@pnpm/engine.pm.commands 1101.2.0 → 1101.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/self-updater/selfUpdate.js +21 -1
- package/package.json +17 -17
|
@@ -4,7 +4,7 @@ import { linkBins } from '@pnpm/bins.linker';
|
|
|
4
4
|
import { isExecutedByCorepack, packageManager } from '@pnpm/cli.meta';
|
|
5
5
|
import { docsUrl } from '@pnpm/cli.utils';
|
|
6
6
|
import { parsePackageManager, shouldPersistLockfile, types as allTypes } from '@pnpm/config.reader';
|
|
7
|
-
import { getPublishedByPolicy } from '@pnpm/config.version-policy';
|
|
7
|
+
import { createPackageVersionPolicyOrThrow, getPublishedByPolicy } from '@pnpm/config.version-policy';
|
|
8
8
|
import { PnpmError } from '@pnpm/error';
|
|
9
9
|
import { createResolver, makeResolutionStrict } from '@pnpm/installing.client';
|
|
10
10
|
import { resolvePackageManagerIntegrities } from '@pnpm/installing.env-installer';
|
|
@@ -52,9 +52,20 @@ export async function handler(opts, params) {
|
|
|
52
52
|
throw new PnpmError('CANT_SELF_UPDATE_IN_COREPACK', 'You should update pnpm with corepack');
|
|
53
53
|
}
|
|
54
54
|
globalInfo('Checking for updates...');
|
|
55
|
+
// Resolve the engine version exactly as a regular install would. The
|
|
56
|
+
// no-downgrade trust check reads per-version trust evidence (`_npmUser` /
|
|
57
|
+
// `dist.attestations`) that abbreviated metadata never carries — so it
|
|
58
|
+
// always needs full metadata, regardless of `registrySupportsTimeField`
|
|
59
|
+
// (which only concerns the `time` field). Time-based resolution needs
|
|
60
|
+
// only `time`. `minimumReleaseAge` is handled by the resolver's on-demand
|
|
61
|
+
// abbreviated→full upgrade, so it isn't requested up front here.
|
|
62
|
+
const fullMetadata = (opts.trustPolicy === 'no-downgrade' ||
|
|
63
|
+
(opts.resolutionMode === 'time-based' && !opts.registrySupportsTimeField));
|
|
55
64
|
const { resolve: baseResolve } = createResolver({
|
|
56
65
|
...opts,
|
|
57
66
|
configByUri: opts.configByUri,
|
|
67
|
+
fullMetadata,
|
|
68
|
+
filterMetadata: fullMetadata,
|
|
58
69
|
ignoreMissingTimeField: opts.minimumReleaseAgeIgnoreMissingTime,
|
|
59
70
|
});
|
|
60
71
|
// self-update has nowhere to "defer to" either — wrap the resolver
|
|
@@ -81,6 +92,15 @@ export async function handler(opts, params) {
|
|
|
81
92
|
projectDir: opts.dir,
|
|
82
93
|
publishedBy,
|
|
83
94
|
publishedByExclude,
|
|
95
|
+
// Unlike `dlx` (whose real install re-resolves through the store
|
|
96
|
+
// controller), this `resolve` is self-update's only version selection,
|
|
97
|
+
// so the trust policy has to be passed here for the no-downgrade check
|
|
98
|
+
// to run.
|
|
99
|
+
trustPolicy: opts.trustPolicy,
|
|
100
|
+
trustPolicyExclude: opts.trustPolicyExclude
|
|
101
|
+
? createPackageVersionPolicyOrThrow(opts.trustPolicyExclude, 'trustPolicyExclude')
|
|
102
|
+
: undefined,
|
|
103
|
+
trustPolicyIgnoreAfter: opts.trustPolicyIgnoreAfter,
|
|
84
104
|
});
|
|
85
105
|
if (!resolution?.manifest) {
|
|
86
106
|
throw new PnpmError('CANNOT_RESOLVE_PNPM', `Cannot find "${bareSpecifier}" version of pnpm`);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pnpm/engine.pm.commands",
|
|
3
|
-
"version": "1101.2.
|
|
3
|
+
"version": "1101.2.1",
|
|
4
4
|
"description": "pnpm commands for self-updating and setting up pnpm",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pnpm",
|
|
@@ -36,29 +36,29 @@
|
|
|
36
36
|
"semver": "^7.8.4",
|
|
37
37
|
"symlink-dir": "^10.0.1",
|
|
38
38
|
"@pnpm/bins.linker": "1100.0.16",
|
|
39
|
+
"@pnpm/building.policy": "1100.0.12",
|
|
40
|
+
"@pnpm/cli.meta": "1100.0.8",
|
|
39
41
|
"@pnpm/cli.utils": "1101.0.13",
|
|
40
42
|
"@pnpm/config.pick-registry-for-package": "1100.0.9",
|
|
41
|
-
"@pnpm/
|
|
42
|
-
"@pnpm/cli.meta": "1100.0.8",
|
|
43
|
-
"@pnpm/config.reader": "1101.11.0",
|
|
43
|
+
"@pnpm/config.reader": "1101.11.1",
|
|
44
44
|
"@pnpm/config.version-policy": "1100.1.6",
|
|
45
|
-
"@pnpm/deps.graph-hasher": "1100.2.
|
|
46
|
-
"@pnpm/error": "1100.0.1",
|
|
45
|
+
"@pnpm/deps.graph-hasher": "1100.2.8",
|
|
47
46
|
"@pnpm/deps.security.signatures": "1101.2.3",
|
|
48
|
-
"@pnpm/global.commands": "1100.0.31",
|
|
49
47
|
"@pnpm/global.packages": "1100.0.10",
|
|
50
|
-
"@pnpm/
|
|
51
|
-
"@pnpm/
|
|
52
|
-
"@pnpm/
|
|
53
|
-
"@pnpm/
|
|
48
|
+
"@pnpm/global.commands": "1100.0.32",
|
|
49
|
+
"@pnpm/error": "1100.0.1",
|
|
50
|
+
"@pnpm/installing.env-installer": "1102.0.4",
|
|
51
|
+
"@pnpm/lockfile.fs": "1100.1.9",
|
|
52
|
+
"@pnpm/installing.deps-restorer": "1102.1.3",
|
|
54
53
|
"@pnpm/lockfile.types": "1100.0.13",
|
|
55
|
-
"@pnpm/
|
|
56
|
-
"@pnpm/resolving.npm-resolver": "1102.1.1",
|
|
54
|
+
"@pnpm/resolving.npm-resolver": "1102.1.2",
|
|
57
55
|
"@pnpm/shell.path": "1100.0.1",
|
|
58
|
-
"@pnpm/
|
|
59
|
-
"@pnpm/store.
|
|
56
|
+
"@pnpm/network.auth-header": "1101.1.3",
|
|
57
|
+
"@pnpm/store.connection-manager": "1100.3.4",
|
|
60
58
|
"@pnpm/types": "1101.3.2",
|
|
61
|
-
"@pnpm/workspace.project-manifest-reader": "1100.0.14"
|
|
59
|
+
"@pnpm/workspace.project-manifest-reader": "1100.0.14",
|
|
60
|
+
"@pnpm/store.controller": "1102.0.3",
|
|
61
|
+
"@pnpm/installing.client": "1100.2.12"
|
|
62
62
|
},
|
|
63
63
|
"peerDependencies": {
|
|
64
64
|
"@pnpm/logger": "^1100.0.0"
|
|
@@ -69,9 +69,9 @@
|
|
|
69
69
|
"@types/ramda": "0.31.1",
|
|
70
70
|
"@types/semver": "7.7.1",
|
|
71
71
|
"@pnpm/constants": "1100.0.0",
|
|
72
|
-
"@pnpm/engine.pm.commands": "1101.2.0",
|
|
73
72
|
"@pnpm/error": "1100.0.1",
|
|
74
73
|
"@pnpm/logger": "1100.0.0",
|
|
74
|
+
"@pnpm/engine.pm.commands": "1101.2.1",
|
|
75
75
|
"@pnpm/prepare": "1100.0.18",
|
|
76
76
|
"@pnpm/testing.mock-agent": "1101.0.4"
|
|
77
77
|
},
|