@pnpm/engine.pm.commands 1101.2.0 → 1101.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -4,7 +4,7 @@ import { linkBins } from '@pnpm/bins.linker';
4
4
  import { isExecutedByCorepack, packageManager } from '@pnpm/cli.meta';
5
5
  import { docsUrl } from '@pnpm/cli.utils';
6
6
  import { parsePackageManager, shouldPersistLockfile, types as allTypes } from '@pnpm/config.reader';
7
- import { getPublishedByPolicy } from '@pnpm/config.version-policy';
7
+ import { createPackageVersionPolicyOrThrow, getPublishedByPolicy } from '@pnpm/config.version-policy';
8
8
  import { PnpmError } from '@pnpm/error';
9
9
  import { createResolver, makeResolutionStrict } from '@pnpm/installing.client';
10
10
  import { resolvePackageManagerIntegrities } from '@pnpm/installing.env-installer';
@@ -52,9 +52,20 @@ export async function handler(opts, params) {
52
52
  throw new PnpmError('CANT_SELF_UPDATE_IN_COREPACK', 'You should update pnpm with corepack');
53
53
  }
54
54
  globalInfo('Checking for updates...');
55
+ // Resolve the engine version exactly as a regular install would. The
56
+ // no-downgrade trust check reads per-version trust evidence (`_npmUser` /
57
+ // `dist.attestations`) that abbreviated metadata never carries — so it
58
+ // always needs full metadata, regardless of `registrySupportsTimeField`
59
+ // (which only concerns the `time` field). Time-based resolution needs
60
+ // only `time`. `minimumReleaseAge` is handled by the resolver's on-demand
61
+ // abbreviated→full upgrade, so it isn't requested up front here.
62
+ const fullMetadata = (opts.trustPolicy === 'no-downgrade' ||
63
+ (opts.resolutionMode === 'time-based' && !opts.registrySupportsTimeField));
55
64
  const { resolve: baseResolve } = createResolver({
56
65
  ...opts,
57
66
  configByUri: opts.configByUri,
67
+ fullMetadata,
68
+ filterMetadata: fullMetadata,
58
69
  ignoreMissingTimeField: opts.minimumReleaseAgeIgnoreMissingTime,
59
70
  });
60
71
  // self-update has nowhere to "defer to" either — wrap the resolver
@@ -81,6 +92,15 @@ export async function handler(opts, params) {
81
92
  projectDir: opts.dir,
82
93
  publishedBy,
83
94
  publishedByExclude,
95
+ // Unlike `dlx` (whose real install re-resolves through the store
96
+ // controller), this `resolve` is self-update's only version selection,
97
+ // so the trust policy has to be passed here for the no-downgrade check
98
+ // to run.
99
+ trustPolicy: opts.trustPolicy,
100
+ trustPolicyExclude: opts.trustPolicyExclude
101
+ ? createPackageVersionPolicyOrThrow(opts.trustPolicyExclude, 'trustPolicyExclude')
102
+ : undefined,
103
+ trustPolicyIgnoreAfter: opts.trustPolicyIgnoreAfter,
84
104
  });
85
105
  if (!resolution?.manifest) {
86
106
  throw new PnpmError('CANNOT_RESOLVE_PNPM', `Cannot find "${bareSpecifier}" version of pnpm`);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pnpm/engine.pm.commands",
3
- "version": "1101.2.0",
3
+ "version": "1101.2.1",
4
4
  "description": "pnpm commands for self-updating and setting up pnpm",
5
5
  "keywords": [
6
6
  "pnpm",
@@ -36,29 +36,29 @@
36
36
  "semver": "^7.8.4",
37
37
  "symlink-dir": "^10.0.1",
38
38
  "@pnpm/bins.linker": "1100.0.16",
39
+ "@pnpm/building.policy": "1100.0.12",
40
+ "@pnpm/cli.meta": "1100.0.8",
39
41
  "@pnpm/cli.utils": "1101.0.13",
40
42
  "@pnpm/config.pick-registry-for-package": "1100.0.9",
41
- "@pnpm/building.policy": "1100.0.11",
42
- "@pnpm/cli.meta": "1100.0.8",
43
- "@pnpm/config.reader": "1101.11.0",
43
+ "@pnpm/config.reader": "1101.11.1",
44
44
  "@pnpm/config.version-policy": "1100.1.6",
45
- "@pnpm/deps.graph-hasher": "1100.2.7",
46
- "@pnpm/error": "1100.0.1",
45
+ "@pnpm/deps.graph-hasher": "1100.2.8",
47
46
  "@pnpm/deps.security.signatures": "1101.2.3",
48
- "@pnpm/global.commands": "1100.0.31",
49
47
  "@pnpm/global.packages": "1100.0.10",
50
- "@pnpm/installing.client": "1100.2.11",
51
- "@pnpm/installing.deps-restorer": "1102.1.2",
52
- "@pnpm/lockfile.fs": "1100.1.8",
53
- "@pnpm/installing.env-installer": "1102.0.3",
48
+ "@pnpm/global.commands": "1100.0.32",
49
+ "@pnpm/error": "1100.0.1",
50
+ "@pnpm/installing.env-installer": "1102.0.4",
51
+ "@pnpm/lockfile.fs": "1100.1.9",
52
+ "@pnpm/installing.deps-restorer": "1102.1.3",
54
53
  "@pnpm/lockfile.types": "1100.0.13",
55
- "@pnpm/network.auth-header": "1101.1.3",
56
- "@pnpm/resolving.npm-resolver": "1102.1.1",
54
+ "@pnpm/resolving.npm-resolver": "1102.1.2",
57
55
  "@pnpm/shell.path": "1100.0.1",
58
- "@pnpm/store.connection-manager": "1100.3.3",
59
- "@pnpm/store.controller": "1102.0.3",
56
+ "@pnpm/network.auth-header": "1101.1.3",
57
+ "@pnpm/store.connection-manager": "1100.3.4",
60
58
  "@pnpm/types": "1101.3.2",
61
- "@pnpm/workspace.project-manifest-reader": "1100.0.14"
59
+ "@pnpm/workspace.project-manifest-reader": "1100.0.14",
60
+ "@pnpm/store.controller": "1102.0.3",
61
+ "@pnpm/installing.client": "1100.2.12"
62
62
  },
63
63
  "peerDependencies": {
64
64
  "@pnpm/logger": "^1100.0.0"
@@ -69,9 +69,9 @@
69
69
  "@types/ramda": "0.31.1",
70
70
  "@types/semver": "7.7.1",
71
71
  "@pnpm/constants": "1100.0.0",
72
- "@pnpm/engine.pm.commands": "1101.2.0",
73
72
  "@pnpm/error": "1100.0.1",
74
73
  "@pnpm/logger": "1100.0.0",
74
+ "@pnpm/engine.pm.commands": "1101.2.1",
75
75
  "@pnpm/prepare": "1100.0.18",
76
76
  "@pnpm/testing.mock-agent": "1101.0.4"
77
77
  },