@pnpm/deps.compliance.commands 1101.5.2 → 1101.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/CHANGELOG.md +776 -0
  2. package/package.json +37 -37
package/CHANGELOG.md ADDED
@@ -0,0 +1,776 @@
1
+ # @pnpm/deps.compliance.commands
2
+
3
+ ## 1101.5.4
4
+
5
+ ### Patch Changes
6
+
7
+ - Updated dependencies:
8
+ - @pnpm/cli.meta@1100.0.9
9
+ - @pnpm/cli.utils@1101.0.14
10
+ - @pnpm/config.pick-registry-for-package@1100.0.10
11
+ - @pnpm/config.reader@1101.12.0
12
+ - @pnpm/config.version-policy@1100.1.7
13
+ - @pnpm/config.writer@1100.0.16
14
+ - @pnpm/deps.compliance.audit@1101.0.22
15
+ - @pnpm/deps.compliance.license-scanner@1100.0.25
16
+ - @pnpm/deps.compliance.sbom@1100.3.3
17
+ - @pnpm/deps.security.signatures@1101.2.4
18
+ - @pnpm/installing.commands@1100.10.5
19
+ - @pnpm/lockfile.fs@1100.1.11
20
+ - @pnpm/lockfile.types@1100.0.14
21
+ - @pnpm/lockfile.utils@1100.1.3
22
+ - @pnpm/lockfile.walker@1100.0.14
23
+ - @pnpm/network.auth-header@1101.1.4
24
+ - @pnpm/types@1101.4.0
25
+ - @pnpm/workspace.project-manifest-reader@1100.0.15
26
+
27
+ ## 1101.5.3
28
+
29
+ ### Patch Changes
30
+
31
+ - @pnpm/installing.commands@1100.10.4
32
+ - @pnpm/lockfile.utils@1100.1.2
33
+ - @pnpm/config.reader@1101.11.2
34
+ - @pnpm/deps.compliance.audit@1101.0.21
35
+ - @pnpm/deps.compliance.license-scanner@1100.0.24
36
+ - @pnpm/deps.compliance.sbom@1100.3.2
37
+ - @pnpm/lockfile.fs@1100.1.10
38
+
39
+ ## 1101.5.2
40
+
41
+ ### Patch Changes
42
+
43
+ - Updated dependencies [f8058eb]
44
+ - Updated dependencies [9318a11]
45
+ - Updated dependencies [5a4daec]
46
+ - @pnpm/lockfile.fs@1100.1.9
47
+ - @pnpm/config.reader@1101.11.1
48
+ - @pnpm/installing.commands@1100.10.3
49
+ - @pnpm/deps.compliance.audit@1101.0.20
50
+ - @pnpm/deps.compliance.license-scanner@1100.0.23
51
+
52
+ ## 1101.5.1
53
+
54
+ ### Patch Changes
55
+
56
+ - Updated dependencies [be6505a]
57
+ - Updated dependencies [3425e80]
58
+ - Updated dependencies [806c3ec]
59
+ - Updated dependencies [c121235]
60
+ - Updated dependencies [dcabb78]
61
+ - @pnpm/installing.commands@1100.10.2
62
+ - @pnpm/config.reader@1101.11.0
63
+ - @pnpm/deps.compliance.sbom@1100.3.1
64
+ - @pnpm/lockfile.types@1100.0.13
65
+ - @pnpm/lockfile.utils@1100.1.1
66
+ - @pnpm/deps.compliance.audit@1101.0.19
67
+ - @pnpm/deps.compliance.license-scanner@1100.0.22
68
+ - @pnpm/lockfile.fs@1100.1.8
69
+ - @pnpm/lockfile.walker@1100.0.13
70
+ - @pnpm/config.writer@1100.0.15
71
+
72
+ ## 1101.5.0
73
+
74
+ ### Minor Changes
75
+
76
+ - 6c35a43: Added `--exclude-peers` to `pnpm sbom`. With `auto-install-peers` (the default), peer dependencies resolve into the lockfile and are otherwise indistinguishable from the package's own dependencies. The flag drops peer dependencies (and any transitive subtree reachable only through them) from the SBOM. CycloneDX 1.7 has no scope or relationship that expresses "consumer-provided peer", so omission is the only spec-clean handling. The flag name matches `pnpm list --exclude-peers`; note the SBOM flag prunes a peer's exclusive subtree, which is stricter than `pnpm list` (which only hides leaf peers).
77
+
78
+ ### Patch Changes
79
+
80
+ - 25a829e: `pnpm audit --fix` now writes a single combined `minimumReleaseAgeExclude` entry per package (e.g. `axios@0.18.1 || 0.21.1`) instead of one entry per version, matching the format documented for the setting. Existing per-version entries in `pnpm-workspace.yaml` are merged into the combined form rather than left as duplicates. Installs that auto-collect immature versions into `minimumReleaseAgeExclude` now report the same combined entries, so the "Added N entries" message matches what is written to the manifest [#12534](https://github.com/pnpm/pnpm/issues/12534).
81
+ - 17e7f2c: `pnpm sbom` now emits a CycloneDX `issue-tracker` external reference for components (and the root) whose `package.json` declares a `bugs` URL. Email-only `bugs` entries are skipped, since the reference requires a URL.
82
+ - Updated dependencies [25a829e]
83
+ - Updated dependencies [bae694f]
84
+ - Updated dependencies [d3f68e2]
85
+ - Updated dependencies [6545793]
86
+ - Updated dependencies [fbdc0eb]
87
+ - Updated dependencies [0ec878d]
88
+ - Updated dependencies [6c35a43]
89
+ - Updated dependencies [17e7f2c]
90
+ - Updated dependencies [a84d2a1]
91
+ - Updated dependencies [852d537]
92
+ - @pnpm/installing.commands@1100.10.1
93
+ - @pnpm/config.version-policy@1100.1.6
94
+ - @pnpm/lockfile.utils@1100.1.0
95
+ - @pnpm/deps.compliance.audit@1101.0.18
96
+ - @pnpm/workspace.project-manifest-reader@1100.0.14
97
+ - @pnpm/deps.compliance.sbom@1100.3.0
98
+ - @pnpm/error@1100.0.1
99
+ - @pnpm/config.writer@1100.0.14
100
+ - @pnpm/lockfile.types@1100.0.12
101
+ - @pnpm/deps.compliance.license-scanner@1100.0.21
102
+ - @pnpm/lockfile.fs@1100.1.7
103
+ - @pnpm/deps.security.signatures@1101.2.3
104
+ - @pnpm/cli.utils@1101.0.13
105
+ - @pnpm/config.reader@1101.10.1
106
+ - @pnpm/network.auth-header@1101.1.3
107
+ - @pnpm/store.path@1100.0.2
108
+ - @pnpm/lockfile.walker@1100.0.12
109
+
110
+ ## 1101.4.0
111
+
112
+ ### Minor Changes
113
+
114
+ - 1495cb0: Added per-package SBOM generation with `--out` and `--split` flags. Use `--out out/%s.cdx.json` to write one SBOM per workspace package to individual files, or `--split` for NDJSON output to stdout. When `--filter` selects a single package, the SBOM root component now uses that package's metadata. Workspace inter-dependencies (`workspace:` protocol) and their transitive dependencies are included. Author, repository, and license fall back to the root manifest when the package doesn't define them.
115
+
116
+ ### Patch Changes
117
+
118
+ - Updated dependencies [302a2f7]
119
+ - Updated dependencies [c112b61]
120
+ - Updated dependencies [61969fb]
121
+ - Updated dependencies [9d79ba1]
122
+ - Updated dependencies [0474a9c]
123
+ - Updated dependencies [223d060]
124
+ - Updated dependencies [0474a9c]
125
+ - Updated dependencies [6d35338]
126
+ - Updated dependencies [dcededc]
127
+ - Updated dependencies [1495cb0]
128
+ - Updated dependencies [eba03e0]
129
+ - @pnpm/config.reader@1101.10.0
130
+ - @pnpm/installing.commands@1100.10.0
131
+ - @pnpm/lockfile.fs@1100.1.6
132
+ - @pnpm/deps.compliance.sbom@1100.2.0
133
+ - @pnpm/deps.compliance.audit@1101.0.17
134
+ - @pnpm/deps.compliance.license-scanner@1100.0.20
135
+
136
+ ## 1101.3.5
137
+
138
+ ### Patch Changes
139
+
140
+ - 8dcd9a0: Fix garbled summary line after submitting `pnpm update -i` and `pnpm audit --fix -i`. The interactive checkbox prompt previously printed every selected choice's full table row (label, current/target versions, workspace, URL) joined by commas, producing a wall of text after pressing Enter. The summary now lists only the selected package names (or vulnerability keys) by setting an explicit `short` per choice; the in-progress selection UI is unchanged.
141
+ - a31faa7: Updated dependency ranges. Notably:
142
+
143
+ - `@pnpm/logger` peer dependency range moved to `^1100.0.0`.
144
+ - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions).
145
+ - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1.
146
+ - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4.
147
+
148
+ - Updated dependencies [8dcd9a0]
149
+ - Updated dependencies [86e70d2]
150
+ - Updated dependencies [61810aa]
151
+ - Updated dependencies [f20ad8f]
152
+ - Updated dependencies [ab0b7d1]
153
+ - Updated dependencies [74a2dc9]
154
+ - Updated dependencies [681b593]
155
+ - Updated dependencies [d50d691]
156
+ - Updated dependencies [a31faa7]
157
+ - @pnpm/installing.commands@1100.9.0
158
+ - @pnpm/config.reader@1101.9.0
159
+ - @pnpm/lockfile.utils@1100.0.13
160
+ - @pnpm/network.auth-header@1101.1.2
161
+ - @pnpm/types@1101.3.2
162
+ - @pnpm/lockfile.fs@1100.1.5
163
+ - @pnpm/cli.utils@1101.0.12
164
+ - @pnpm/deps.compliance.audit@1101.0.16
165
+ - @pnpm/deps.compliance.license-scanner@1100.0.19
166
+ - @pnpm/deps.compliance.sbom@1100.1.9
167
+ - @pnpm/deps.security.signatures@1101.2.2
168
+ - @pnpm/object.key-sorting@1100.0.1
169
+ - @pnpm/workspace.project-manifest-reader@1100.0.13
170
+ - @pnpm/cli.meta@1100.0.8
171
+ - @pnpm/config.pick-registry-for-package@1100.0.9
172
+ - @pnpm/config.writer@1100.0.13
173
+ - @pnpm/lockfile.types@1100.0.11
174
+ - @pnpm/lockfile.walker@1100.0.11
175
+
176
+ ## 1101.3.4
177
+
178
+ ### Patch Changes
179
+
180
+ - Updated dependencies [bc9ed78]
181
+ - Updated dependencies [d976edf]
182
+ - Updated dependencies [615c669]
183
+ - @pnpm/config.reader@1101.8.0
184
+ - @pnpm/installing.commands@1100.8.0
185
+ - @pnpm/cli.utils@1101.0.11
186
+ - @pnpm/deps.compliance.license-scanner@1100.0.18
187
+ - @pnpm/deps.compliance.audit@1101.0.15
188
+ - @pnpm/deps.security.signatures@1101.2.1
189
+ - @pnpm/workspace.project-manifest-reader@1100.0.12
190
+ - @pnpm/deps.compliance.sbom@1100.1.8
191
+
192
+ ## 1101.3.3
193
+
194
+ ### Patch Changes
195
+
196
+ - Updated dependencies [822beb5]
197
+ - Updated dependencies [3537020]
198
+ - Updated dependencies [894ea6a]
199
+ - Updated dependencies [6b5d91a]
200
+ - Updated dependencies [027196b]
201
+ - Updated dependencies [5f2bb9f]
202
+ - Updated dependencies [1017c36]
203
+ - Updated dependencies [e4d2fe0]
204
+ - Updated dependencies [bf1b731]
205
+ - @pnpm/config.reader@1101.7.0
206
+ - @pnpm/deps.security.signatures@1101.2.0
207
+ - @pnpm/installing.commands@1100.7.3
208
+ - @pnpm/cli.common-cli-options-help@1100.0.2
209
+ - @pnpm/types@1101.3.1
210
+ - @pnpm/cli.meta@1100.0.7
211
+ - @pnpm/cli.utils@1101.0.10
212
+ - @pnpm/config.pick-registry-for-package@1100.0.8
213
+ - @pnpm/config.writer@1100.0.12
214
+ - @pnpm/deps.compliance.audit@1101.0.14
215
+ - @pnpm/deps.compliance.license-scanner@1100.0.17
216
+ - @pnpm/deps.compliance.sbom@1100.1.7
217
+ - @pnpm/lockfile.fs@1100.1.4
218
+ - @pnpm/lockfile.types@1100.0.10
219
+ - @pnpm/lockfile.utils@1100.0.12
220
+ - @pnpm/lockfile.walker@1100.0.10
221
+ - @pnpm/network.auth-header@1101.1.1
222
+ - @pnpm/workspace.project-manifest-reader@1100.0.11
223
+
224
+ ## 1101.3.2
225
+
226
+ ### Patch Changes
227
+
228
+ - Updated dependencies [5192edf]
229
+ - Updated dependencies [a017bf3]
230
+ - @pnpm/network.auth-header@1101.1.0
231
+ - @pnpm/config.reader@1101.6.0
232
+ - @pnpm/types@1101.3.0
233
+ - @pnpm/installing.commands@1100.7.2
234
+ - @pnpm/deps.compliance.audit@1101.0.13
235
+ - @pnpm/deps.security.signatures@1101.1.6
236
+ - @pnpm/cli.meta@1100.0.6
237
+ - @pnpm/cli.utils@1101.0.9
238
+ - @pnpm/config.pick-registry-for-package@1100.0.7
239
+ - @pnpm/config.writer@1100.0.11
240
+ - @pnpm/deps.compliance.license-scanner@1100.0.16
241
+ - @pnpm/deps.compliance.sbom@1100.1.6
242
+ - @pnpm/lockfile.fs@1100.1.3
243
+ - @pnpm/lockfile.types@1100.0.9
244
+ - @pnpm/lockfile.utils@1100.0.11
245
+ - @pnpm/lockfile.walker@1100.0.9
246
+ - @pnpm/workspace.project-manifest-reader@1100.0.10
247
+
248
+ ## 1101.3.1
249
+
250
+ ### Patch Changes
251
+
252
+ - Updated dependencies [719cc21]
253
+ - @pnpm/deps.compliance.audit@1101.0.12
254
+ - @pnpm/installing.commands@1100.7.1
255
+
256
+ ## 1101.3.0
257
+
258
+ ### Minor Changes
259
+
260
+ - 2cadfb5: Replaced `enquirer` with `@inquirer/prompts` for all interactive prompts. Fixes the `update -i` scrolling overflow bug where long choice lists were clipped in the terminal [#6643](https://github.com/pnpm/pnpm/issues/6643).
261
+
262
+ **User-facing changes:**
263
+
264
+ - `pnpm update -i` / `pnpm update -i --latest`: Scrolling now works correctly when many packages are available; the new library uses visual-line-aware pagination via `usePagination`
265
+ - `pnpm audit --fix -i`: Same scrolling fix for vulnerability selection
266
+ - `pnpm approve-builds`: Interactive build approval prompts updated
267
+ - `pnpm patch`: Version selection and "apply to all" prompts updated
268
+ - `pnpm patch-remove`: Patch removal selection updated
269
+ - `pnpm publish`: Branch confirmation prompt updated
270
+ - `pnpm login`: Credential prompts updated
271
+ - `pnpm run` / `pnpm exec` (with `verifyDepsBeforeRun=prompt`): Confirmation prompt updated
272
+
273
+ Vim-style `j`/`k` keys still work for up/down navigation in all interactive prompts.
274
+
275
+ **Internal:** The `OtpEnquirer` and `LoginEnquirer` DI interfaces changed from `{ prompt }` to `{ input }` / `{ input, password }` respectively. Plugins or custom builds that inject their own enquirer mock will need to update.
276
+
277
+ ### Patch Changes
278
+
279
+ - Updated dependencies [a39a83d]
280
+ - Updated dependencies [2cadfb5]
281
+ - @pnpm/config.reader@1101.5.0
282
+ - @pnpm/installing.commands@1100.7.0
283
+ - @pnpm/deps.compliance.audit@1101.0.11
284
+ - @pnpm/deps.security.signatures@1101.1.5
285
+
286
+ ## 1101.2.8
287
+
288
+ ### Patch Changes
289
+
290
+ - Updated dependencies [a23956e]
291
+ - Updated dependencies [aa6149d]
292
+ - Updated dependencies [a456dc7]
293
+ - Updated dependencies [572842a]
294
+ - Updated dependencies [e55f4b5]
295
+ - Updated dependencies [35d2355]
296
+ - @pnpm/config.reader@1101.4.1
297
+ - @pnpm/network.auth-header@1101.0.0
298
+ - @pnpm/installing.commands@1100.6.0
299
+ - @pnpm/workspace.project-manifest-reader@1100.0.9
300
+ - @pnpm/lockfile.utils@1100.0.10
301
+ - @pnpm/types@1101.2.0
302
+ - @pnpm/cli.utils@1101.0.8
303
+ - @pnpm/deps.compliance.audit@1101.0.10
304
+ - @pnpm/deps.compliance.license-scanner@1100.0.15
305
+ - @pnpm/deps.compliance.sbom@1100.1.5
306
+ - @pnpm/lockfile.fs@1100.1.2
307
+ - @pnpm/cli.meta@1100.0.5
308
+ - @pnpm/config.pick-registry-for-package@1100.0.6
309
+ - @pnpm/config.writer@1100.0.10
310
+ - @pnpm/lockfile.types@1100.0.8
311
+ - @pnpm/lockfile.walker@1100.0.8
312
+ - @pnpm/deps.security.signatures@1101.1.4
313
+
314
+ ## 1101.2.7
315
+
316
+ ### Patch Changes
317
+
318
+ - Updated dependencies [d7da112]
319
+ - Updated dependencies [3b62f9d]
320
+ - Updated dependencies [212315d]
321
+ - @pnpm/workspace.project-manifest-reader@1100.0.8
322
+ - @pnpm/config.reader@1101.4.0
323
+ - @pnpm/installing.commands@1100.5.0
324
+ - @pnpm/cli.utils@1101.0.7
325
+ - @pnpm/deps.compliance.license-scanner@1100.0.14
326
+ - @pnpm/deps.compliance.sbom@1100.1.4
327
+
328
+ ## 1101.2.6
329
+
330
+ ### Patch Changes
331
+
332
+ - Updated dependencies [881a865]
333
+ - @pnpm/installing.commands@1100.4.2
334
+
335
+ ## 1101.2.5
336
+
337
+ ### Patch Changes
338
+
339
+ - Updated dependencies [097983f]
340
+ - @pnpm/config.pick-registry-for-package@1100.0.5
341
+ - @pnpm/installing.commands@1100.4.1
342
+
343
+ ## 1101.2.4
344
+
345
+ ### Patch Changes
346
+
347
+ - Updated dependencies [3687b0e]
348
+ - Updated dependencies [ced20cb]
349
+ - Updated dependencies [a620557]
350
+ - Updated dependencies [9cb48bb]
351
+ - Updated dependencies [d1b340f]
352
+ - Updated dependencies [b206a15]
353
+ - Updated dependencies [64afc92]
354
+ - @pnpm/config.reader@1101.3.3
355
+ - @pnpm/installing.commands@1100.4.0
356
+ - @pnpm/lockfile.fs@1100.1.1
357
+ - @pnpm/types@1101.1.1
358
+ - @pnpm/deps.compliance.audit@1101.0.9
359
+ - @pnpm/deps.compliance.license-scanner@1100.0.13
360
+ - @pnpm/deps.compliance.sbom@1100.1.3
361
+ - @pnpm/lockfile.types@1100.0.7
362
+ - @pnpm/lockfile.utils@1100.0.9
363
+ - @pnpm/cli.utils@1101.0.6
364
+ - @pnpm/workspace.project-manifest-reader@1100.0.7
365
+ - @pnpm/cli.meta@1100.0.4
366
+ - @pnpm/config.pick-registry-for-package@1100.0.4
367
+ - @pnpm/config.writer@1100.0.9
368
+ - @pnpm/lockfile.walker@1100.0.7
369
+ - @pnpm/network.auth-header@1100.0.3
370
+ - @pnpm/deps.security.signatures@1101.1.3
371
+
372
+ ## 1101.2.3
373
+
374
+ ### Patch Changes
375
+
376
+ - Updated dependencies [4195766]
377
+ - Updated dependencies [020ac45]
378
+ - Updated dependencies [d3f8408]
379
+ - Updated dependencies [6e93f35]
380
+ - Updated dependencies [a62f959]
381
+ - Updated dependencies [ba2c884]
382
+ - Updated dependencies [2a9bd89]
383
+ - Updated dependencies [8df408c]
384
+ - @pnpm/installing.commands@1100.3.0
385
+ - @pnpm/config.reader@1101.3.2
386
+ - @pnpm/lockfile.fs@1100.1.0
387
+ - @pnpm/deps.compliance.sbom@1100.1.2
388
+ - @pnpm/lockfile.types@1100.0.6
389
+ - @pnpm/lockfile.utils@1100.0.8
390
+ - @pnpm/deps.compliance.audit@1101.0.8
391
+ - @pnpm/deps.compliance.license-scanner@1100.0.12
392
+ - @pnpm/lockfile.walker@1100.0.6
393
+ - @pnpm/cli.utils@1101.0.5
394
+ - @pnpm/deps.security.signatures@1101.1.2
395
+ - @pnpm/workspace.project-manifest-reader@1100.0.6
396
+ - @pnpm/config.writer@1100.0.8
397
+
398
+ ## 1101.2.2
399
+
400
+ ### Patch Changes
401
+
402
+ - Updated dependencies [180aee9]
403
+ - @pnpm/installing.commands@1100.2.2
404
+ - @pnpm/lockfile.fs@1100.0.8
405
+ - @pnpm/cli.utils@1101.0.4
406
+ - @pnpm/config.reader@1101.3.1
407
+ - @pnpm/workspace.project-manifest-reader@1100.0.5
408
+ - @pnpm/deps.compliance.audit@1101.0.7
409
+ - @pnpm/deps.security.signatures@1101.1.1
410
+ - @pnpm/deps.compliance.license-scanner@1100.0.11
411
+ - @pnpm/deps.compliance.sbom@1100.1.1
412
+
413
+ ## 1101.2.1
414
+
415
+ ### Patch Changes
416
+
417
+ - @pnpm/installing.commands@1100.2.1
418
+
419
+ ## 1101.2.0
420
+
421
+ ### Minor Changes
422
+
423
+ - 6ac06cb: Added `pnpm audit signatures` to verify ECDSA registry signatures for installed packages against keys from `/-/npm/v1/keys` [#7909](https://github.com/pnpm/pnpm/issues/7909). Scoped registries are respected, and registries without signing keys are skipped.
424
+
425
+ ### Patch Changes
426
+
427
+ - Updated dependencies [6ac06cb]
428
+ - Updated dependencies [b61e268]
429
+ - Updated dependencies [87b4bac]
430
+ - Updated dependencies [e1e29c1]
431
+ - @pnpm/deps.security.signatures@1101.1.0
432
+ - @pnpm/config.reader@1101.3.0
433
+ - @pnpm/types@1101.1.0
434
+ - @pnpm/deps.compliance.sbom@1100.1.0
435
+ - @pnpm/installing.commands@1100.2.0
436
+ - @pnpm/deps.compliance.audit@1101.0.6
437
+ - @pnpm/cli.meta@1100.0.3
438
+ - @pnpm/cli.utils@1101.0.3
439
+ - @pnpm/config.pick-registry-for-package@1100.0.3
440
+ - @pnpm/config.writer@1100.0.7
441
+ - @pnpm/deps.compliance.license-scanner@1100.0.10
442
+ - @pnpm/lockfile.fs@1100.0.7
443
+ - @pnpm/lockfile.types@1100.0.5
444
+ - @pnpm/lockfile.utils@1100.0.7
445
+ - @pnpm/lockfile.walker@1100.0.5
446
+ - @pnpm/network.auth-header@1100.0.2
447
+ - @pnpm/workspace.project-manifest-reader@1100.0.4
448
+
449
+ ## 1101.1.11
450
+
451
+ ### Patch Changes
452
+
453
+ - Updated dependencies [e9e876c]
454
+ - Updated dependencies [15e9e35]
455
+ - @pnpm/config.reader@1101.2.2
456
+ - @pnpm/installing.commands@1100.1.12
457
+ - @pnpm/deps.compliance.license-scanner@1100.0.9
458
+ - @pnpm/deps.compliance.sbom@1100.0.9
459
+
460
+ ## 1101.1.10
461
+
462
+ ### Patch Changes
463
+
464
+ - Updated dependencies [cfa271b]
465
+ - @pnpm/lockfile.utils@1100.0.6
466
+ - @pnpm/deps.compliance.audit@1101.0.5
467
+ - @pnpm/deps.compliance.license-scanner@1100.0.8
468
+ - @pnpm/deps.compliance.sbom@1100.0.8
469
+ - @pnpm/lockfile.fs@1100.0.6
470
+ - @pnpm/installing.commands@1100.1.11
471
+
472
+ ## 1101.1.9
473
+
474
+ ### Patch Changes
475
+
476
+ - Updated dependencies [27425d7]
477
+ - Updated dependencies [707a879]
478
+ - @pnpm/lockfile.fs@1100.0.5
479
+ - @pnpm/lockfile.types@1100.0.4
480
+ - @pnpm/lockfile.utils@1100.0.5
481
+ - @pnpm/config.reader@1101.2.1
482
+ - @pnpm/installing.commands@1100.1.10
483
+ - @pnpm/deps.compliance.audit@1101.0.4
484
+ - @pnpm/deps.compliance.license-scanner@1100.0.7
485
+ - @pnpm/deps.compliance.sbom@1100.0.7
486
+ - @pnpm/lockfile.walker@1100.0.4
487
+ - @pnpm/config.writer@1100.0.6
488
+
489
+ ## 1101.1.8
490
+
491
+ ### Patch Changes
492
+
493
+ - Updated dependencies [8fdd9a9]
494
+ - Updated dependencies [5f34a8d]
495
+ - Updated dependencies [c969392]
496
+ - Updated dependencies [817b1b4]
497
+ - Updated dependencies [c969392]
498
+ - Updated dependencies [2de318b]
499
+ - @pnpm/config.reader@1101.2.0
500
+ - @pnpm/installing.commands@1100.1.9
501
+ - @pnpm/config.writer@1100.0.5
502
+
503
+ ## 1101.1.7
504
+
505
+ ### Patch Changes
506
+
507
+ - Updated dependencies [f6bc1db]
508
+ - @pnpm/installing.commands@1100.1.8
509
+
510
+ ## 1101.1.6
511
+
512
+ ### Patch Changes
513
+
514
+ - Updated dependencies [42a8f29]
515
+ - @pnpm/config.reader@1101.1.4
516
+ - @pnpm/installing.commands@1100.1.7
517
+
518
+ ## 1101.1.5
519
+
520
+ ### Patch Changes
521
+
522
+ - Updated dependencies [184ce26]
523
+ - Updated dependencies [6b891a5]
524
+ - @pnpm/workspace.project-manifest-reader@1100.0.3
525
+ - @pnpm/deps.compliance.license-scanner@1100.0.6
526
+ - @pnpm/cli.common-cli-options-help@1100.0.1
527
+ - @pnpm/deps.compliance.audit@1101.0.3
528
+ - @pnpm/installing.commands@1100.1.6
529
+ - @pnpm/config.reader@1101.1.3
530
+ - @pnpm/config.writer@1100.0.4
531
+ - @pnpm/cli.command@1100.0.1
532
+ - @pnpm/store.path@1100.0.1
533
+ - @pnpm/cli.utils@1101.0.2
534
+ - @pnpm/cli.meta@1100.0.2
535
+ - @pnpm/lockfile.utils@1100.0.4
536
+ - @pnpm/deps.compliance.sbom@1100.0.6
537
+ - @pnpm/lockfile.types@1100.0.3
538
+ - @pnpm/lockfile.fs@1100.0.4
539
+ - @pnpm/lockfile.walker@1100.0.3
540
+
541
+ ## 1101.1.4
542
+
543
+ ### Patch Changes
544
+
545
+ - @pnpm/cli.utils@1101.0.1
546
+ - @pnpm/deps.compliance.license-scanner@1100.0.5
547
+ - @pnpm/installing.commands@1100.1.5
548
+
549
+ ## 1101.1.3
550
+
551
+ ### Patch Changes
552
+
553
+ - 5e11362: Sort the keys of the overrides object returned by `pnpm audit --fix` so that the log output order matches the order written to `pnpm-workspace.yaml`.
554
+ - Updated dependencies [f9afe81]
555
+ - Updated dependencies [0fbcf74]
556
+ - @pnpm/deps.compliance.sbom@1100.0.5
557
+ - @pnpm/config.reader@1101.1.2
558
+ - @pnpm/installing.commands@1100.1.4
559
+ - @pnpm/config.writer@1100.0.3
560
+
561
+ ## 1101.1.2
562
+
563
+ ### Patch Changes
564
+
565
+ - @pnpm/installing.commands@1100.1.3
566
+
567
+ ## 1101.1.1
568
+
569
+ ### Patch Changes
570
+
571
+ - @pnpm/deps.compliance.license-scanner@1100.0.4
572
+ - @pnpm/deps.compliance.sbom@1100.0.4
573
+ - @pnpm/installing.commands@1100.1.2
574
+ - @pnpm/lockfile.utils@1100.0.3
575
+ - @pnpm/deps.compliance.audit@1101.0.2
576
+ - @pnpm/lockfile.fs@1100.0.3
577
+ - @pnpm/config.reader@1101.1.1
578
+
579
+ ## 1101.1.0
580
+
581
+ ### Minor Changes
582
+
583
+ - 390ee62: `pnpm audit --fix` now respects the `auditLevel` setting and supports a new interactive mode via `--interactive`/`-i`. Previously, `pnpm audit --fix` would fix all vulnerabilities regardless of the configured `auditLevel`, while `pnpm audit` (without `--fix`) correctly filtered by severity. Now both commands consistently filter advisories by the `auditLevel` setting, and you can use `pnpm audit --fix -i` to review and select which vulnerabilities to fix interactively.
584
+
585
+ Overrides emitted by `pnpm audit --fix` now use a caret range (`^X.Y.Z`) instead of an open-ended `>=X.Y.Z`, so applying a security fix can no longer silently promote a dependency across a major version boundary.
586
+
587
+ ### Patch Changes
588
+
589
+ - 61952c2: `pnpm sbom` now detects licenses declared via the deprecated `licenses` array in `package.json` (e.g. `busboy`, `streamsearch`, `limiter`) and falls back to scanning on-disk `LICENSE` files — mirroring the resolution logic of `pnpm licenses`. Previously these packages were reported as `NOASSERTION`. Shared license resolution (manifest parsing + LICENSE-file fallback) lives in the new `@pnpm/deps.compliance.license-resolver` package. When a manifest sets both `license` and `licenses`, the modern `license` field now takes precedence for both commands (previously `pnpm licenses` preferred `licenses`) [#11248](https://github.com/pnpm/pnpm/issues/11248).
590
+ - Updated dependencies [7d25bc1]
591
+ - Updated dependencies [9e0833c]
592
+ - Updated dependencies [61952c2]
593
+ - @pnpm/config.reader@1101.1.0
594
+ - @pnpm/deps.compliance.license-resolver@1100.0.0
595
+ - @pnpm/deps.compliance.sbom@1100.0.3
596
+ - @pnpm/deps.compliance.license-scanner@1100.0.3
597
+ - @pnpm/installing.commands@1100.1.1
598
+ - @pnpm/lockfile.types@1100.0.2
599
+ - @pnpm/lockfile.utils@1100.0.2
600
+ - @pnpm/deps.compliance.audit@1101.0.1
601
+ - @pnpm/lockfile.fs@1100.0.2
602
+ - @pnpm/lockfile.walker@1100.0.2
603
+ - @pnpm/config.writer@1100.0.2
604
+
605
+ ## 1101.0.1
606
+
607
+ ### Patch Changes
608
+
609
+ - Updated dependencies [cee550a]
610
+ - Updated dependencies [4ab3d9b]
611
+ - Updated dependencies [9af708a]
612
+ - Updated dependencies [ea2a7fb]
613
+ - Updated dependencies [ff7733c]
614
+ - @pnpm/cli.utils@1101.0.0
615
+ - @pnpm/config.reader@1101.0.0
616
+ - @pnpm/installing.commands@1100.1.0
617
+ - @pnpm/workspace.project-manifest-reader@1100.0.2
618
+ - @pnpm/deps.compliance.license-scanner@1100.0.2
619
+ - @pnpm/deps.compliance.sbom@1100.0.2
620
+
621
+ ## 1101.0.0
622
+
623
+ ### Major Changes
624
+
625
+ - ff28085: `pnpm audit` now calls npm's `/-/npm/v1/security/advisories/bulk` endpoint. The legacy `/-/npm/v1/security/audits{,/quick}` endpoints have been retired by the registry, so the legacy request/response contract is no longer supported.
626
+
627
+ The bulk endpoint does not return CVE identifiers. CVE-based filtering has been replaced with GitHub advisory ID (GHSA) filtering:
628
+
629
+ - `auditConfig.ignoreCves` → `auditConfig.ignoreGhsas` (the previous key is no longer recognized)
630
+ - `pnpm audit --ignore <id>` / `pnpm audit --ignore-unfixable` now read and write GHSAs instead of CVEs
631
+ - GHSAs are derived from each advisory's `url` (`https://github.com/advisories/GHSA-xxxx-xxxx-xxxx`)
632
+
633
+ To migrate: replace each `CVE-YYYY-NNNNN` entry in your `auditConfig.ignoreCves` with the corresponding `GHSA-xxxx-xxxx-xxxx` value (visible in the `More info` column of `pnpm audit` output) and move it under `auditConfig.ignoreGhsas`.
634
+
635
+ ### Patch Changes
636
+
637
+ - Updated dependencies [ff28085]
638
+ - @pnpm/deps.compliance.audit@1101.0.0
639
+ - @pnpm/types@1101.0.0
640
+ - @pnpm/cli.meta@1100.0.1
641
+ - @pnpm/cli.utils@1100.0.1
642
+ - @pnpm/config.reader@1100.0.1
643
+ - @pnpm/config.writer@1100.0.1
644
+ - @pnpm/deps.compliance.license-scanner@1100.0.1
645
+ - @pnpm/deps.compliance.sbom@1100.0.1
646
+ - @pnpm/installing.commands@1100.0.1
647
+ - @pnpm/lockfile.fs@1100.0.1
648
+ - @pnpm/lockfile.types@1100.0.1
649
+ - @pnpm/lockfile.utils@1100.0.1
650
+ - @pnpm/lockfile.walker@1100.0.1
651
+ - @pnpm/network.auth-header@1100.0.1
652
+ - @pnpm/workspace.project-manifest-reader@1100.0.1
653
+
654
+ ## 1001.0.0
655
+
656
+ ### Major Changes
657
+
658
+ - 491a84f: This package is now pure ESM.
659
+ - 7d2fd48: Node.js v18, 19, 20, and 21 support discontinued.
660
+
661
+ ### Minor Changes
662
+
663
+ - f92ac24: Added `pnpm sbom` command for generating Software Bill of Materials in CycloneDX 1.7 and SPDX 2.3 JSON formats [#9088](https://github.com/pnpm/pnpm/issues/9088).
664
+ - 6d56db2: The `pnpm audit` command now also audits dependencies from `pnpm-lock.yaml`, including `configDependencies` and `packageManagerDependencies` along with their transitive dependencies.
665
+ - 7721d2e: `pnpm audit --fix` now adds the minimum patched versions to `minimumReleaseAgeExclude` in `pnpm-workspace.yaml` [#10263](https://github.com/pnpm/pnpm/issues/10263).
666
+
667
+ When `minimumReleaseAge` is configured, security patches suggested by `pnpm audit` may be blocked because the patched versions are too new. Now, `pnpm audit --fix` automatically adds the minimum patched version for each vulnerability (e.g., `axios@0.21.2`) to `minimumReleaseAgeExclude`, so that `pnpm install` can install the security fix without waiting for it to mature.
668
+
669
+ - 4158906: Support configuring `auditLevel` in the `pnpm-workspace.yaml` file [#10540](https://github.com/pnpm/pnpm/issues/10540).
670
+ - 15549a9: Add the ability to fix vulnerabilities by updating packages in the lockfile instead of adding overrides.
671
+
672
+ ### Patch Changes
673
+
674
+ - 3c36e8d: Fixed `pnpm audit --json` to respect the `--audit-level` setting for both exit code and output filtering [#10540](https://github.com/pnpm/pnpm/issues/10540).
675
+ - 121f64a: Fix `pnpm audit --fix` replacing reference overrides (e.g. `$foo`) with concrete versions [#10325](https://github.com/pnpm/pnpm/issues/10325).
676
+ - a969839: fixed help text for audit --ignore-registry-errors
677
+ - Updated dependencies [e1ea779]
678
+ - Updated dependencies [f92ac24]
679
+ - Updated dependencies [7730a7f]
680
+ - Updated dependencies [996284f]
681
+ - Updated dependencies [6d56db2]
682
+ - Updated dependencies [7721d2e]
683
+ - Updated dependencies [315cae8]
684
+ - Updated dependencies [ae8b816]
685
+ - Updated dependencies [facdd71]
686
+ - Updated dependencies [4c6c26a]
687
+ - Updated dependencies [e2e0a32]
688
+ - Updated dependencies [c55c614]
689
+ - Updated dependencies [3c72b6b]
690
+ - Updated dependencies [9f5c0e3]
691
+ - Updated dependencies [76718b3]
692
+ - Updated dependencies [a8f016c]
693
+ - Updated dependencies [cc1b8e3]
694
+ - Updated dependencies [90bd3c3]
695
+ - Updated dependencies [1cc61e8]
696
+ - Updated dependencies [606f53e]
697
+ - Updated dependencies [c7203b9]
698
+ - Updated dependencies [bb17724]
699
+ - Updated dependencies [da2429d]
700
+ - Updated dependencies [0b5ccc9]
701
+ - Updated dependencies [1cc61e8]
702
+ - Updated dependencies [491a84f]
703
+ - Updated dependencies [fb8962f]
704
+ - Updated dependencies [f0ae1b9]
705
+ - Updated dependencies [9fc552d]
706
+ - Updated dependencies [312226c]
707
+ - Updated dependencies [b1ad9c7]
708
+ - Updated dependencies [121f64a]
709
+ - Updated dependencies [7fab2a2]
710
+ - Updated dependencies [cb367b9]
711
+ - Updated dependencies [543c7e4]
712
+ - Updated dependencies [075aa99]
713
+ - Updated dependencies [fd511e4]
714
+ - Updated dependencies [ae43ac7]
715
+ - Updated dependencies [ccec8e7]
716
+ - Updated dependencies [98a5f1c]
717
+ - Updated dependencies [fd511e4]
718
+ - Updated dependencies [fa5a5c6]
719
+ - Updated dependencies [4158906]
720
+ - Updated dependencies [ac944ef]
721
+ - Updated dependencies [d458ab3]
722
+ - Updated dependencies [7d2fd48]
723
+ - Updated dependencies [cc7c0d2]
724
+ - Updated dependencies [efb48dc]
725
+ - Updated dependencies [d5d4eed]
726
+ - Updated dependencies [095f659]
727
+ - Updated dependencies [96704a1]
728
+ - Updated dependencies [50fbeca]
729
+ - Updated dependencies [cb367b9]
730
+ - Updated dependencies [7b1c189]
731
+ - Updated dependencies [51b04c3]
732
+ - Updated dependencies [6f806be]
733
+ - Updated dependencies [d01b81f]
734
+ - Updated dependencies [3ed41f4]
735
+ - Updated dependencies [8ffb1a7]
736
+ - Updated dependencies [05fb1ae]
737
+ - Updated dependencies [71de2b3]
738
+ - Updated dependencies [10bc391]
739
+ - Updated dependencies [ace7903]
740
+ - Updated dependencies [38b8e35]
741
+ - Updated dependencies [394d88c]
742
+ - Updated dependencies [831f574]
743
+ - Updated dependencies [2df8b71]
744
+ - Updated dependencies [ed1a7fe]
745
+ - Updated dependencies [15549a9]
746
+ - Updated dependencies [b51bb42]
747
+ - Updated dependencies [cc7c0d2]
748
+ - Updated dependencies [5bf7768]
749
+ - Updated dependencies [ae43ac7]
750
+ - Updated dependencies [a5fdbf9]
751
+ - Updated dependencies [9d3f00b]
752
+ - Updated dependencies [efb48dc]
753
+ - Updated dependencies [9587dac]
754
+ - Updated dependencies [09a999a]
755
+ - Updated dependencies [559f903]
756
+ - Updated dependencies [3574905]
757
+ - @pnpm/cli.common-cli-options-help@1001.0.0
758
+ - @pnpm/deps.compliance.sbom@1000.0.0
759
+ - @pnpm/config.reader@1005.0.0
760
+ - @pnpm/installing.commands@1005.0.0
761
+ - @pnpm/deps.compliance.audit@1003.0.0
762
+ - @pnpm/config.writer@1001.0.0
763
+ - @pnpm/deps.compliance.license-scanner@1002.0.0
764
+ - @pnpm/constants@1002.0.0
765
+ - @pnpm/types@1001.0.0
766
+ - @pnpm/lockfile.fs@1002.0.0
767
+ - @pnpm/lockfile.types@1003.0.0
768
+ - @pnpm/lockfile.utils@1004.0.0
769
+ - @pnpm/cli.utils@1002.0.0
770
+ - @pnpm/workspace.project-manifest-reader@1002.0.0
771
+ - @pnpm/network.auth-header@1001.0.0
772
+ - @pnpm/store.path@1001.0.0
773
+ - @pnpm/lockfile.walker@1002.0.0
774
+ - @pnpm/error@1001.0.0
775
+ - @pnpm/cli.meta@1001.0.0
776
+ - @pnpm/cli.command@1001.0.0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pnpm/deps.compliance.commands",
3
- "version": "1101.5.2",
3
+ "version": "1101.5.4",
4
4
  "description": "pnpm commands for audit, licenses, and sbom",
5
5
  "keywords": [
6
6
  "pnpm",
@@ -31,59 +31,59 @@
31
31
  ],
32
32
  "dependencies": {
33
33
  "@inquirer/prompts": "^8.4.3",
34
+ "@pnpm/cli.command": "1100.0.1",
35
+ "@pnpm/cli.common-cli-options-help": "1100.0.2",
36
+ "@pnpm/cli.meta": "1100.0.9",
37
+ "@pnpm/cli.utils": "1101.0.14",
38
+ "@pnpm/config.pick-registry-for-package": "1100.0.10",
39
+ "@pnpm/config.reader": "1101.12.0",
40
+ "@pnpm/config.version-policy": "1100.1.7",
41
+ "@pnpm/config.writer": "1100.0.16",
42
+ "@pnpm/constants": "1100.0.0",
43
+ "@pnpm/deps.compliance.audit": "1101.0.22",
44
+ "@pnpm/deps.compliance.license-resolver": "1100.0.0",
45
+ "@pnpm/deps.compliance.license-scanner": "1100.0.25",
46
+ "@pnpm/deps.compliance.sbom": "1100.3.3",
47
+ "@pnpm/deps.security.signatures": "1101.2.4",
48
+ "@pnpm/error": "1100.0.1",
49
+ "@pnpm/installing.commands": "1100.10.5",
50
+ "@pnpm/lockfile.fs": "1100.1.11",
51
+ "@pnpm/lockfile.types": "1100.0.14",
52
+ "@pnpm/lockfile.utils": "1100.1.3",
53
+ "@pnpm/lockfile.walker": "1100.0.14",
54
+ "@pnpm/network.auth-header": "1101.1.4",
55
+ "@pnpm/object.key-sorting": "1100.0.1",
56
+ "@pnpm/store.path": "1100.0.2",
57
+ "@pnpm/types": "1101.4.0",
58
+ "@pnpm/workspace.project-manifest-reader": "1100.0.15",
34
59
  "@zkochan/table": "^2.0.1",
35
60
  "chalk": "^5.6.2",
36
61
  "memoize": "^11.0.0",
37
62
  "p-limit": "^7.3.0",
38
63
  "ramda": "npm:@pnpm/ramda@0.28.1",
39
64
  "render-help": "^2.0.0",
40
- "semver": "^7.8.4",
41
- "@pnpm/cli.command": "1100.0.1",
42
- "@pnpm/cli.meta": "1100.0.8",
43
- "@pnpm/config.pick-registry-for-package": "1100.0.9",
44
- "@pnpm/config.version-policy": "1100.1.6",
45
- "@pnpm/cli.utils": "1101.0.13",
46
- "@pnpm/cli.common-cli-options-help": "1100.0.2",
47
- "@pnpm/config.writer": "1100.0.15",
48
- "@pnpm/constants": "1100.0.0",
49
- "@pnpm/deps.compliance.audit": "1101.0.20",
50
- "@pnpm/deps.compliance.sbom": "1100.3.1",
51
- "@pnpm/config.reader": "1101.11.1",
52
- "@pnpm/deps.security.signatures": "1101.2.3",
53
- "@pnpm/error": "1100.0.1",
54
- "@pnpm/deps.compliance.license-scanner": "1100.0.23",
55
- "@pnpm/installing.commands": "1100.10.3",
56
- "@pnpm/lockfile.types": "1100.0.13",
57
- "@pnpm/lockfile.utils": "1100.1.1",
58
- "@pnpm/lockfile.walker": "1100.0.13",
59
- "@pnpm/lockfile.fs": "1100.1.9",
60
- "@pnpm/object.key-sorting": "1100.0.1",
61
- "@pnpm/network.auth-header": "1101.1.3",
62
- "@pnpm/workspace.project-manifest-reader": "1100.0.14",
63
- "@pnpm/types": "1101.3.2",
64
- "@pnpm/deps.compliance.license-resolver": "1100.0.0",
65
- "@pnpm/store.path": "1100.0.2"
65
+ "semver": "^7.8.4"
66
66
  },
67
67
  "peerDependencies": {
68
68
  "@pnpm/logger": "^1100.0.0"
69
69
  },
70
70
  "devDependencies": {
71
71
  "@jest/globals": "30.4.1",
72
+ "@pnpm/deps.compliance.commands": "1101.5.4",
73
+ "@pnpm/logger": "1100.0.0",
74
+ "@pnpm/pkg-manifest.reader": "1100.0.10",
75
+ "@pnpm/prepare": "1100.0.19",
76
+ "@pnpm/test-fixtures": "1100.0.0",
77
+ "@pnpm/testing.command-defaults": "1100.0.9",
78
+ "@pnpm/testing.mock-agent": "1101.0.5",
79
+ "@pnpm/testing.registry-mock": "1100.0.9",
80
+ "@pnpm/workspace.projects-filter": "1100.0.27",
72
81
  "@types/ramda": "0.31.1",
73
82
  "@types/semver": "7.7.1",
74
83
  "@types/zkochan__table": "npm:@types/table@6.3.2",
75
84
  "load-json-file": "^7.0.1",
76
85
  "read-yaml-file": "^3.0.0",
77
- "tempy": "3.0.0",
78
- "@pnpm/deps.compliance.commands": "1101.5.2",
79
- "@pnpm/logger": "1100.0.0",
80
- "@pnpm/pkg-manifest.reader": "1100.0.9",
81
- "@pnpm/prepare": "1100.0.18",
82
- "@pnpm/test-fixtures": "1100.0.0",
83
- "@pnpm/testing.mock-agent": "1101.0.4",
84
- "@pnpm/testing.command-defaults": "1100.0.8",
85
- "@pnpm/workspace.projects-filter": "1100.0.25",
86
- "@pnpm/testing.registry-mock": "1100.0.8"
86
+ "tempy": "3.0.0"
87
87
  },
88
88
  "engines": {
89
89
  "node": ">=22.13"