changes
528
+
529
+ - 5e11362: Sort the keys of the overrides object returned by `pnpm audit --fix` so that the log output order matches the order written to `pnpm-workspace.yaml`.
530
+ - Updated dependencies [f9afe81]
531
+ - Updated dependencies [0fbcf74]
532
+ - @pnpm/deps.compliance.sbom@1100.0.5
533
+ - @pnpm/config.reader@1101.1.2
534
+ - @pnpm/installing.commands@1100.1.4
535
+ - @pnpm/config.writer@1100.0.3
536
+
537
+ ## 1101.1.2
538
+
539
+ ### Patch Changes
540
+
541
+ - @pnpm/installing.commands@1100.1.3
542
+
543
+ ## 1101.1.1
544
+
545
+ ### Patch Changes
546
+
547
+ - @pnpm/deps.compliance.license-scanner@1100.0.4
548
+ - @pnpm/deps.compliance.sbom@1100.0.4
549
+ - @pnpm/installing.commands@1100.1.2
550
+ - @pnpm/lockfile.utils@1100.0.3
551
+ - @pnpm/deps.compliance.audit@1101.0.2
552
+ - @pnpm/lockfile.fs@1100.0.3
553
+ - @pnpm/config.reader@1101.1.1
554
+
555
+ ## 1101.1.0
556
+
557
+ ### Minor Changes
558
+
559
+ - 390ee62: `pnpm audit --fix` now respects the `auditLevel` setting and supports a new interactive mode via `--interactive`/`-i`. Previously, `pnpm audit --fix` would fix all vulnerabilities regardless of the configured `auditLevel`, while `pnpm audit` (without `--fix`) correctly filtered by severity. Now both commands consistently filter advisories by the `auditLevel` setting, and you can use `pnpm audit --fix -i` to review and select which vulnerabilities to fix interactively.
560
+
561
+ Overrides emitted by `pnpm audit --fix` now use a caret range (`^X.Y.Z`) instead of an open-ended `>=X.Y.Z`, so applying a security fix can no longer silently promote a dependency across a major version boundary.
562
+
563
+ ### Patch Changes
564
+
565
+ - 61952c2: `pnpm sbom` now detects licenses declared via the deprecated `licenses` array in `package.json` (e.g. `busboy`, `streamsearch`, `limiter`) and falls back to scanning on-disk `LICENSE` files — mirroring the resolution logic of `pnpm licenses`. Previously these packages were reported as `NOASSERTION`. Shared license resolution (manifest parsing + LICENSE-file fallback) lives in the new `@pnpm/deps.compliance.license-resolver` package. When a manifest sets both `license` and `licenses`, the modern `license` field now takes precedence for both commands (previously `pnpm licenses` preferred `licenses`) [#11248](https://github.com/pnpm/pnpm/issues/11248).
566
+ - Updated dependencies [7d25bc1]
567
+ - Updated dependencies [9e0833c]
568
+ - Updated dependencies [61952c2]
569
+ - @pnpm/config.reader@1101.1.0
570
+ - @pnpm/deps.compliance.license-resolver@1100.0.0
571
+ - @pnpm/deps.compliance.sbom@1100.0.3
572
+ - @pnpm/deps.compliance.license-scanner@1100.0.3
573
+ - @pnpm/installing.commands@1100.1.1
574
+ - @pnpm/lockfile.types@1100.0.2
575
+ - @pnpm/lockfile.utils@1100.0.2
576
+ - @pnpm/deps.compliance.audit@1101.0.1
577
+ - @pnpm/lockfile.fs@1100.0.2
578
+ - @pnpm/lockfile.walker@1100.0.2
579
+ - @pnpm/config.writer@1100.0.2
580
+
581
+ ## 1101.0.1
582
+
583
+ ### Patch Changes
584
+
585
+ - Updated dependencies [cee550a]
586
+ - Updated dependencies [4ab3d9b]
587
+ - Updated dependencies [9af708a]
588
+ - Updated dependencies [ea2a7fb]
589
+ - Updated dependencies [ff7733c]
590
+ - @pnpm/cli.utils@1101.0.0
591
+ - @pnpm/config.reader@1101.0.0
592
+ - @pnpm/installing.commands@1100.1.0
593
+ - @pnpm/workspace.project-manifest-reader@1100.0.2
594
+ - @pnpm/deps.compliance.license-scanner@1100.0.2
595
+ - @pnpm/deps.compliance.sbom@1100.0.2
596
+
597
+ ## 1101.0.0
598
+
599
+ ### Major Changes
600
+
601
+ - ff28085: `pnpm audit` now calls npm's `/-/npm/v1/security/advisories/bulk` endpoint. The legacy `/-/npm/v1/security/audits{,/quick}` endpoints have been retired by the registry, so the legacy request/response contract is no longer supported.
602
+
603
+ The bulk endpoint does not return CVE identifiers. CVE-based filtering has been replaced with GitHub advisory ID (GHSA) filtering:
604
+
605
+ - `auditConfig.ignoreCves` → `auditConfig.ignoreGhsas` (the previous key is no longer recognized)
606
+ - `pnpm audit --ignore <id>` / `pnpm audit --ignore-unfixable` now read and write GHSAs instead of CVEs
607
+ - GHSAs are derived from each advisory's `url` (`https://github.com/advisories/GHSA-xxxx-xxxx-xxxx`)
608
+
609
+ To migrate: replace each `CVE-YYYY-NNNNN` entry in your `auditConfig.ignoreCves` with the corresponding `GHSA-xxxx-xxxx-xxxx` value (visible in the `More info` column of `pnpm audit` output) and move it under `auditConfig.ignoreGhsas`.
610
+
611
+ ### Patch Changes
612
+
613
+ - Updated dependencies [ff28085]
614
+ - @pnpm/deps.compliance.audit@1101.0.0
615
+ - @pnpm/types@1101.0.0
616
+ - @pnpm/cli.meta@1100.0.1
617
+ - @pnpm/cli.utils@1100.0.1
618
+ - @pnpm/config.reader@1100.0.1
619
+ - @pnpm/config.writer@1100.0.1
620
+ - @pnpm/deps.compliance.license-scanner@1100.0.1
621
+ - @pnpm/deps.compliance.sbom@1100.0.1
622
+ - @pnpm/installing.commands@1100.0.1
623
+ - @pnpm/lockfile.fs@1100.0.1
624
+ - @pnpm/lockfile.types@1100.0.1
625
+ - @pnpm/lockfile.utils@1100.0.1
626
+ - @pnpm/lockfile.walker@1100.0.1
627
+ - @pnpm/network.auth-header@1100.0.1
628
+ - @pnpm/workspace.project-manifest-reader@1100.0.1
629
+
630
+ ## 1001.0.0
631
+
632
+ ### Major Changes
633
+
634
+ - 491a84f: This package is now pure ESM.
635
+ - 7d2fd48: Node.js v18, 19, 20, and 21 support discontinued.
636
+
637
+ ### Minor Changes
638
+
639
+ - f92ac24: Added `pnpm sbom` command for generating Software Bill of Materials in CycloneDX 1.7 and SPDX 2.3 JSON formats [#9088](https://github.com/pnpm/pnpm/issues/9088).
640
+ - 6d56db2: The `pnpm audit` command now also audits dependencies from `pnpm-lock.yaml`, including `configDependencies` and `packageManagerDependencies` along with their transitive dependencies.
641
+ - 7721d2e: `pnpm audit --fix` now adds the minimum patched versions to `minimumReleaseAgeExclude` in `pnpm-workspace.yaml` [#10263](https://github.com/pnpm/pnpm/issues/10263).
642
+
643
+ When `minimumReleaseAge` is configured, security patches suggested by `pnpm audit` may be blocked because the patched versions are too new. Now, `pnpm audit --fix` automatically adds the minimum patched version for each vulnerability (e.g., `axios@0.21.2`) to `minimumReleaseAgeExclude`, so that `pnpm install` can install the security fix without waiting for it to mature.
644
+
645
+ - 4158906: Support configuring `auditLevel` in the `pnpm-workspace.yaml` file [#10540](https://github.com/pnpm/pnpm/issues/10540).
646
+ - 15549a9: Add the ability to fix vulnerabilities by updating packages in the lockfile instead of adding overrides.
647
+
648
+ ### Patch Changes
649
+
650
+ - 3c36e8d: Fixed `pnpm audit --json` to respect the `--audit-level` setting for both exit code and output filtering [#10540](https://github.com/pnpm/pnpm/issues/10540).
651
+ - 121f64a: Fix `pnpm audit --fix` replacing reference overrides (e.g. `$foo`) with concrete versions [#10325](https://github.com/pnpm/pnpm/issues/10325).
652
+ - a969839: fixed help text for audit --ignore-registry-errors
653
+ - Updated dependencies [e1ea779]
654
+ - Updated dependencies [f92ac24]
655
+ - Updated dependencies [7730a7f]
656
+ - Updated dependencies [996284f]
657
+ - Updated dependencies [6d56db2]
658
+ - Updated dependencies [7721d2e]
659
+ - Updated dependencies [315cae8]
660
+ - Updated dependencies [ae8b816]
661
+ - Updated dependencies [facdd71]
662
+ - Updated dependencies [4c6c26a]
663
+ - Updated dependencies [e2e0a32]
664
+ - Updated dependencies [c55c614]
665
+ - Updated dependencies [3c72b6b]
666
+ - Updated dependencies [9f5c0e3]
667
+ - Updated dependencies [76718b3]
668
+ - Updated dependencies [a8f016c]
669
+ - Updated dependencies [cc1b8e3]
670
+ - Updated dependencies [90bd3c3]
671
+ - Updated dependencies [1cc61e8]
672
+ - Updated dependencies [606f53e]
673
+ - Updated dependencies [c7203b9]
674
+ - Updated dependencies [bb17724]
675
+ - Updated dependencies [da2429d]
676
+ - Updated dependencies [0b5ccc9]
677
+ - Updated dependencies [1cc61e8]
678
+ - Updated dependencies [491a84f]
679
+ - Updated dependencies [fb8962f]
680
+ - Updated dependencies [f0ae1b9]
681
+ - Updated dependencies [9fc552d]
682
+ - Updated dependencies [312226c]
683
+ - Updated dependencies [b1ad9c7]
684
+ - Updated dependencies [121f64a]
685
+ - Updated dependencies [7fab2a2]
686
+ - Updated dependencies [cb367b9]
687
+ - Updated dependencies [543c7e4]
688
+ - Updated dependencies [075aa99]
689
+ - Updated dependencies [fd511e4]
690
+ - Updated dependencies [ae43ac7]
691
+ - Updated dependencies [ccec8e7]
692
+ - Updated dependencies [98a5f1c]
693
+ - Updated dependencies [fd511e4]
694
+ - Updated dependencies [fa5a5c6]
695
+ - Updated dependencies [4158906]
696
+ - Updated dependencies [ac944ef]
697
+ - Updated dependencies [d458ab3]
698
+ - Updated dependencies [7d2fd48]
699
+ - Updated dependencies [cc7c0d2]
700
+ - Updated dependencies [efb48dc]
701
+ - Updated dependencies [d5d4eed]
702
+ - Updated dependencies [095f659]
703
+ - Updated dependencies [96704a1]
704
+ - Updated dependencies [50fbeca]
705
+ - Updated dependencies [cb367b9]
706
+ - Updated dependencies [7b1c189]
707
+ - Updated dependencies [51b04c3]
708
+ - Updated dependencies [6f806be]
709
+ - Updated dependencies [d01b81f]
710
+ - Updated dependencies [3ed41f4]
711
+ - Updated dependencies [8ffb1a7]
712
+ - Updated dependencies [05fb1ae]
713
+ - Updated dependencies [71de2b3]
714
+ - Updated dependencies [10bc391]
715
+ - Updated dependencies [ace7903]
716
+ - Updated dependencies [38b8e35]
717
+ - Updated dependencies [394d88c]
718
+ - Updated dependencies [831f574]
719
+ - Updated dependencies [2df8b71]
720
+ - Updated dependencies [ed1a7fe]
721
+ - Updated dependencies [15549a9]
722
+ - Updated dependencies [b51bb42]
723
+ - Updated dependencies [cc7c0d2]
724
+ - Updated dependencies [5bf7768]
725
+ - Updated dependencies [ae43ac7]
726
+ - Updated dependencies [a5fdbf9]
727
+ - Updated dependencies [9d3f00b]
728
+ - Updated dependencies [efb48dc]
729
+ - Updated dependencies [9587dac]
730
+ - Updated dependencies [09a999a]
731
+ - Updated dependencies [559f903]
732
+ - Updated dependencies [3574905]
733
+ - @pnpm/cli.common-cli-options-help@1001.0.0
734
+ - @pnpm/deps.compliance.sbom@1000.0.0
735
+ - @pnpm/config.reader@1005.0.0
736
+ - @pnpm/installing.commands@1005.0.0
737
+ - @pnpm/deps.compliance.audit@1003.0.0
738
+ - @pnpm/config.writer@1001.0.0
739
+ - @pnpm/deps.compliance.license-scanner@1002.0.0
740
+ - @pnpm/constants@1002.0.0
741
+ - @pnpm/types@1001.0.0
742
+ - @pnpm/lockfile.fs@1002.0.0
743
+ - @pnpm/lockfile.types@1003.0.0
744
+ - @pnpm/lockfile.utils@1004.0.0
745
+ - @pnpm/cli.utils@1002.0.0
746
+ - @pnpm/workspace.project-manifest-reader@1002.0.0
747
+ - @pnpm/network.auth-header@1001.0.0
748
+ - @pnpm/store.path@1001.0.0
749
+ - @pnpm/lockfile.walker@1002.0.0
750
+ - @pnpm/error@1001.0.0
751
+ - @pnpm/cli.meta@1001.0.0
752
+ - @pnpm/cli.command@1001.0.0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pnpm/deps.compliance.commands",
3
- "version": "1101.5.1",
3
+ "version": "1101.5.3",
4
4
  "description": "pnpm commands for audit, licenses, and sbom",
5
5
  "keywords": [
6
6
  "pnpm",
@@ -31,59 +31,59 @@
31
31
  ],
32
32
  "dependencies": {
33
33
  "@inquirer/prompts": "^8.4.3",
34
- "@zkochan/table": "^2.0.1",
35
- "chalk": "^5.6.2",
36
- "memoize": "^11.0.0",
37
- "p-limit": "^7.3.0",
38
- "ramda": "npm:@pnpm/ramda@0.28.1",
39
- "render-help": "^2.0.0",
40
- "semver": "^7.8.4",
41
- "@pnpm/cli.common-cli-options-help": "1100.0.2",
42
34
  "@pnpm/cli.command": "1100.0.1",
35
+ "@pnpm/cli.common-cli-options-help": "1100.0.2",
43
36
  "@pnpm/cli.meta": "1100.0.8",
44
37
  "@pnpm/cli.utils": "1101.0.13",
45
38
  "@pnpm/config.pick-registry-for-package": "1100.0.9",
46
- "@pnpm/config.reader": "1101.11.0",
39
+ "@pnpm/config.reader": "1101.11.2",
47
40
  "@pnpm/config.version-policy": "1100.1.6",
48
41
  "@pnpm/config.writer": "1100.0.15",
49
42
  "@pnpm/constants": "1100.0.0",
43
+ "@pnpm/deps.compliance.audit": "1101.0.21",
50
44
  "@pnpm/deps.compliance.license-resolver": "1100.0.0",
51
- "@pnpm/deps.compliance.audit": "1101.0.19",
52
- "@pnpm/deps.compliance.license-scanner": "1100.0.22",
53
- "@pnpm/deps.compliance.sbom": "1100.3.1",
54
- "@pnpm/error": "1100.0.1",
45
+ "@pnpm/deps.compliance.license-scanner": "1100.0.24",
46
+ "@pnpm/deps.compliance.sbom": "1100.3.2",
55
47
  "@pnpm/deps.security.signatures": "1101.2.3",
56
- "@pnpm/installing.commands": "1100.10.2",
48
+ "@pnpm/error": "1100.0.1",
49
+ "@pnpm/installing.commands": "1100.10.4",
50
+ "@pnpm/lockfile.fs": "1100.1.10",
57
51
  "@pnpm/lockfile.types": "1100.0.13",
58
- "@pnpm/lockfile.fs": "1100.1.8",
59
- "@pnpm/lockfile.utils": "1100.1.1",
60
- "@pnpm/network.auth-header": "1101.1.3",
52
+ "@pnpm/lockfile.utils": "1100.1.2",
61
53
  "@pnpm/lockfile.walker": "1100.0.13",
54
+ "@pnpm/network.auth-header": "1101.1.3",
62
55
  "@pnpm/object.key-sorting": "1100.0.1",
56
+ "@pnpm/store.path": "1100.0.2",
63
57
  "@pnpm/types": "1101.3.2",
64
58
  "@pnpm/workspace.project-manifest-reader": "1100.0.14",
65
- "@pnpm/store.path": "1100.0.2"
59
+ "@zkochan/table": "^2.0.1",
60
+ "chalk": "^5.6.2",
61
+ "memoize": "^11.0.0",
62
+ "p-limit": "^7.3.0",
63
+ "ramda": "npm:@pnpm/ramda@0.28.1",
64
+ "render-help": "^2.0.0",
65
+ "semver": "^7.8.4"
66
66
  },
67
67
  "peerDependencies": {
68
68
  "@pnpm/logger": "^1100.0.0"
69
69
  },
70
70
  "devDependencies": {
71
71
  "@jest/globals": "30.4.1",
72
- "@types/ramda": "0.31.1",
73
- "@types/semver": "7.7.1",
74
- "@types/zkochan__table": "npm:@types/table@6.3.2",
75
- "load-json-file": "^7.0.1",
76
- "read-yaml-file": "^3.0.0",
77
- "tempy": "3.0.0",
78
- "@pnpm/deps.compliance.commands": "1101.5.1",
72
+ "@pnpm/deps.compliance.commands": "1101.5.3",
79
73
  "@pnpm/logger": "1100.0.0",
80
74
  "@pnpm/pkg-manifest.reader": "1100.0.9",
81
75
  "@pnpm/prepare": "1100.0.18",
82
- "@pnpm/testing.command-defaults": "1100.0.8",
83
76
  "@pnpm/test-fixtures": "1100.0.0",
77
+ "@pnpm/testing.command-defaults": "1100.0.8",
84
78
  "@pnpm/testing.mock-agent": "1101.0.4",
85
- "@pnpm/workspace.projects-filter": "1100.0.24",
86
- "@pnpm/testing.registry-mock": "1100.0.8"
79
+ "@pnpm/testing.registry-mock": "1100.0.8",
80
+ "@pnpm/workspace.projects-filter": "1100.0.26",
81
+ "@types/ramda": "0.31.1",
82
+ "@types/semver": "7.7.1",
83
+ "@types/zkochan__table": "npm:@types/table@6.3.2",
84
+ "load-json-file": "^7.0.1",
85
+ "read-yaml-file": "^3.0.0",
86
+ "tempy": "3.0.0"
87
87
  },
88
88
  "engines": {
89
89
  "node": ">=22.13"