@pnpm/installing.deps-resolver 1100.2.7 → 1100.2.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4409 -0
- package/lib/hoistPeers.d.ts +7 -2
- package/lib/hoistPeers.js +18 -12
- package/lib/resolveDependencies.js +33 -1
- package/lib/resolvePeers.js +82 -0
- package/package.json +30 -30
package/CHANGELOG.md
ADDED
|
@@ -0,0 +1,4409 @@
|
|
|
1
|
+
# @pnpm/resolve-dependencies
|
|
2
|
+
|
|
3
|
+
## 1100.2.8
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 3c6718b: Fixed a deadlock in peer dependency resolution: `pnpm install` hung forever when a peer dependency cycle spanned a project's own dependencies and auto-installed peer providers, for example when installing `electron-builder@26.15.3` [#12921](https://github.com/pnpm/pnpm/issues/12921).
|
|
8
|
+
- 252f15e: Fixed peer dependency auto-install picking a version the peer range rejects. In a workspace with several projects, a package declaring a peer dependency with a semver range (for example `^1.0.0`) could get the highest version found anywhere in the workspace (for example a `2.0.0` resolved for another project) instead of a version that satisfies the range. Peers are now deduplicated onto the highest preferred version that satisfies the declared range, and when none does, the range is resolved from the registry.
|
|
9
|
+
|
|
10
|
+
Also fixed re-resolving with an existing lockfile hoisting a different peer version than a fresh install of the same manifest: root dependencies reused from the lockfile were invisible to peer hoisting, so a peer that a root dependency provides could be bound to another version.
|
|
11
|
+
|
|
12
|
+
- Updated dependencies [a897ef7]
|
|
13
|
+
- @pnpm/hooks.types@1100.2.0
|
|
14
|
+
- @pnpm/fetching.pick-fetcher@1100.1.0
|
|
15
|
+
- @pnpm/lockfile.utils@1100.1.2
|
|
16
|
+
- @pnpm/deps.graph-hasher@1100.2.9
|
|
17
|
+
- @pnpm/lockfile.preferred-versions@1100.0.19
|
|
18
|
+
|
|
19
|
+
## 1100.2.7
|
|
20
|
+
|
|
21
|
+
### Patch Changes
|
|
22
|
+
|
|
23
|
+
- 51300fd: Fixed a path traversal vulnerability where a dependency whose manifest `name` was a scoped path traversal (e.g. `@x/../../../<path>`) could be written outside `node_modules` to an attacker-controlled location during `pnpm install`, even with `--ignore-scripts`. The isolated linker now validates the package name before using it as a directory name, matching the existing protection in the hoisted linker.
|
|
24
|
+
- 14332f0: Fail instead of silently removing an optional dependency's locked entries from `pnpm-lock.yaml` when the registry cannot resolve it. Previously, when registry metadata lacked a version that the lockfile already pinned (for example, a mirror that had not synced a recent release yet), `pnpm install` and `pnpm dedupe` silently dropped the optional dependency's entries — emptying maps such as the platform binaries of `@napi-rs/canvas` — so the lockfile differed between machines and frozen installs on other hosts had nothing to link [#12853](https://github.com/pnpm/pnpm/issues/12853).
|
|
25
|
+
- fecfe83: Fixed peer dependency resolution with `autoInstallPeers` when a workspace package depends on a version of a package that a transitive dependency's self-contained closure also provides for itself. The peer providers that are attached to the root project for reuse are no longer peer-resolved a second time in the root context, so packages inside such a closure no longer get their peers bound to the root project's incompatible version [#4993](https://github.com/pnpm/pnpm/issues/4993).
|
|
26
|
+
- Updated dependencies [3067e4f]
|
|
27
|
+
- Updated dependencies [51300fd]
|
|
28
|
+
- @pnpm/resolving.npm-resolver@1102.1.2
|
|
29
|
+
- @pnpm/deps.graph-hasher@1100.2.8
|
|
30
|
+
|
|
31
|
+
## 1100.2.6
|
|
32
|
+
|
|
33
|
+
### Patch Changes
|
|
34
|
+
|
|
35
|
+
- dcabb78: Fixed a prototype-pollution hazard when seeding preferred versions: a dependency named `__proto__` in a manifest or in `pnpm-lock.yaml` could write through `Object.prototype` (or crash the install) while the preferred-versions map was being built. The maps are now null-prototype objects, so crafted package names land as plain keys.
|
|
36
|
+
- dcabb78: Fixed `pnpm up <pkg>` producing a different result than a fresh install of the same manifests would. The resolver now distinguishes `updateRequested` (true only for packages that match the user's update target) from the broader `update` flag, and for the targeted package ignores only its own lockfile-derived preferred-version pins — so the target re-resolves exactly as if its lockfile entries were deleted and `pnpm install` ran. Preferred versions a fresh install applies (manifest pins, versions propagated down the dependency chain, and the vulnerability-avoidance penalties of `pnpm audit --fix`) stay in effect, so an update never installs duplicate versions that a reinstall from scratch would not reproduce. When a preferred version holds the update target below the newest version its range admits, pnpm now prints a warning explaining that reaching the newer version everywhere requires an override.
|
|
37
|
+
- Updated dependencies [25c7388]
|
|
38
|
+
- Updated dependencies [99982b9]
|
|
39
|
+
- Updated dependencies [11a7fdd]
|
|
40
|
+
- Updated dependencies [dcabb78]
|
|
41
|
+
- Updated dependencies [dcabb78]
|
|
42
|
+
- Updated dependencies [a6c4d5f]
|
|
43
|
+
- @pnpm/resolving.npm-resolver@1102.1.1
|
|
44
|
+
- @pnpm/lockfile.preferred-versions@1100.0.18
|
|
45
|
+
- @pnpm/resolving.resolver-base@1100.5.1
|
|
46
|
+
- @pnpm/store.controller-types@1100.1.7
|
|
47
|
+
- @pnpm/deps.graph-hasher@1100.2.7
|
|
48
|
+
- @pnpm/fetching.pick-fetcher@1100.0.14
|
|
49
|
+
- @pnpm/hooks.types@1100.1.1
|
|
50
|
+
- @pnpm/lockfile.types@1100.0.13
|
|
51
|
+
- @pnpm/lockfile.utils@1100.1.1
|
|
52
|
+
- @pnpm/lockfile.pruner@1100.0.13
|
|
53
|
+
|
|
54
|
+
## 1100.2.5
|
|
55
|
+
|
|
56
|
+
### Patch Changes
|
|
57
|
+
|
|
58
|
+
- bae694f: Some registries generate tarballs on-demand and cannot provide an integrity checksum in their package metadata. In that case pnpm now computes the integrity from the downloaded tarball and stores it in the lockfile, so the entry is verifiable on subsequent installs instead of being written without an integrity (which would fail the next install). This also applies to `--lockfile-only`: the tarball is downloaded so its integrity can be computed. A lockfile entry that is still missing its integrity is rejected as a `ERR_PNPM_MISSING_TARBALL_INTEGRITY` lockfile verification violation (the install fails closed) rather than being silently re-fetched.
|
|
59
|
+
- 1cbb5f2: Fixed non-deterministic peer resolution that could add or remove an optional transitive peer — for example `@babel/core`, reached through `styled-jsx` — from a package's peer-dependency suffix across otherwise identical installs, churning the lockfile and causing intermittent `pnpm dedupe --check` failures in CI. When a package's children are resolved by one occurrence (the "owner") and reused by a deeper consumer, whether that consumer inherited the owner's missing peers depended on whether the owner's resolution had finished yet — a race under concurrent resolution. The decision is now a function of the dependency graph's structure rather than resolution-completion order.
|
|
60
|
+
- 322f88f: Fix failed optional dependency updates so they don't rewrite unrelated dependency specs [#11267](https://github.com/pnpm/pnpm/issues/11267).
|
|
61
|
+
- Updated dependencies [25a829e]
|
|
62
|
+
- Updated dependencies [bae694f]
|
|
63
|
+
- Updated dependencies [fbdc0eb]
|
|
64
|
+
- Updated dependencies [fa7004b]
|
|
65
|
+
- Updated dependencies [0ec878d]
|
|
66
|
+
- Updated dependencies [a84d2a1]
|
|
67
|
+
- Updated dependencies [852d537]
|
|
68
|
+
- @pnpm/config.version-policy@1100.1.6
|
|
69
|
+
- @pnpm/resolving.npm-resolver@1102.1.0
|
|
70
|
+
- @pnpm/resolving.resolver-base@1100.5.0
|
|
71
|
+
- @pnpm/hooks.types@1100.1.0
|
|
72
|
+
- @pnpm/fetching.pick-fetcher@1100.0.13
|
|
73
|
+
- @pnpm/store.controller-types@1100.1.6
|
|
74
|
+
- @pnpm/lockfile.utils@1100.1.0
|
|
75
|
+
- @pnpm/pkg-manifest.utils@1100.2.6
|
|
76
|
+
- @pnpm/error@1100.0.1
|
|
77
|
+
- @pnpm/deps.graph-hasher@1100.2.6
|
|
78
|
+
- @pnpm/lockfile.preferred-versions@1100.0.17
|
|
79
|
+
- @pnpm/lockfile.types@1100.0.12
|
|
80
|
+
- @pnpm/patching.config@1100.0.9
|
|
81
|
+
- @pnpm/pkg-manifest.reader@1100.0.9
|
|
82
|
+
- @pnpm/lockfile.pruner@1100.0.12
|
|
83
|
+
|
|
84
|
+
## 1100.2.4
|
|
85
|
+
|
|
86
|
+
### Patch Changes
|
|
87
|
+
|
|
88
|
+
- 96bdd57: Fix `link:` workspace protocol switching to `file:` after `pnpm rm` is run from inside a workspace package whose target workspace dependency has its own dependencies, when `injectWorkspacePackages: true` is set. Follow-up to [#10575](https://github.com/pnpm/pnpm/pull/10575), which fixed the same symptom for workspace packages without dependencies.
|
|
89
|
+
- 5c12968: Fix recursive updates of transitive dependencies when the update command mixes transitive dependency patterns with direct dependency selectors. For example, `pnpm up -r "@babel/core" uuid` now updates matching transitive `@babel/core` dependencies even when `uuid` is a direct dependency selector [#12103](https://github.com/pnpm/pnpm/issues/12103).
|
|
90
|
+
- 531f2a3: Fixed `pnpm update` rewriting a `workspace:` dependency that points at a local path (e.g. `workspace:../packages/foo/dist`) into a normalized `link:` or version-range specifier. Such specifiers are now preserved verbatim when the workspace protocol is preserved [#3902](https://github.com/pnpm/pnpm/issues/3902).
|
|
91
|
+
- fe66535: Fixed a lockfile non-convergence bug where an incremental install kept a duplicate transitive dependency that a fresh install would not produce. When a package is reused from the lockfile, its child edges are taken verbatim and bypass the preferred-versions walk, so a transitive dependency could stay pinned to an older version even after a direct dependency resolved to a higher version that satisfies the same range. The resolver now refreshes such a stale pin to the higher direct-dependency version during resolution — so the older version is never resolved or fetched, and the incremental result converges to the fresh one.
|
|
92
|
+
- 817f99d: Fixed lockfile churn where a package's `transitivePeerDependencies` could be dropped (and shift between packages) when the package participates in a dependency cycle. A cycle re-entry resolves against truncated children, so it must not be cached as "pure"; otherwise sibling occurrences of the same package short-circuit and lose transitive peers depending on traversal order [#5108](https://github.com/pnpm/pnpm/issues/5108).
|
|
93
|
+
- Updated dependencies [29ab905]
|
|
94
|
+
- @pnpm/resolving.npm-resolver@1102.0.1
|
|
95
|
+
- @pnpm/fetching.pick-fetcher@1100.0.12
|
|
96
|
+
|
|
97
|
+
## 1100.2.3
|
|
98
|
+
|
|
99
|
+
### Patch Changes
|
|
100
|
+
|
|
101
|
+
- f648e9b: Reject path-traversal and reserved dependency aliases (such as `../../../escape`, `.bin`, `.pnpm`, or `node_modules`) that come from a lockfile rather than a freshly resolved manifest. A crafted lockfile alias could otherwise be joined directly under a hoisted `node_modules` directory, letting package files be written outside the intended install root or overwrite pnpm-owned layout.
|
|
102
|
+
|
|
103
|
+
The fix adds two layers:
|
|
104
|
+
|
|
105
|
+
- The `nodeLinker: hoisted` graph builder now validates each alias at the directory sink (`safeJoinModulesDir`), matching the validation pnpm already performs when resolving aliases from manifests.
|
|
106
|
+
- The lockfile verification gate (`verifyLockfileResolutions`) now runs an always-on, policy-independent check that rejects any importer or snapshot dependency alias that is not a valid package name, failing the install early — before any fetch or filesystem work — for every node linker at once.
|
|
107
|
+
|
|
108
|
+
- 9b35a60: Made shared package child resolution deterministic when the same package is reached through multiple contexts. pnpm now chooses the shallowest occurrence, then importer order, then parent path, instead of letting request timing decide the child context and missing-peer report [pnpm/pnpm#12358](https://github.com/pnpm/pnpm/issues/12358).
|
|
109
|
+
- 3a27141: Fixed nondeterministic lockfile output that made `pnpm dedupe --check` fail intermittently in CI. When a locked peer provider was pinned for a dependency that has no child dependencies of its own, the pinned provider leaked into the shared parent scope, so siblings resolved after it could pick up an optional peer they should not see. Which siblings were affected depended on resolution order, which varies with network timing.
|
|
110
|
+
- a31faa7: Updated dependency ranges. Notably:
|
|
111
|
+
|
|
112
|
+
- `@pnpm/logger` peer dependency range moved to `^1100.0.0`.
|
|
113
|
+
- `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions).
|
|
114
|
+
- `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1.
|
|
115
|
+
- `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4.
|
|
116
|
+
|
|
117
|
+
- Updated dependencies [61810aa]
|
|
118
|
+
- Updated dependencies [f20ad8f]
|
|
119
|
+
- Updated dependencies [681b593]
|
|
120
|
+
- Updated dependencies [1310ab5]
|
|
121
|
+
- Updated dependencies [a31faa7]
|
|
122
|
+
- @pnpm/resolving.npm-resolver@1102.0.0
|
|
123
|
+
- @pnpm/lockfile.utils@1100.0.13
|
|
124
|
+
- @pnpm/types@1101.3.2
|
|
125
|
+
- @pnpm/config.version-policy@1100.1.5
|
|
126
|
+
- @pnpm/core-loggers@1100.2.1
|
|
127
|
+
- @pnpm/deps.path@1100.0.8
|
|
128
|
+
- @pnpm/deps.peer-range@1100.0.2
|
|
129
|
+
- @pnpm/patching.config@1100.0.8
|
|
130
|
+
- @pnpm/pkg-manifest.utils@1100.2.5
|
|
131
|
+
- @pnpm/fetching.pick-fetcher@1100.0.12
|
|
132
|
+
- @pnpm/deps.graph-hasher@1100.2.5
|
|
133
|
+
- @pnpm/lockfile.preferred-versions@1100.0.16
|
|
134
|
+
- @pnpm/hooks.types@1100.0.12
|
|
135
|
+
- @pnpm/lockfile.pruner@1100.0.11
|
|
136
|
+
- @pnpm/lockfile.types@1100.0.11
|
|
137
|
+
- @pnpm/pkg-manifest.reader@1100.0.8
|
|
138
|
+
- @pnpm/resolving.resolver-base@1100.4.2
|
|
139
|
+
- @pnpm/store.controller-types@1100.1.5
|
|
140
|
+
|
|
141
|
+
## 1100.2.2
|
|
142
|
+
|
|
143
|
+
### Patch Changes
|
|
144
|
+
|
|
145
|
+
- Updated dependencies [f11b4fc]
|
|
146
|
+
- @pnpm/core-loggers@1100.2.0
|
|
147
|
+
- @pnpm/pkg-manifest.utils@1100.2.4
|
|
148
|
+
- @pnpm/resolving.npm-resolver@1101.5.2
|
|
149
|
+
- @pnpm/fetching.pick-fetcher@1100.0.11
|
|
150
|
+
- @pnpm/lockfile.preferred-versions@1100.0.15
|
|
151
|
+
|
|
152
|
+
## 1100.2.1
|
|
153
|
+
|
|
154
|
+
### Patch Changes
|
|
155
|
+
|
|
156
|
+
- 29a496a: Made peer-dependent deduplication deterministic. When a peer-suffixed package variant was a subset of two or more mutually incompatible larger variants, the variant it collapsed into depended on the order importers were resolved in, which varies between machines. This could resolve the same workspace to different lockfiles on different platforms and make `pnpm dedupe --check` alternate between passing and failing.
|
|
157
|
+
- bf1b731: Require trusted package identity before package-name `allowBuilds` entries can approve lifecycle scripts for git, git-hosted tarball, direct tarball, and local directory artifacts. To approve one of those artifacts explicitly, use its peer-suffix-free lockfile depPath as the `allowBuilds` key. Lockfile verification now rejects lockfiles where a registry-style dependency path (`name@semver`) is backed by a git, directory, or git-hosted tarball resolution (`ERR_PNPM_RESOLUTION_SHAPE_MISMATCH`), so the dependency path is a reliable artifact identity by the time scripts can run.
|
|
158
|
+
- Updated dependencies [bf1b731]
|
|
159
|
+
- @pnpm/deps.graph-hasher@1100.2.4
|
|
160
|
+
- @pnpm/types@1101.3.1
|
|
161
|
+
- @pnpm/fetching.pick-fetcher@1100.0.11
|
|
162
|
+
- @pnpm/config.version-policy@1100.1.4
|
|
163
|
+
- @pnpm/core-loggers@1100.1.4
|
|
164
|
+
- @pnpm/deps.path@1100.0.7
|
|
165
|
+
- @pnpm/hooks.types@1100.0.11
|
|
166
|
+
- @pnpm/lockfile.preferred-versions@1100.0.14
|
|
167
|
+
- @pnpm/lockfile.pruner@1100.0.10
|
|
168
|
+
- @pnpm/lockfile.types@1100.0.10
|
|
169
|
+
- @pnpm/lockfile.utils@1100.0.12
|
|
170
|
+
- @pnpm/pkg-manifest.reader@1100.0.7
|
|
171
|
+
- @pnpm/pkg-manifest.utils@1100.2.3
|
|
172
|
+
- @pnpm/resolving.npm-resolver@1101.5.1
|
|
173
|
+
- @pnpm/resolving.resolver-base@1100.4.1
|
|
174
|
+
- @pnpm/store.controller-types@1100.1.4
|
|
175
|
+
- @pnpm/patching.config@1100.0.7
|
|
176
|
+
|
|
177
|
+
## 1100.2.0
|
|
178
|
+
|
|
179
|
+
### Minor Changes
|
|
180
|
+
|
|
181
|
+
- 1c73e83: Peer dependency resolution now reuses the peer contexts already recorded in the lockfile when those providers are still present in the dependency graph and still satisfy the peer ranges. This avoids unnecessary peer-context rewrites during lockfile regeneration. Current manifest choices remain authoritative: a newly added, explicitly updated, or aliased direct provider, a changed nested provider, or a locked version that no longer satisfies the range still takes precedence.
|
|
182
|
+
|
|
183
|
+
### Patch Changes
|
|
184
|
+
|
|
185
|
+
- Updated dependencies [a017bf3]
|
|
186
|
+
- Updated dependencies [722b9cd]
|
|
187
|
+
- Updated dependencies [6d17b66]
|
|
188
|
+
- @pnpm/types@1101.3.0
|
|
189
|
+
- @pnpm/resolving.npm-resolver@1101.5.0
|
|
190
|
+
- @pnpm/resolving.resolver-base@1100.4.0
|
|
191
|
+
- @pnpm/fetching.pick-fetcher@1100.0.10
|
|
192
|
+
- @pnpm/config.version-policy@1100.1.3
|
|
193
|
+
- @pnpm/core-loggers@1100.1.3
|
|
194
|
+
- @pnpm/deps.graph-hasher@1100.2.3
|
|
195
|
+
- @pnpm/deps.path@1100.0.6
|
|
196
|
+
- @pnpm/hooks.types@1100.0.10
|
|
197
|
+
- @pnpm/lockfile.preferred-versions@1100.0.13
|
|
198
|
+
- @pnpm/lockfile.pruner@1100.0.9
|
|
199
|
+
- @pnpm/lockfile.types@1100.0.9
|
|
200
|
+
- @pnpm/lockfile.utils@1100.0.11
|
|
201
|
+
- @pnpm/pkg-manifest.reader@1100.0.6
|
|
202
|
+
- @pnpm/pkg-manifest.utils@1100.2.2
|
|
203
|
+
- @pnpm/store.controller-types@1100.1.3
|
|
204
|
+
- @pnpm/patching.config@1100.0.6
|
|
205
|
+
|
|
206
|
+
## 1100.1.6
|
|
207
|
+
|
|
208
|
+
### Patch Changes
|
|
209
|
+
|
|
210
|
+
- 6f382f4: Preserve the `integrity` field of a remote (non-registry) tarball dependency when its lockfile entry is rebuilt. Re-resolving such a dependency without re-fetching it (for example via `pnpm update`, or when another dependency changes) produced a resolution with no integrity — URL/tarball resolvers only learn the integrity after the tarball is downloaded — so the previously recorded integrity was dropped, making later installs fail with `ERR_PNPM_MISSING_TARBALL_INTEGRITY` [#12067](https://github.com/pnpm/pnpm/issues/12067).
|
|
211
|
+
- 122ab0a: Preserve compatible optional peer versions already present in the lockfile when resolving dependencies.
|
|
212
|
+
- 1db05c6: Fixed inconsistent resolution of a peer dependency that is shared through a diamond. When a package peer-depends on both another package and one of that package's own peer dependencies (for example `@typescript-eslint/eslint-plugin` peer-depends on both `@typescript-eslint/parser` and `typescript`, and `@typescript-eslint/parser` peer-depends on `typescript`), pnpm no longer reuses a hoisted instance of the shared peer that was resolved against a different version [#12079](https://github.com/pnpm/pnpm/issues/12079).
|
|
213
|
+
|
|
214
|
+
## 1100.1.5
|
|
215
|
+
|
|
216
|
+
### Patch Changes
|
|
217
|
+
|
|
218
|
+
- 39101f5: Fix pnpm hanging during peer resolution when an aliased install pulls in transitive packages with mutual peer cycles at different depths in the dependency tree (for example, `pnpm i nuxt@npm:nuxt-nightly@5x`). Cycles whose members hit the `findHit` cache instead of running their own `calculateDepPath` are now short-circuited by sibling resolutions at the level where the cycle is detected, so the cached path promises no longer deadlock. [#11999](https://github.com/pnpm/pnpm/issues/11999).
|
|
219
|
+
- Updated dependencies [6235428]
|
|
220
|
+
- Updated dependencies [1e9ab29]
|
|
221
|
+
- @pnpm/resolving.npm-resolver@1101.4.0
|
|
222
|
+
- @pnpm/fetching.pick-fetcher@1100.0.9
|
|
223
|
+
|
|
224
|
+
## 1100.1.4
|
|
225
|
+
|
|
226
|
+
### Patch Changes
|
|
227
|
+
|
|
228
|
+
- ad84fff: Reject dependency aliases that contain path-traversal segments (such as `@x/../../../../../.git/hooks`) when reading them from a package manifest or symlinking them into `node_modules`. A malicious registry package could otherwise use a transitive dependency key to make `pnpm install` create symlinks at attacker-chosen paths outside the intended `node_modules` directory.
|
|
229
|
+
- Updated dependencies [e55f4b5]
|
|
230
|
+
- Updated dependencies [35d2355]
|
|
231
|
+
- Updated dependencies [0721d64]
|
|
232
|
+
- @pnpm/lockfile.utils@1100.0.10
|
|
233
|
+
- @pnpm/types@1101.2.0
|
|
234
|
+
- @pnpm/resolving.npm-resolver@1101.3.3
|
|
235
|
+
- @pnpm/deps.graph-hasher@1100.2.2
|
|
236
|
+
- @pnpm/lockfile.preferred-versions@1100.0.12
|
|
237
|
+
- @pnpm/config.version-policy@1100.1.2
|
|
238
|
+
- @pnpm/core-loggers@1100.1.2
|
|
239
|
+
- @pnpm/deps.path@1100.0.5
|
|
240
|
+
- @pnpm/hooks.types@1100.0.9
|
|
241
|
+
- @pnpm/lockfile.pruner@1100.0.8
|
|
242
|
+
- @pnpm/lockfile.types@1100.0.8
|
|
243
|
+
- @pnpm/pkg-manifest.reader@1100.0.5
|
|
244
|
+
- @pnpm/pkg-manifest.utils@1100.2.1
|
|
245
|
+
- @pnpm/resolving.resolver-base@1100.3.1
|
|
246
|
+
- @pnpm/store.controller-types@1100.1.2
|
|
247
|
+
- @pnpm/patching.config@1100.0.5
|
|
248
|
+
- @pnpm/fetching.pick-fetcher@1100.0.9
|
|
249
|
+
|
|
250
|
+
## 1100.1.3
|
|
251
|
+
|
|
252
|
+
### Patch Changes
|
|
253
|
+
|
|
254
|
+
- 3422cec: Fixed non-determinism in `pnpm dedupe` and `pnpm install` when a dependency graph contains packages with transitive peer dependencies on each other (e.g. `@aws-sdk/client-sts` and `@aws-sdk/client-sso-oidc`) and `auto-install-peers` is enabled. The lockfile no longer flips between two equally-valid forms across consecutive runs. The root cause was that `resolveDependencies` pushed onto its `pkgAddresses` / `postponedResolutionsQueue` arrays from inside `Promise.all`-spawned callbacks, so completion-order timing leaked into the array order and downstream cyclic-peer suffix assignment. Fixes [#8155](https://github.com/pnpm/pnpm/issues/8155).
|
|
255
|
+
- e0bd879: Fixed a regression introduced by [#11711](https://github.com/pnpm/pnpm/pull/11711) where `pnpm add <github-shorthand>` (and any other wanted-dependency whose alias can't be parsed from the user-supplied spec, e.g. tarball URLs or `pnpm/test-git-fetch#sha`) was silently dropped from the manifest update and from `pendingBuilds`. The alias-keyed lookup added in that PR couldn't find a `wantedDependency` whose `alias` was `undefined` at parse time but resolved to a package name only after fetching, so the entry never made it into `specsToUpsert`. Restored the original index-based pairing between `directDependencies` and `wantedDependencies`; the catalog-protocol preservation that PR was originally fixing is unaffected because it's driven by `rdd.catalogLookup.userSpecifiedBareSpecifier`, not by the lookup. Fixes the three `rebuilds dependencies` / `rebuilds specific dependencies` / `rebuild with pending option` failures in `building/commands/test/build/index.ts`.
|
|
256
|
+
- Updated dependencies [212315d]
|
|
257
|
+
- @pnpm/resolving.npm-resolver@1101.3.2
|
|
258
|
+
- @pnpm/fetching.pick-fetcher@1100.0.8
|
|
259
|
+
|
|
260
|
+
## 1100.1.2
|
|
261
|
+
|
|
262
|
+
### Patch Changes
|
|
263
|
+
|
|
264
|
+
- @pnpm/resolving.npm-resolver@1101.3.1
|
|
265
|
+
|
|
266
|
+
## 1100.1.1
|
|
267
|
+
|
|
268
|
+
### Patch Changes
|
|
269
|
+
|
|
270
|
+
- Updated dependencies [3a54205]
|
|
271
|
+
- Updated dependencies [1627943]
|
|
272
|
+
- Updated dependencies [64afc92]
|
|
273
|
+
- @pnpm/resolving.npm-resolver@1101.3.0
|
|
274
|
+
- @pnpm/resolving.resolver-base@1100.3.0
|
|
275
|
+
- @pnpm/pkg-manifest.utils@1100.2.0
|
|
276
|
+
- @pnpm/types@1101.1.1
|
|
277
|
+
- @pnpm/deps.graph-hasher@1100.2.1
|
|
278
|
+
- @pnpm/fetching.pick-fetcher@1100.0.8
|
|
279
|
+
- @pnpm/hooks.types@1100.0.8
|
|
280
|
+
- @pnpm/lockfile.preferred-versions@1100.0.11
|
|
281
|
+
- @pnpm/lockfile.types@1100.0.7
|
|
282
|
+
- @pnpm/lockfile.utils@1100.0.9
|
|
283
|
+
- @pnpm/store.controller-types@1100.1.1
|
|
284
|
+
- @pnpm/config.version-policy@1100.1.1
|
|
285
|
+
- @pnpm/core-loggers@1100.1.1
|
|
286
|
+
- @pnpm/deps.path@1100.0.4
|
|
287
|
+
- @pnpm/lockfile.pruner@1100.0.7
|
|
288
|
+
- @pnpm/pkg-manifest.reader@1100.0.4
|
|
289
|
+
- @pnpm/patching.config@1100.0.4
|
|
290
|
+
|
|
291
|
+
## 1100.1.0
|
|
292
|
+
|
|
293
|
+
### Minor Changes
|
|
294
|
+
|
|
295
|
+
- 4195766: Tightened the `minimumReleaseAge` story so the bypass becomes explicit on disk instead of silent, and removed the discover-by-loop dance for strict-mode users:
|
|
296
|
+
|
|
297
|
+
1. Fresh resolutions in loose mode (`minimumReleaseAgeStrict: false`) that fall back to a version newer than the cutoff auto-collect the picked `name@version` into the workspace manifest's `minimumReleaseAgeExclude`. A single info message lists the additions; entries already on the list are left alone.
|
|
298
|
+
2. The post-resolution lockfile verifier introduced in #11583 now runs in loose mode too — every accepted-immature pin must be on `minimumReleaseAgeExclude`, just like strict mode requires. A lockfile produced under a weaker (or absent) policy that still has immature entries is rejected the same way strict mode would reject it.
|
|
299
|
+
3. **Strict mode (interactive)** no longer aborts on the first immature pick. The resolver gathers every immature direct _and_ transitive in one pass; before peer-dependency resolution runs, pnpm prompts the user with the full list and asks whether to add them all to `minimumReleaseAgeExclude` and proceed. Approve → install continues and the workspace manifest is written at the end. Decline → resolution aborts before the lockfile or package.json is touched (tarballs already in the store stay, since the store is idempotent). This closes the [#10488](https://github.com/pnpm/pnpm/issues/10488) loop where security bumps to packages with platform-specific transitives (e.g. `next` + the `@next/swc-*` shims) made users re-run `pnpm add` once per transitive.
|
|
300
|
+
4. **Strict mode (non-interactive / CI)** now aborts with the full immature set in the error message instead of the first pick. The resolver always collects every immature direct + transitive; the install command then throws `ERR_PNPM_NO_MATURE_MATCHING_VERSION` listing each entry's `name@version` and publish time. Deterministic CI behavior is preserved (same exit code, same error code), but the error pinpoints every offending entry instead of forcing the discover-by-loop dance. The expected workflow is interactive approval locally → the lockfile + workspace manifest get committed → CI runs cleanly against the populated exclude list.
|
|
301
|
+
|
|
302
|
+
5. **The lockfile verifier now also covers `trustPolicy: 'no-downgrade'`.** The same post-resolution gate that re-checks `minimumReleaseAge` on lockfile entries now re-runs `failIfTrustDowngraded` for every npm-registry entry whose name isn't on `trustPolicyExclude`. The two checks share a single full-metadata fetch per package, so the extra coverage doesn't cost an extra round trip when both policies are active. Resolver-time trust checks still run as before — this just closes the gap when an entry bypasses resolution (peek path, `--frozen-lockfile`, restored CI cache).
|
|
303
|
+
|
|
304
|
+
Pacquet parity: not ported — pacquet's `minimumReleaseAge` policy is itself only stubbed today (see `pnpm/crates/package-manager/src/version_policy.rs`). The auto-exclude, loose-mode verifier, prompt, and the new trust-policy verifier check will travel with the broader policy port whenever that happens.
|
|
305
|
+
|
|
306
|
+
### Patch Changes
|
|
307
|
+
|
|
308
|
+
- b6e2c8c: Make `pnpm self-update` respect `minimumReleaseAge` (and `minimumReleaseAgeExclude`) when resolving which pnpm version to install.
|
|
309
|
+
|
|
310
|
+
When the `latest` dist-tag points to a version newer than the configured age threshold, `self-update` now selects the newest mature version instead unless excluded by `minimumReleaseAgeExclude`.
|
|
311
|
+
|
|
312
|
+
Also makes `dlx` and `outdated` surface invalid `minimumReleaseAgeExclude` patterns under the same `ERR_PNPM_INVALID_MINIMUM_RELEASE_AGE_EXCLUDE` error code already used by `install`, instead of leaking the internal `ERR_PNPM_INVALID_VERSION_UNION` / `ERR_PNPM_NAME_PATTERN_IN_VERSION_UNION` codes.
|
|
313
|
+
|
|
314
|
+
- 3ddde2b: **fix**: anchor the side-effects-cache key and global-virtual-store hash to the project's script-runner Node — `engines.runtime` pin when present, shell `node` otherwise — instead of pnpm's own runtime.
|
|
315
|
+
|
|
316
|
+
`ENGINE_NAME` (the `<platform>;<arch>;node<major>` prefix used as the side-effects-cache key and the engine portion of the GVS hash) was computed from `process.version` — the Node that runs pnpm itself. That was wrong in two situations:
|
|
317
|
+
|
|
318
|
+
1. **`@pnpm/exe` SEA bundle.** The bundle has its own embedded Node, not the `node` on the user's `PATH` that actually spawns lifecycle scripts. Two pnpm installations on the same machine (one SEA, one npm-package) therefore disagreed on the cache key, partitioning the side-effects cache and the global virtual store across two Node majors even though both installs would run scripts on the same shell `node`.
|
|
319
|
+
2. **`engines.runtime` / `devEngines.runtime` pin.** When a project pins a Node version via `devEngines.runtime` (pnpm v11+), pnpm downloads that Node into `node_modules/node/` and uses it to run lifecycle scripts. But the hash still anchored to whichever Node ran pnpm itself, not to the pinned Node — so two installs of the same project with two different runner Nodes would still disagree on the GVS slot path even though scripts run on the same pinned Node.
|
|
320
|
+
|
|
321
|
+
Three changes:
|
|
322
|
+
|
|
323
|
+
- `@pnpm/engine.runtime.system-node-version` now exports `engineName(nodeVersion?)`. Resolves the version in this order: explicit override → `getSystemNodeVersion()` (which already prefers `node --version` over `process.version` in SEA contexts) → `process.version`.
|
|
324
|
+
- `@pnpm/deps.graph-hasher` now exports `findRuntimeNodeVersion(snapshotKeys)` — scans an iterable of lockfile snapshot keys for a `node@runtime:<version>` entry and returns its bare version string. `calcDepState` and `calcGraphNodeHash`/`iterateHashedGraphNodes` accept a `nodeVersion?` (in the options bag for the first, as a trailing parameter / ctx field for the others), forwarded to `engineName()`. The default (no override) preserves the pre-change behaviour. The legacy `ENGINE_NAME` constant in `@pnpm/constants` is unchanged so external consumers and existing tests keep working; in non-SEA, non-pinned contexts every value lines up.
|
|
325
|
+
- Every install-side caller of the graph-hasher (`@pnpm/installing.deps-resolver`, `@pnpm/installing.deps-restorer`, `@pnpm/installing.deps-installer`, `@pnpm/building.during-install`, `@pnpm/building.after-install`, `@pnpm/deps.graph-builder`) now derives the project's pinned runtime via `findRuntimeNodeVersion(Object.keys(graph))` once per invocation and threads it through.
|
|
326
|
+
|
|
327
|
+
On upgrade, two one-time GVS slot churns are possible:
|
|
328
|
+
|
|
329
|
+
- **SEA-pnpm users** without a runtime pin: slots that previously hashed under the embedded-Node major (e.g. `node26`) now hash under the shell-Node major (e.g. `node24`), matching what pacquet, the npm-published `pnpm` package, and any other pnpm-compatible tool already produce.
|
|
330
|
+
- **Projects with a `devEngines.runtime` pin**: slots that previously hashed under the runner's Node major now hash under the pinned Node major, matching what the lifecycle scripts will actually run on.
|
|
331
|
+
|
|
332
|
+
In both cases the old slots become prune-eligible.
|
|
333
|
+
|
|
334
|
+
- Updated dependencies [963861c]
|
|
335
|
+
- Updated dependencies [4195766]
|
|
336
|
+
- Updated dependencies [31538bf]
|
|
337
|
+
- Updated dependencies [b6e2c8c]
|
|
338
|
+
- Updated dependencies [3ddde2b]
|
|
339
|
+
- Updated dependencies [5dc8be8]
|
|
340
|
+
- Updated dependencies [4a79336]
|
|
341
|
+
- @pnpm/resolving.npm-resolver@1101.2.0
|
|
342
|
+
- @pnpm/resolving.resolver-base@1100.2.0
|
|
343
|
+
- @pnpm/store.controller-types@1100.1.0
|
|
344
|
+
- @pnpm/config.version-policy@1100.1.0
|
|
345
|
+
- @pnpm/deps.graph-hasher@1100.2.0
|
|
346
|
+
- @pnpm/core-loggers@1100.1.0
|
|
347
|
+
- @pnpm/fetching.pick-fetcher@1100.0.7
|
|
348
|
+
- @pnpm/hooks.types@1100.0.7
|
|
349
|
+
- @pnpm/lockfile.preferred-versions@1100.0.10
|
|
350
|
+
- @pnpm/lockfile.types@1100.0.6
|
|
351
|
+
- @pnpm/lockfile.utils@1100.0.8
|
|
352
|
+
- @pnpm/pkg-manifest.utils@1100.1.4
|
|
353
|
+
- @pnpm/lockfile.pruner@1100.0.6
|
|
354
|
+
|
|
355
|
+
## 1100.0.10
|
|
356
|
+
|
|
357
|
+
### Patch Changes
|
|
358
|
+
|
|
359
|
+
- c2c2890: Fix `minimumReleaseAge` / `resolutionMode: time-based` installs failing on lockfiles whose `time:` block is missing entries. The npm-resolver's peek-from-store fast path now surfaces `publishedAt` from the lockfile rather than discarding it, and falls through to a registry metadata fetch when the time-based cutoff can't be computed from the data on hand.
|
|
360
|
+
- Updated dependencies [9cad827]
|
|
361
|
+
- Updated dependencies [50b33c1]
|
|
362
|
+
- Updated dependencies [e526f89]
|
|
363
|
+
- Updated dependencies [c2c2890]
|
|
364
|
+
- @pnpm/pkg-manifest.utils@1100.1.3
|
|
365
|
+
- @pnpm/resolving.npm-resolver@1101.1.1
|
|
366
|
+
- @pnpm/store.controller-types@1100.0.7
|
|
367
|
+
- @pnpm/lockfile.preferred-versions@1100.0.9
|
|
368
|
+
- @pnpm/fetching.pick-fetcher@1100.0.6
|
|
369
|
+
|
|
370
|
+
## 1100.0.9
|
|
371
|
+
|
|
372
|
+
### Patch Changes
|
|
373
|
+
|
|
374
|
+
- Updated dependencies [b61e268]
|
|
375
|
+
- @pnpm/resolving.npm-resolver@1101.1.0
|
|
376
|
+
- @pnpm/types@1101.1.0
|
|
377
|
+
- @pnpm/fetching.pick-fetcher@1100.0.6
|
|
378
|
+
- @pnpm/config.version-policy@1100.0.3
|
|
379
|
+
- @pnpm/core-loggers@1100.0.2
|
|
380
|
+
- @pnpm/deps.graph-hasher@1100.1.5
|
|
381
|
+
- @pnpm/deps.path@1100.0.3
|
|
382
|
+
- @pnpm/hooks.types@1100.0.6
|
|
383
|
+
- @pnpm/lockfile.preferred-versions@1100.0.8
|
|
384
|
+
- @pnpm/lockfile.pruner@1100.0.5
|
|
385
|
+
- @pnpm/lockfile.types@1100.0.5
|
|
386
|
+
- @pnpm/lockfile.utils@1100.0.7
|
|
387
|
+
- @pnpm/pkg-manifest.reader@1100.0.3
|
|
388
|
+
- @pnpm/pkg-manifest.utils@1100.1.2
|
|
389
|
+
- @pnpm/resolving.resolver-base@1100.1.3
|
|
390
|
+
- @pnpm/store.controller-types@1100.0.6
|
|
391
|
+
- @pnpm/patching.config@1100.0.3
|
|
392
|
+
|
|
393
|
+
## 1100.0.8
|
|
394
|
+
|
|
395
|
+
### Patch Changes
|
|
396
|
+
|
|
397
|
+
- Updated dependencies [15e9e35]
|
|
398
|
+
- @pnpm/resolving.npm-resolver@1101.0.3
|
|
399
|
+
- @pnpm/fetching.pick-fetcher@1100.0.5
|
|
400
|
+
|
|
401
|
+
## 1100.0.7
|
|
402
|
+
|
|
403
|
+
### Patch Changes
|
|
404
|
+
|
|
405
|
+
- Updated dependencies [cfa271b]
|
|
406
|
+
- @pnpm/lockfile.utils@1100.0.6
|
|
407
|
+
- @pnpm/deps.graph-hasher@1100.1.4
|
|
408
|
+
- @pnpm/lockfile.preferred-versions@1100.0.7
|
|
409
|
+
- @pnpm/fetching.pick-fetcher@1100.0.5
|
|
410
|
+
|
|
411
|
+
## 1100.0.6
|
|
412
|
+
|
|
413
|
+
### Patch Changes
|
|
414
|
+
|
|
415
|
+
- Updated dependencies [27425d7]
|
|
416
|
+
- @pnpm/fetching.pick-fetcher@1100.0.5
|
|
417
|
+
- @pnpm/lockfile.types@1100.0.4
|
|
418
|
+
- @pnpm/lockfile.utils@1100.0.5
|
|
419
|
+
- @pnpm/resolving.resolver-base@1100.1.2
|
|
420
|
+
- @pnpm/deps.graph-hasher@1100.1.3
|
|
421
|
+
- @pnpm/hooks.types@1100.0.5
|
|
422
|
+
- @pnpm/lockfile.pruner@1100.0.4
|
|
423
|
+
- @pnpm/lockfile.preferred-versions@1100.0.6
|
|
424
|
+
- @pnpm/resolving.npm-resolver@1101.0.2
|
|
425
|
+
- @pnpm/store.controller-types@1100.0.5
|
|
426
|
+
|
|
427
|
+
## 1100.0.5
|
|
428
|
+
|
|
429
|
+
### Patch Changes
|
|
430
|
+
|
|
431
|
+
- Updated dependencies [184ce26]
|
|
432
|
+
- Updated dependencies [6b891a5]
|
|
433
|
+
- @pnpm/resolving.resolver-base@1100.1.1
|
|
434
|
+
- @pnpm/resolving.npm-resolver@1101.0.1
|
|
435
|
+
- @pnpm/store.controller-types@1100.0.4
|
|
436
|
+
- @pnpm/fetching.pick-fetcher@1100.0.4
|
|
437
|
+
- @pnpm/pkg-manifest.reader@1100.0.2
|
|
438
|
+
- @pnpm/pkg-manifest.utils@1100.1.1
|
|
439
|
+
- @pnpm/deps.graph-hasher@1100.1.2
|
|
440
|
+
- @pnpm/deps.peer-range@1100.0.1
|
|
441
|
+
- @pnpm/deps.path@1100.0.2
|
|
442
|
+
- @pnpm/lockfile.utils@1100.0.4
|
|
443
|
+
- @pnpm/hooks.types@1100.0.4
|
|
444
|
+
- @pnpm/lockfile.preferred-versions@1100.0.5
|
|
445
|
+
- @pnpm/lockfile.types@1100.0.3
|
|
446
|
+
- @pnpm/config.version-policy@1100.0.2
|
|
447
|
+
- @pnpm/lockfile.pruner@1100.0.3
|
|
448
|
+
- @pnpm/patching.config@1100.0.2
|
|
449
|
+
|
|
450
|
+
## 1100.0.4
|
|
451
|
+
|
|
452
|
+
### Patch Changes
|
|
453
|
+
|
|
454
|
+
- @pnpm/fetching.pick-fetcher@1100.0.3
|
|
455
|
+
- @pnpm/hooks.types@1100.0.3
|
|
456
|
+
- @pnpm/store.controller-types@1100.0.3
|
|
457
|
+
- @pnpm/resolving.npm-resolver@1101.0.0
|
|
458
|
+
- @pnpm/lockfile.utils@1100.0.3
|
|
459
|
+
- @pnpm/deps.graph-hasher@1100.1.1
|
|
460
|
+
- @pnpm/lockfile.preferred-versions@1100.0.4
|
|
461
|
+
|
|
462
|
+
## 1100.0.3
|
|
463
|
+
|
|
464
|
+
### Patch Changes
|
|
465
|
+
|
|
466
|
+
- c86c423: Restore the peer suffix encoding used by pnpm 10 for linked dependency paths. A `filenamify` upgrade changed how leading `./` and `../` segments were normalized, producing peer suffixes like `(b@+packages+b)` instead of `(b@packages+b)` for linked packages outside the workspace root, causing lockfile churn [#11272](https://github.com/pnpm/pnpm/issues/11272).
|
|
467
|
+
- 72c1e05: Fix: different platform variants of the same runtime (e.g. `node@runtime:25.9.0` glibc vs. musl) no longer share a single global-virtual-store entry. The virtual store path now incorporates the selected variant's integrity, so installs with different `--os`/`--cpu`/`--libc` end up in separate directories and `pnpm add --libc=musl node@runtime:<v>` reliably fetches the musl binary even when the glibc variant is already cached.
|
|
468
|
+
- Updated dependencies [72c1e05]
|
|
469
|
+
- Updated dependencies [9e0833c]
|
|
470
|
+
- @pnpm/deps.graph-hasher@1100.1.0
|
|
471
|
+
- @pnpm/resolving.resolver-base@1100.1.0
|
|
472
|
+
- @pnpm/resolving.npm-resolver@1100.1.0
|
|
473
|
+
- @pnpm/fetching.pick-fetcher@1100.0.2
|
|
474
|
+
- @pnpm/hooks.types@1100.0.2
|
|
475
|
+
- @pnpm/lockfile.preferred-versions@1100.0.3
|
|
476
|
+
- @pnpm/lockfile.types@1100.0.2
|
|
477
|
+
- @pnpm/lockfile.utils@1100.0.2
|
|
478
|
+
- @pnpm/store.controller-types@1100.0.2
|
|
479
|
+
- @pnpm/lockfile.pruner@1100.0.2
|
|
480
|
+
|
|
481
|
+
## 1100.0.2
|
|
482
|
+
|
|
483
|
+
### Patch Changes
|
|
484
|
+
|
|
485
|
+
- Updated dependencies [ff7733c]
|
|
486
|
+
- @pnpm/pkg-manifest.utils@1100.1.0
|
|
487
|
+
- @pnpm/lockfile.preferred-versions@1100.0.2
|
|
488
|
+
- @pnpm/fetching.pick-fetcher@1100.0.1
|
|
489
|
+
|
|
490
|
+
## 1100.0.1
|
|
491
|
+
|
|
492
|
+
### Patch Changes
|
|
493
|
+
|
|
494
|
+
- Updated dependencies [ff28085]
|
|
495
|
+
- @pnpm/types@1101.0.0
|
|
496
|
+
- @pnpm/config.version-policy@1100.0.1
|
|
497
|
+
- @pnpm/core-loggers@1100.0.1
|
|
498
|
+
- @pnpm/deps.graph-hasher@1100.0.1
|
|
499
|
+
- @pnpm/deps.path@1100.0.1
|
|
500
|
+
- @pnpm/hooks.types@1100.0.1
|
|
501
|
+
- @pnpm/lockfile.preferred-versions@1100.0.1
|
|
502
|
+
- @pnpm/lockfile.pruner@1100.0.1
|
|
503
|
+
- @pnpm/lockfile.types@1100.0.1
|
|
504
|
+
- @pnpm/lockfile.utils@1100.0.1
|
|
505
|
+
- @pnpm/pkg-manifest.reader@1100.0.1
|
|
506
|
+
- @pnpm/pkg-manifest.utils@1100.0.1
|
|
507
|
+
- @pnpm/resolving.npm-resolver@1100.0.1
|
|
508
|
+
- @pnpm/resolving.resolver-base@1100.0.1
|
|
509
|
+
- @pnpm/store.controller-types@1100.0.1
|
|
510
|
+
- @pnpm/patching.config@1100.0.1
|
|
511
|
+
- @pnpm/fetching.pick-fetcher@1100.0.1
|
|
512
|
+
|
|
513
|
+
## 1009.0.0
|
|
514
|
+
|
|
515
|
+
### Major Changes
|
|
516
|
+
|
|
517
|
+
- 5f73b0f: Runtime dependencies are always linked from the global virtual store [#10233](https://github.com/pnpm/pnpm/pull/10233).
|
|
518
|
+
- 491a84f: This package is now pure ESM.
|
|
519
|
+
- 7d2fd48: Node.js v18, 19, 20, and 21 support discontinued.
|
|
520
|
+
|
|
521
|
+
### Minor Changes
|
|
522
|
+
|
|
523
|
+
- ae8b816: Added a new setting `blockExoticSubdeps` that prevents the resolution of exotic protocols in transitive dependencies.
|
|
524
|
+
|
|
525
|
+
When set to `true`, direct dependencies (those listed in your root `package.json`) may still use exotic sources, but all transitive dependencies must be resolved from a trusted source. Trusted sources include the configured registry, local file paths, workspace links, trusted GitHub repositories (node, bun, deno), and custom resolvers.
|
|
526
|
+
|
|
527
|
+
This helps to secure the dependency supply chain. Packages from trusted sources are considered safer, as they are typically subject to more reliable verification and scanning for malware and vulnerabilities.
|
|
528
|
+
|
|
529
|
+
**Exotic sources** are dependency locations that bypass the usual trusted resolution process. These protocols are specifically targeted and blocked: Git repositories (`git+ssh://...`) and direct URL links to tarballs (`https://.../package.tgz`).
|
|
530
|
+
|
|
531
|
+
Related PR: [#10265](https://github.com/pnpm/pnpm/pull/10265).
|
|
532
|
+
|
|
533
|
+
- facdd71: Adding `trustPolicyIgnoreAfter` allows you to ignore trust policy checks for packages published more than a specified time ago[#10352](https://github.com/pnpm/pnpm/issues/10352).
|
|
534
|
+
- 606f53e: Added a new `dedupePeers` setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (`name@version`) instead of full dep paths, eliminating nested suffixes like `(foo@1.0.0(bar@2.0.0))`. This dramatically reduces the number of package instances in projects with many recursive peer dependencies [#11070](https://github.com/pnpm/pnpm/issues/11070).
|
|
535
|
+
- cd743ef: Use `allowBuilds` config to compute engine-agnostic GVS hashes for pure-JS packages [#10837](https://github.com/pnpm/pnpm/issues/10837).
|
|
536
|
+
|
|
537
|
+
When the global virtual store is enabled, packages that are not allowed to build (and don't transitively depend on packages that are) now get hashes that don't include the engine name (platform, architecture, Node.js major version). This means ~95% of packages in the GVS survive Node.js upgrades and architecture changes without re-import.
|
|
538
|
+
|
|
539
|
+
- ba065f6: Block git-hosted dependencies from running prepare scripts unless explicitly allowed in onlyBuiltDependencies [#10288](https://github.com/pnpm/pnpm/pull/10288).
|
|
540
|
+
- 10bc391: Added a new setting: `trustPolicy`.
|
|
541
|
+
- 38b8e35: Support for custom resolvers and fetchers.
|
|
542
|
+
- 15549a9: Add the ability to fix vulnerabilities by updating packages in the lockfile instead of adding overrides.
|
|
543
|
+
- 9d3f00b: Added support for `trustPolicyExclude` [#10164](https://github.com/pnpm/pnpm/issues/10164).
|
|
544
|
+
|
|
545
|
+
You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:
|
|
546
|
+
|
|
547
|
+
```yaml
|
|
548
|
+
trustPolicy: no-downgrade
|
|
549
|
+
trustPolicyExclude:
|
|
550
|
+
- chokidar@4.0.3
|
|
551
|
+
- webpack@4.47.0 || 5.102.1
|
|
552
|
+
```
|
|
553
|
+
|
|
554
|
+
- efb48dc: **Node.js Runtime Installation for Dependencies.** Added support for automatic Node.js runtime installation for dependencies. pnpm will now install the Node.js version required by a dependency if that dependency declares a Node.js runtime in the "engines" field. For example:
|
|
555
|
+
|
|
556
|
+
```json
|
|
557
|
+
{
|
|
558
|
+
"engines": {
|
|
559
|
+
"runtime": {
|
|
560
|
+
"name": "node",
|
|
561
|
+
"version": "^24.11.0",
|
|
562
|
+
"onFail": "download"
|
|
563
|
+
}
|
|
564
|
+
}
|
|
565
|
+
}
|
|
566
|
+
```
|
|
567
|
+
|
|
568
|
+
If the package with the Node.js runtime dependency is a CLI app, pnpm will bind the CLI app to the required Node.js version. This ensures that, regardless of the globally installed Node.js instance, the CLI will use the compatible version of Node.js.
|
|
569
|
+
|
|
570
|
+
If the package has a `postinstall` script, that script will be executed using the specified Node.js version.
|
|
571
|
+
|
|
572
|
+
Related PR: [#10141](https://github.com/pnpm/pnpm/pull/10141)
|
|
573
|
+
|
|
574
|
+
### Patch Changes
|
|
575
|
+
|
|
576
|
+
- f98a2db: Fixed a bug in an internal `hoistPeers` function that could cause peer dependencies to be re-resolved instead of locked to existing versions when upgrading packages in rare cases.
|
|
577
|
+
- a8f016c: Store config dependency and package manager integrity info in `pnpm-lock.yaml` instead of inlining it in `pnpm-workspace.yaml`. The workspace manifest now contains only clean version specifiers for `configDependencies`, while the resolved versions, integrity hashes, and tarball URLs are recorded in the lockfile as a separate YAML document. The env lockfile section also stores `packageManagerDependencies` resolved during version switching and self-update. Projects using the old inline-hash format are automatically migrated on install.
|
|
578
|
+
- e46a652: Don't fail on `pnpm add`, when `blockExoticSubdeps` is set to `true` [#10324](https://github.com/pnpm/pnpm/issues/10324).
|
|
579
|
+
- 19f36cf: Don't silently skip an optional dependency if it cannot be resolved from a version that satisfies the `minimumReleaseAge` setting [#10270](https://github.com/pnpm/pnpm/issues/10270).
|
|
580
|
+
- 94571fb: Fixed a bug where `catalogMode: strict` would write the literal string `"catalog:"` to `pnpm-workspace.yaml` instead of the resolved version specifier when re-adding an existing catalog dependency [#10176](https://github.com/pnpm/pnpm/issues/10176).
|
|
581
|
+
- 54c4fc4: Fix auto-installed peer dependencies ignoring overrides when a stale version exists in the lockfile. Previously, `hoistPeers` used `semver.maxSatisfying(versions, '*')` which picked the highest preferred version regardless of the peer dep range. Now it first tries `semver.maxSatisfying(versions, range)` to respect the actual range, falling back to exact-version ranges (e.g. from overrides) when no preferred version satisfies. Also handles `workspace:` protocol ranges safely.
|
|
582
|
+
- e73da5e: When `lockfile-include-tarball-url` is set to `false`, tarball URLs are now always excluded from the lockfile. Previously, tarball URLs could still appear for packages hosted under non-standard URLs, making the behavior flaky and inconsistent [#6667](https://github.com/pnpm/pnpm/issues/6667).
|
|
583
|
+
- 2fc9139: Fix workspace package protocol consistency when using `injectWorkspacePackages`
|
|
584
|
+
|
|
585
|
+
Previously, workspace packages would inconsistently switch between `link:` and `file:` protocols after operations like `pnpm rm` when `injectWorkspacePackages` was enabled. The issue was that deduplication logic couldn't identify workspace packages in single-package operation contexts.
|
|
586
|
+
|
|
587
|
+
This fix ensures workspace packages maintain consistent protocols by checking against all workspace packages from the lockfile, not just packages in the current operation context.
|
|
588
|
+
|
|
589
|
+
Fixes #9518
|
|
590
|
+
|
|
591
|
+
- 83fe533: The installation should fail if an optional dependency cannot be installed due to a trust policy check failure [#10208](https://github.com/pnpm/pnpm/issues/10208).
|
|
592
|
+
- 021f70d: Improved handling of non-string version selectors in an internal function (e.g. `hoistPeers`).
|
|
593
|
+
- cee1f58: Fix `--save-peer` to write valid semver ranges to `peerDependencies` for protocol-based installs (e.g. `jsr:`) by deriving from resolved versions when available and falling back to `*` if none is available [#10417](https://github.com/pnpm/pnpm/issues/10417).
|
|
594
|
+
- 4f3ad23: Fixed a bug ([#9759](https://github.com/pnpm/pnpm/issues/9759)) where `pnpm add` would incorrectly modify a catalog entry in `pnpm-workspace.yaml` to its exact version.
|
|
595
|
+
- Updated dependencies [5f73b0f]
|
|
596
|
+
- Updated dependencies [facdd71]
|
|
597
|
+
- Updated dependencies [c55c614]
|
|
598
|
+
- Updated dependencies [9b0a460]
|
|
599
|
+
- Updated dependencies [a297ebc]
|
|
600
|
+
- Updated dependencies [76718b3]
|
|
601
|
+
- Updated dependencies [a8f016c]
|
|
602
|
+
- Updated dependencies [cc1b8e3]
|
|
603
|
+
- Updated dependencies [606f53e]
|
|
604
|
+
- Updated dependencies [831f574]
|
|
605
|
+
- Updated dependencies [0e9c559]
|
|
606
|
+
- Updated dependencies [cd743ef]
|
|
607
|
+
- Updated dependencies [efb48dc]
|
|
608
|
+
- Updated dependencies [19f36cf]
|
|
609
|
+
- Updated dependencies [491a84f]
|
|
610
|
+
- Updated dependencies [61cad0c]
|
|
611
|
+
- Updated dependencies [19f36cf]
|
|
612
|
+
- Updated dependencies [075aa99]
|
|
613
|
+
- Updated dependencies [c4045fc]
|
|
614
|
+
- Updated dependencies [143ca78]
|
|
615
|
+
- Updated dependencies [ba065f6]
|
|
616
|
+
- Updated dependencies [6f361aa]
|
|
617
|
+
- Updated dependencies [0625e20]
|
|
618
|
+
- Updated dependencies [938ea1f]
|
|
619
|
+
- Updated dependencies [2cb0657]
|
|
620
|
+
- Updated dependencies [bb8baa7]
|
|
621
|
+
- Updated dependencies [7d2fd48]
|
|
622
|
+
- Updated dependencies [144ce0e]
|
|
623
|
+
- Updated dependencies [efb48dc]
|
|
624
|
+
- Updated dependencies [56a59df]
|
|
625
|
+
- Updated dependencies [50fbeca]
|
|
626
|
+
- Updated dependencies [cb367b9]
|
|
627
|
+
- Updated dependencies [7b1c189]
|
|
628
|
+
- Updated dependencies [8ffb1a7]
|
|
629
|
+
- Updated dependencies [cee1f58]
|
|
630
|
+
- Updated dependencies [05fb1ae]
|
|
631
|
+
- Updated dependencies [71de2b3]
|
|
632
|
+
- Updated dependencies [10bc391]
|
|
633
|
+
- Updated dependencies [ba70035]
|
|
634
|
+
- Updated dependencies [3585d9a]
|
|
635
|
+
- Updated dependencies [38b8e35]
|
|
636
|
+
- Updated dependencies [394d88c]
|
|
637
|
+
- Updated dependencies [1e6de25]
|
|
638
|
+
- Updated dependencies [831f574]
|
|
639
|
+
- Updated dependencies [2df8b71]
|
|
640
|
+
- Updated dependencies [15549a9]
|
|
641
|
+
- Updated dependencies [cc7c0d2]
|
|
642
|
+
- Updated dependencies [9d3f00b]
|
|
643
|
+
- Updated dependencies [6557dc0]
|
|
644
|
+
- Updated dependencies [98a0410]
|
|
645
|
+
- Updated dependencies [efb48dc]
|
|
646
|
+
- Updated dependencies [efb48dc]
|
|
647
|
+
- @pnpm/deps.path@1002.0.0
|
|
648
|
+
- @pnpm/deps.graph-hasher@1003.0.0
|
|
649
|
+
- @pnpm/store.controller-types@1005.0.0
|
|
650
|
+
- @pnpm/resolving.resolver-base@1006.0.0
|
|
651
|
+
- @pnpm/resolving.npm-resolver@1005.0.0
|
|
652
|
+
- @pnpm/constants@1002.0.0
|
|
653
|
+
- @pnpm/lockfile.preferred-versions@1001.0.0
|
|
654
|
+
- @pnpm/types@1001.0.0
|
|
655
|
+
- @pnpm/lockfile.types@1003.0.0
|
|
656
|
+
- @pnpm/lockfile.utils@1004.0.0
|
|
657
|
+
- @pnpm/pkg-manifest.utils@1002.0.0
|
|
658
|
+
- @pnpm/pkg-manifest.reader@1001.0.0
|
|
659
|
+
- @pnpm/fetching.pick-fetcher@1002.0.0
|
|
660
|
+
- @pnpm/core-loggers@1002.0.0
|
|
661
|
+
- @pnpm/workspace.spec-parser@1001.0.0
|
|
662
|
+
- @pnpm/catalogs.resolver@1001.0.0
|
|
663
|
+
- @pnpm/deps.peer-range@1001.0.0
|
|
664
|
+
- @pnpm/lockfile.pruner@1002.0.0
|
|
665
|
+
- @pnpm/patching.config@1002.0.0
|
|
666
|
+
- @pnpm/catalogs.types@1001.0.0
|
|
667
|
+
- @pnpm/error@1001.0.0
|
|
668
|
+
- @pnpm/patching.types@1001.0.0
|
|
669
|
+
- @pnpm/hooks.types@1002.0.0
|
|
670
|
+
- @pnpm/config.version-policy@1000.0.1
|
|
671
|
+
|
|
672
|
+
## 1008.3.1
|
|
673
|
+
|
|
674
|
+
### Patch Changes
|
|
675
|
+
|
|
676
|
+
- Updated dependencies [6c3dcb8]
|
|
677
|
+
- @pnpm/npm-resolver@1004.4.1
|
|
678
|
+
|
|
679
|
+
## 1008.3.0
|
|
680
|
+
|
|
681
|
+
### Minor Changes
|
|
682
|
+
|
|
683
|
+
- 7c1382f: Added support for exact versions in `minimumReleaseAgeExclude` [#9985](https://github.com/pnpm/pnpm/issues/9985).
|
|
684
|
+
|
|
685
|
+
You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by `minimumReleaseAge`. For example:
|
|
686
|
+
|
|
687
|
+
```yaml
|
|
688
|
+
minimumReleaseAge: 1440
|
|
689
|
+
minimumReleaseAgeExclude:
|
|
690
|
+
- nx@21.6.5
|
|
691
|
+
- webpack@4.47.0 || 5.102.1
|
|
692
|
+
```
|
|
693
|
+
|
|
694
|
+
### Patch Changes
|
|
695
|
+
|
|
696
|
+
- Updated dependencies [7c1382f]
|
|
697
|
+
- Updated dependencies [7c1382f]
|
|
698
|
+
- Updated dependencies [dee39ec]
|
|
699
|
+
- Updated dependencies [dee39ec]
|
|
700
|
+
- @pnpm/types@1000.9.0
|
|
701
|
+
- @pnpm/resolver-base@1005.1.0
|
|
702
|
+
- @pnpm/npm-resolver@1004.4.0
|
|
703
|
+
- @pnpm/store-controller-types@1004.1.0
|
|
704
|
+
- @pnpm/config.version-policy@1000.0.0
|
|
705
|
+
- @pnpm/lockfile.preferred-versions@1000.0.22
|
|
706
|
+
- @pnpm/lockfile.pruner@1001.0.17
|
|
707
|
+
- @pnpm/lockfile.types@1002.0.2
|
|
708
|
+
- @pnpm/lockfile.utils@1003.0.3
|
|
709
|
+
- @pnpm/calc-dep-state@1002.0.8
|
|
710
|
+
- @pnpm/core-loggers@1001.0.4
|
|
711
|
+
- @pnpm/dependency-path@1001.1.3
|
|
712
|
+
- @pnpm/manifest-utils@1001.0.6
|
|
713
|
+
- @pnpm/read-package-json@1000.1.2
|
|
714
|
+
- @pnpm/pick-fetcher@1001.0.0
|
|
715
|
+
- @pnpm/patching.config@1001.0.11
|
|
716
|
+
|
|
717
|
+
## 1008.2.4
|
|
718
|
+
|
|
719
|
+
### Patch Changes
|
|
720
|
+
|
|
721
|
+
- 9c65b96: Preserve version and hasBin for variations packages [#10022](https://github.com/pnpm/pnpm/issues/10022).
|
|
722
|
+
|
|
723
|
+
## 1008.2.3
|
|
724
|
+
|
|
725
|
+
### Patch Changes
|
|
726
|
+
|
|
727
|
+
- a004e37: When using pnpm catalogs and running a normal `pnpm install`, pnpm produced false positive warnings for "_skip adding to the default catalog because it already exists_". This warning now only prints when using `pnpm add --save-catalog` as originally intended.
|
|
728
|
+
|
|
729
|
+
## 1008.2.2
|
|
730
|
+
|
|
731
|
+
### Patch Changes
|
|
732
|
+
|
|
733
|
+
- Updated dependencies [fb4da0c]
|
|
734
|
+
- @pnpm/npm-resolver@1004.3.0
|
|
735
|
+
- @pnpm/dependency-path@1001.1.2
|
|
736
|
+
- @pnpm/lockfile.pruner@1001.0.16
|
|
737
|
+
- @pnpm/lockfile.utils@1003.0.2
|
|
738
|
+
- @pnpm/calc-dep-state@1002.0.7
|
|
739
|
+
- @pnpm/patching.config@1001.0.10
|
|
740
|
+
- @pnpm/lockfile.preferred-versions@1000.0.21
|
|
741
|
+
|
|
742
|
+
## 1008.2.1
|
|
743
|
+
|
|
744
|
+
### Patch Changes
|
|
745
|
+
|
|
746
|
+
- Updated dependencies [baf8bf6]
|
|
747
|
+
- Updated dependencies [702ddb9]
|
|
748
|
+
- @pnpm/npm-resolver@1004.2.3
|
|
749
|
+
|
|
750
|
+
## 1008.2.0
|
|
751
|
+
|
|
752
|
+
### Minor Changes
|
|
753
|
+
|
|
754
|
+
- 3a58aaa: The `minimumReleaseAgeExclude` setting now supports patterns. For instance:
|
|
755
|
+
|
|
756
|
+
```yaml
|
|
757
|
+
minimumReleaseAge: 1440
|
|
758
|
+
minimumReleaseAgeExclude:
|
|
759
|
+
- "@eslint/*"
|
|
760
|
+
```
|
|
761
|
+
|
|
762
|
+
Related PR: [#9984](https://github.com/pnpm/pnpm/pull/9984).
|
|
763
|
+
|
|
764
|
+
### Patch Changes
|
|
765
|
+
|
|
766
|
+
- Updated dependencies [121b44e]
|
|
767
|
+
- Updated dependencies [02f8b69]
|
|
768
|
+
- @pnpm/npm-resolver@1004.2.2
|
|
769
|
+
|
|
770
|
+
## 1008.1.1
|
|
771
|
+
|
|
772
|
+
### Patch Changes
|
|
773
|
+
|
|
774
|
+
- Updated dependencies [6365bc4]
|
|
775
|
+
- @pnpm/constants@1001.3.1
|
|
776
|
+
- @pnpm/lockfile.pruner@1001.0.15
|
|
777
|
+
- @pnpm/calc-dep-state@1002.0.6
|
|
778
|
+
- @pnpm/error@1000.0.5
|
|
779
|
+
- @pnpm/npm-resolver@1004.2.1
|
|
780
|
+
- @pnpm/patching.config@1001.0.9
|
|
781
|
+
- @pnpm/manifest-utils@1001.0.5
|
|
782
|
+
- @pnpm/read-package-json@1000.1.1
|
|
783
|
+
- @pnpm/lockfile.preferred-versions@1000.0.20
|
|
784
|
+
|
|
785
|
+
## 1008.1.0
|
|
786
|
+
|
|
787
|
+
### Minor Changes
|
|
788
|
+
|
|
789
|
+
- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.
|
|
790
|
+
|
|
791
|
+
The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed.
|
|
792
|
+
|
|
793
|
+
If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:
|
|
794
|
+
|
|
795
|
+
```yaml
|
|
796
|
+
minimumReleaseAgeExclude:
|
|
797
|
+
- webpack
|
|
798
|
+
```
|
|
799
|
+
|
|
800
|
+
Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921).
|
|
801
|
+
|
|
802
|
+
### Patch Changes
|
|
803
|
+
|
|
804
|
+
- Updated dependencies [e792927]
|
|
805
|
+
- Updated dependencies [38e2599]
|
|
806
|
+
- Updated dependencies [e792927]
|
|
807
|
+
- @pnpm/read-package-json@1000.1.0
|
|
808
|
+
- @pnpm/npm-resolver@1004.2.0
|
|
809
|
+
- @pnpm/types@1000.8.0
|
|
810
|
+
- @pnpm/lockfile.preferred-versions@1000.0.19
|
|
811
|
+
- @pnpm/lockfile.pruner@1001.0.14
|
|
812
|
+
- @pnpm/lockfile.types@1002.0.1
|
|
813
|
+
- @pnpm/lockfile.utils@1003.0.1
|
|
814
|
+
- @pnpm/calc-dep-state@1002.0.5
|
|
815
|
+
- @pnpm/core-loggers@1001.0.3
|
|
816
|
+
- @pnpm/dependency-path@1001.1.1
|
|
817
|
+
- @pnpm/manifest-utils@1001.0.4
|
|
818
|
+
- @pnpm/resolver-base@1005.0.1
|
|
819
|
+
- @pnpm/store-controller-types@1004.0.2
|
|
820
|
+
- @pnpm/pick-fetcher@1001.0.0
|
|
821
|
+
- @pnpm/patching.config@1001.0.8
|
|
822
|
+
|
|
823
|
+
## 1008.0.2
|
|
824
|
+
|
|
825
|
+
### Patch Changes
|
|
826
|
+
|
|
827
|
+
- 3482fe1: When resolving peer dependencies, pnpm looks whether the peer dependency is present in the root workspace project's dependencies. This change makes it so that the peer dependency is correctly resolved even from aliased npm-hosted dependencies or other types of dependencies [#9913](https://github.com/pnpm/pnpm/issues/9913).
|
|
828
|
+
|
|
829
|
+
## 1008.0.1
|
|
830
|
+
|
|
831
|
+
### Patch Changes
|
|
832
|
+
|
|
833
|
+
- aa24e7f: When automatically installing missing peer dependencies, prefer versions that are already present in the direct dependencies of the root workspace package [#9835](https://github.com/pnpm/pnpm/pull/9835).
|
|
834
|
+
|
|
835
|
+
## 1008.0.0
|
|
836
|
+
|
|
837
|
+
### Major Changes
|
|
838
|
+
|
|
839
|
+
- d1edf73: Removed node fetcher. The binary fetcher should be used for downloading node assets.
|
|
840
|
+
- f91922c: Changed how the integrity of the node.js artifact is stored in the lockfile.
|
|
841
|
+
|
|
842
|
+
### Patch Changes
|
|
843
|
+
|
|
844
|
+
- Updated dependencies [d1edf73]
|
|
845
|
+
- Updated dependencies [d1edf73]
|
|
846
|
+
- Updated dependencies [86b33e9]
|
|
847
|
+
- Updated dependencies [d1edf73]
|
|
848
|
+
- Updated dependencies [adb097c]
|
|
849
|
+
- Updated dependencies [f91922c]
|
|
850
|
+
- @pnpm/dependency-path@1001.1.0
|
|
851
|
+
- @pnpm/constants@1001.3.0
|
|
852
|
+
- @pnpm/lockfile.types@1002.0.0
|
|
853
|
+
- @pnpm/lockfile.utils@1003.0.0
|
|
854
|
+
- @pnpm/resolver-base@1005.0.0
|
|
855
|
+
- @pnpm/pick-fetcher@1001.0.0
|
|
856
|
+
- @pnpm/read-package-json@1000.0.11
|
|
857
|
+
- @pnpm/lockfile.pruner@1001.0.13
|
|
858
|
+
- @pnpm/calc-dep-state@1002.0.4
|
|
859
|
+
- @pnpm/patching.config@1001.0.7
|
|
860
|
+
- @pnpm/error@1000.0.4
|
|
861
|
+
- @pnpm/npm-resolver@1004.1.3
|
|
862
|
+
- @pnpm/store-controller-types@1004.0.1
|
|
863
|
+
- @pnpm/lockfile.preferred-versions@1000.0.18
|
|
864
|
+
- @pnpm/catalogs.resolver@1000.0.5
|
|
865
|
+
- @pnpm/manifest-utils@1001.0.3
|
|
866
|
+
|
|
867
|
+
## 1007.2.0
|
|
868
|
+
|
|
869
|
+
### Minor Changes
|
|
870
|
+
|
|
871
|
+
- 1a07b8f: Added support for resolving and downloading the Node.js runtime specified in the [devEngines](https://github.com/openjs-foundation/package-metadata-interoperability-collab-space/issues/15) field of `package.json`.
|
|
872
|
+
|
|
873
|
+
Usage example:
|
|
874
|
+
|
|
875
|
+
```json
|
|
876
|
+
{
|
|
877
|
+
"devEngines": {
|
|
878
|
+
"runtime": {
|
|
879
|
+
"name": "node",
|
|
880
|
+
"version": "^24.4.0",
|
|
881
|
+
"onFail": "download"
|
|
882
|
+
}
|
|
883
|
+
}
|
|
884
|
+
}
|
|
885
|
+
```
|
|
886
|
+
|
|
887
|
+
When running `pnpm install`, pnpm will resolve Node.js to the latest version that satisfies the specified range and install it as a dependency of the project. As a result, when running scripts, the locally installed Node.js version will be used.
|
|
888
|
+
|
|
889
|
+
Unlike the existing options, `useNodeVersion` and `executionEnv.nodeVersion`, this new field supports version ranges, which are locked to exact versions during installation. The resolved version is stored in the pnpm lockfile, along with an integrity checksum for future validation of the Node.js content's validity.
|
|
890
|
+
|
|
891
|
+
Related PR: [#9755](https://github.com/pnpm/pnpm/pull/9755).
|
|
892
|
+
|
|
893
|
+
### Patch Changes
|
|
894
|
+
|
|
895
|
+
- ece236d: Fixed getManifestFromResponse.
|
|
896
|
+
- Updated dependencies [1a07b8f]
|
|
897
|
+
- Updated dependencies [2e85f29]
|
|
898
|
+
- Updated dependencies [1a07b8f]
|
|
899
|
+
- Updated dependencies [1a07b8f]
|
|
900
|
+
- Updated dependencies [1a07b8f]
|
|
901
|
+
- @pnpm/types@1000.7.0
|
|
902
|
+
- @pnpm/lockfile.utils@1002.1.0
|
|
903
|
+
- @pnpm/store-controller-types@1004.0.0
|
|
904
|
+
- @pnpm/resolver-base@1004.1.0
|
|
905
|
+
- @pnpm/pick-fetcher@1000.1.0
|
|
906
|
+
- @pnpm/lockfile.types@1001.1.0
|
|
907
|
+
- @pnpm/constants@1001.2.0
|
|
908
|
+
- @pnpm/lockfile.preferred-versions@1000.0.17
|
|
909
|
+
- @pnpm/lockfile.pruner@1001.0.12
|
|
910
|
+
- @pnpm/calc-dep-state@1002.0.3
|
|
911
|
+
- @pnpm/core-loggers@1001.0.2
|
|
912
|
+
- @pnpm/dependency-path@1001.0.2
|
|
913
|
+
- @pnpm/manifest-utils@1001.0.2
|
|
914
|
+
- @pnpm/read-package-json@1000.0.10
|
|
915
|
+
- @pnpm/npm-resolver@1004.1.2
|
|
916
|
+
- @pnpm/error@1000.0.3
|
|
917
|
+
- @pnpm/patching.config@1001.0.6
|
|
918
|
+
- @pnpm/catalogs.resolver@1000.0.4
|
|
919
|
+
|
|
920
|
+
## 1007.1.3
|
|
921
|
+
|
|
922
|
+
### Patch Changes
|
|
923
|
+
|
|
924
|
+
- @pnpm/dependency-path@1001.0.1
|
|
925
|
+
- @pnpm/npm-resolver@1004.1.1
|
|
926
|
+
- @pnpm/lockfile.pruner@1001.0.11
|
|
927
|
+
- @pnpm/lockfile.utils@1002.0.1
|
|
928
|
+
- @pnpm/calc-dep-state@1002.0.2
|
|
929
|
+
- @pnpm/patching.config@1001.0.5
|
|
930
|
+
- @pnpm/lockfile.preferred-versions@1000.0.16
|
|
931
|
+
|
|
932
|
+
## 1007.1.2
|
|
933
|
+
|
|
934
|
+
### Patch Changes
|
|
935
|
+
|
|
936
|
+
- 5d046bb: Fix a deadlock that sometimes happens during peer dependency resolution [#9673](https://github.com/pnpm/pnpm/issues/9673).
|
|
937
|
+
|
|
938
|
+
## 1007.1.1
|
|
939
|
+
|
|
940
|
+
### Patch Changes
|
|
941
|
+
|
|
942
|
+
- Updated dependencies [540986f]
|
|
943
|
+
- @pnpm/dependency-path@1001.0.0
|
|
944
|
+
- @pnpm/lockfile.utils@1002.0.0
|
|
945
|
+
- @pnpm/lockfile.pruner@1001.0.10
|
|
946
|
+
- @pnpm/calc-dep-state@1002.0.1
|
|
947
|
+
- @pnpm/patching.config@1001.0.4
|
|
948
|
+
- @pnpm/lockfile.preferred-versions@1000.0.15
|
|
949
|
+
|
|
950
|
+
## 1007.1.0
|
|
951
|
+
|
|
952
|
+
### Minor Changes
|
|
953
|
+
|
|
954
|
+
- 5ab40c1: The `pnpm update` command now supports updating `catalog:` protocol dependencies and writes new specifiers to `pnpm-workspace.yaml`.
|
|
955
|
+
- c8341cc: Added two new CLI options (`--save-catalog` and `--save-catalog-name=<name>`) to `pnpm add` to save new dependencies as catalog entries. `catalog:` or `catalog:<name>` will be added to `package.json` and the package specifier will be added to the `catalogs` or `catalog[<name>]` object in `pnpm-workspace.yaml` [#9425](https://github.com/pnpm/pnpm/issues/9425).
|
|
956
|
+
- b0ead51: **Experimental**. Added support for global virtual stores. When the global virtual store is enabled, `node_modules` doesn’t contain regular files, only symlinks to a central virtual store (by default the central store is located at `<store-path>/links`; run `pnpm store path` to find `<store-path>`).
|
|
957
|
+
|
|
958
|
+
To enable the global virtual store, add `enableGlobalVirtualStore: true` to your root `pnpm-workspace.yaml`.
|
|
959
|
+
|
|
960
|
+
A global virtual store can make installations significantly faster when a warm cache is present. In CI, however, it will probably slow installations because there is usually no cache.
|
|
961
|
+
|
|
962
|
+
Related PR: [#8190](https://github.com/pnpm/pnpm/pull/8190).
|
|
963
|
+
|
|
964
|
+
### Patch Changes
|
|
965
|
+
|
|
966
|
+
- Updated dependencies [2721291]
|
|
967
|
+
- Updated dependencies [6acf819]
|
|
968
|
+
- Updated dependencies [b0ead51]
|
|
969
|
+
- Updated dependencies [b3898db]
|
|
970
|
+
- Updated dependencies [b0ead51]
|
|
971
|
+
- @pnpm/resolver-base@1004.0.0
|
|
972
|
+
- @pnpm/npm-resolver@1004.1.0
|
|
973
|
+
- @pnpm/pick-fetcher@1000.0.1
|
|
974
|
+
- @pnpm/calc-dep-state@1002.0.0
|
|
975
|
+
- @pnpm/lockfile.preferred-versions@1000.0.14
|
|
976
|
+
- @pnpm/lockfile.utils@1001.0.12
|
|
977
|
+
- @pnpm/store-controller-types@1003.0.3
|
|
978
|
+
|
|
979
|
+
## 1007.0.2
|
|
980
|
+
|
|
981
|
+
### Patch Changes
|
|
982
|
+
|
|
983
|
+
- 509948d: Fix a regression (in v10.9.0) causing the `--lockfile-only` flag on `pnpm update` to produce a different `pnpm-lock.yaml` than an update without the flag.
|
|
984
|
+
- Updated dependencies [509948d]
|
|
985
|
+
- @pnpm/store-controller-types@1003.0.2
|
|
986
|
+
|
|
987
|
+
## 1007.0.1
|
|
988
|
+
|
|
989
|
+
### Patch Changes
|
|
990
|
+
|
|
991
|
+
- 09cf46f: Update `@pnpm/logger` in peer dependencies.
|
|
992
|
+
- Updated dependencies [09cf46f]
|
|
993
|
+
- Updated dependencies [5ec7255]
|
|
994
|
+
- Updated dependencies [c24c66e]
|
|
995
|
+
- @pnpm/npm-resolver@1004.0.1
|
|
996
|
+
- @pnpm/core-loggers@1001.0.1
|
|
997
|
+
- @pnpm/patching.config@1001.0.3
|
|
998
|
+
- @pnpm/types@1000.6.0
|
|
999
|
+
- @pnpm/store-controller-types@1003.0.1
|
|
1000
|
+
- @pnpm/manifest-utils@1001.0.1
|
|
1001
|
+
- @pnpm/lockfile.preferred-versions@1000.0.13
|
|
1002
|
+
- @pnpm/lockfile.pruner@1001.0.9
|
|
1003
|
+
- @pnpm/lockfile.types@1001.0.8
|
|
1004
|
+
- @pnpm/lockfile.utils@1001.0.11
|
|
1005
|
+
- @pnpm/dependency-path@1000.0.9
|
|
1006
|
+
- @pnpm/read-package-json@1000.0.9
|
|
1007
|
+
- @pnpm/resolver-base@1003.0.1
|
|
1008
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1009
|
+
|
|
1010
|
+
## 1007.0.0
|
|
1011
|
+
|
|
1012
|
+
### Major Changes
|
|
1013
|
+
|
|
1014
|
+
- 8a9f3a4: `pref` renamed to `bareSpecifier`.
|
|
1015
|
+
- 5b73df1: Renamed `normalizedPref` to `specifiers`.
|
|
1016
|
+
|
|
1017
|
+
### Minor Changes
|
|
1018
|
+
|
|
1019
|
+
- 9c3dd03: **Added support for installing JSR packages.** You can now install JSR packages using the following syntax:
|
|
1020
|
+
|
|
1021
|
+
```
|
|
1022
|
+
pnpm add jsr:<pkg_name>
|
|
1023
|
+
```
|
|
1024
|
+
|
|
1025
|
+
or with a version range:
|
|
1026
|
+
|
|
1027
|
+
```
|
|
1028
|
+
pnpm add jsr:<pkg_name>@<range>
|
|
1029
|
+
```
|
|
1030
|
+
|
|
1031
|
+
For example, running:
|
|
1032
|
+
|
|
1033
|
+
```
|
|
1034
|
+
pnpm add jsr:@foo/bar
|
|
1035
|
+
```
|
|
1036
|
+
|
|
1037
|
+
will add the following entry to your `package.json`:
|
|
1038
|
+
|
|
1039
|
+
```json
|
|
1040
|
+
{
|
|
1041
|
+
"dependencies": {
|
|
1042
|
+
"@foo/bar": "jsr:^0.1.2"
|
|
1043
|
+
}
|
|
1044
|
+
}
|
|
1045
|
+
```
|
|
1046
|
+
|
|
1047
|
+
When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions:
|
|
1048
|
+
|
|
1049
|
+
```json
|
|
1050
|
+
{
|
|
1051
|
+
"dependencies": {
|
|
1052
|
+
"@foo/bar": "npm:@jsr/foo__bar@^0.1.2"
|
|
1053
|
+
}
|
|
1054
|
+
}
|
|
1055
|
+
```
|
|
1056
|
+
|
|
1057
|
+
Related issue: [#8941](https://github.com/pnpm/pnpm/issues/8941).
|
|
1058
|
+
|
|
1059
|
+
Note: The `@jsr` scope defaults to <https://npm.jsr.io/> if the `@jsr:registry` setting is not defined.
|
|
1060
|
+
|
|
1061
|
+
### Patch Changes
|
|
1062
|
+
|
|
1063
|
+
- Updated dependencies [8a9f3a4]
|
|
1064
|
+
- Updated dependencies [5b73df1]
|
|
1065
|
+
- Updated dependencies [5b73df1]
|
|
1066
|
+
- Updated dependencies [9c3dd03]
|
|
1067
|
+
- Updated dependencies [5b73df1]
|
|
1068
|
+
- @pnpm/store-controller-types@1003.0.0
|
|
1069
|
+
- @pnpm/resolver-base@1003.0.0
|
|
1070
|
+
- @pnpm/npm-resolver@1004.0.0
|
|
1071
|
+
- @pnpm/core-loggers@1001.0.0
|
|
1072
|
+
- @pnpm/logger@1001.0.0
|
|
1073
|
+
- @pnpm/manifest-utils@1001.0.0
|
|
1074
|
+
- @pnpm/types@1000.5.0
|
|
1075
|
+
- @pnpm/catalogs.resolver@1000.0.3
|
|
1076
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1077
|
+
- @pnpm/lockfile.preferred-versions@1000.0.12
|
|
1078
|
+
- @pnpm/lockfile.utils@1001.0.10
|
|
1079
|
+
- @pnpm/lockfile.pruner@1001.0.8
|
|
1080
|
+
- @pnpm/lockfile.types@1001.0.7
|
|
1081
|
+
- @pnpm/dependency-path@1000.0.8
|
|
1082
|
+
- @pnpm/read-package-json@1000.0.8
|
|
1083
|
+
- @pnpm/patching.config@1001.0.2
|
|
1084
|
+
|
|
1085
|
+
## 1006.0.0
|
|
1086
|
+
|
|
1087
|
+
### Major Changes
|
|
1088
|
+
|
|
1089
|
+
- 81f441c: Removed `raw` from `WantedDependency` object. Remove `updateWorkspaceDependencies` field.
|
|
1090
|
+
|
|
1091
|
+
### Patch Changes
|
|
1092
|
+
|
|
1093
|
+
- Updated dependencies [81f441c]
|
|
1094
|
+
- @pnpm/resolver-base@1002.0.0
|
|
1095
|
+
- @pnpm/npm-resolver@1003.0.0
|
|
1096
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1097
|
+
- @pnpm/lockfile.preferred-versions@1000.0.11
|
|
1098
|
+
- @pnpm/lockfile.utils@1001.0.9
|
|
1099
|
+
- @pnpm/store-controller-types@1002.0.1
|
|
1100
|
+
|
|
1101
|
+
## 1005.0.1
|
|
1102
|
+
|
|
1103
|
+
### Patch Changes
|
|
1104
|
+
|
|
1105
|
+
- 72cff38: The resolving function now takes a `registries` object, so it finds the required registry itself instead of receiving it from package requester.
|
|
1106
|
+
- Updated dependencies [750ae7d]
|
|
1107
|
+
- Updated dependencies [72cff38]
|
|
1108
|
+
- Updated dependencies [750ae7d]
|
|
1109
|
+
- @pnpm/types@1000.4.0
|
|
1110
|
+
- @pnpm/store-controller-types@1002.0.0
|
|
1111
|
+
- @pnpm/resolver-base@1001.0.0
|
|
1112
|
+
- @pnpm/npm-resolver@1002.0.0
|
|
1113
|
+
- @pnpm/core-loggers@1000.2.0
|
|
1114
|
+
- @pnpm/lockfile.preferred-versions@1000.0.10
|
|
1115
|
+
- @pnpm/lockfile.pruner@1001.0.7
|
|
1116
|
+
- @pnpm/lockfile.types@1001.0.6
|
|
1117
|
+
- @pnpm/lockfile.utils@1001.0.8
|
|
1118
|
+
- @pnpm/dependency-path@1000.0.7
|
|
1119
|
+
- @pnpm/manifest-utils@1000.0.8
|
|
1120
|
+
- @pnpm/read-package-json@1000.0.7
|
|
1121
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1122
|
+
- @pnpm/patching.config@1001.0.1
|
|
1123
|
+
|
|
1124
|
+
## 1005.0.0
|
|
1125
|
+
|
|
1126
|
+
### Major Changes
|
|
1127
|
+
|
|
1128
|
+
- 5f7be64: Add an ability to patch dependencies by version ranges. Exact versions override version ranges, which in turn override name-only patches. Version range `*` is the same as name-only, except that patch application failure will not be ignored.
|
|
1129
|
+
|
|
1130
|
+
For example:
|
|
1131
|
+
|
|
1132
|
+
```yaml
|
|
1133
|
+
patchedDependencies:
|
|
1134
|
+
foo: patches/foo-1.patch
|
|
1135
|
+
foo@^2.0.0: patches/foo-2.patch
|
|
1136
|
+
foo@2.1.0: patches/foo-3.patch
|
|
1137
|
+
```
|
|
1138
|
+
|
|
1139
|
+
The above configuration would apply `patches/foo-3.patch` to `foo@2.1.0`, `patches/foo-2.patch` to all `foo` versions which satisfy `^2.0.0` except `2.1.0`, and `patches/foo-1.patch` to the remaining `foo` versions.
|
|
1140
|
+
|
|
1141
|
+
> [!WARNING]
|
|
1142
|
+
> The version ranges should not overlap. If you want to specialize a sub range, make sure to exclude it from the other keys. For example:
|
|
1143
|
+
>
|
|
1144
|
+
> ```yaml
|
|
1145
|
+
> # pnpm-workspace.yaml
|
|
1146
|
+
> patchedDependencies:
|
|
1147
|
+
> # the specialized sub range
|
|
1148
|
+
> 'foo@2.2.0-2.8.0': patches/foo.2.2.0-2.8.0.patch
|
|
1149
|
+
> # the more general patch, excluding the sub range above
|
|
1150
|
+
> 'foo@>=2.0.0 <2.2.0 || >2.8.0': 'patches/foo.gte2.patch
|
|
1151
|
+
> ```
|
|
1152
|
+
>
|
|
1153
|
+
> In most cases, however, it's sufficient to just define an exact version to override the range.
|
|
1154
|
+
|
|
1155
|
+
- 5f7be64: Rename `pnpm.allowNonAppliedPatches` to `pnpm.allowUnusedPatches`. The old name is still supported but it would print a deprecation warning message.
|
|
1156
|
+
- 5f7be64: Add `pnpm.ignorePatchFailures` to manage whether pnpm would ignore patch application failures.
|
|
1157
|
+
|
|
1158
|
+
If `ignorePatchFailures` is not set, pnpm would throw an error when patches with exact versions or version ranges fail to apply, and it would ignore failures from name-only patches.
|
|
1159
|
+
|
|
1160
|
+
If `ignorePatchFailures` is explicitly set to `false`, pnpm would throw an error when any type of patch fails to apply.
|
|
1161
|
+
|
|
1162
|
+
If `ignorePatchFailures` is explicitly set to `true`, pnpm would print a warning when any type of patch fails to apply.
|
|
1163
|
+
|
|
1164
|
+
### Patch Changes
|
|
1165
|
+
|
|
1166
|
+
- Updated dependencies [5f7be64]
|
|
1167
|
+
- Updated dependencies [5f7be64]
|
|
1168
|
+
- Updated dependencies [5f7be64]
|
|
1169
|
+
- @pnpm/patching.config@1001.0.0
|
|
1170
|
+
- @pnpm/patching.types@1000.1.0
|
|
1171
|
+
- @pnpm/types@1000.3.0
|
|
1172
|
+
- @pnpm/lockfile.types@1001.0.5
|
|
1173
|
+
- @pnpm/pick-registry-for-package@1000.0.5
|
|
1174
|
+
- @pnpm/lockfile.preferred-versions@1000.0.9
|
|
1175
|
+
- @pnpm/lockfile.pruner@1001.0.6
|
|
1176
|
+
- @pnpm/lockfile.utils@1001.0.7
|
|
1177
|
+
- @pnpm/core-loggers@1000.1.5
|
|
1178
|
+
- @pnpm/dependency-path@1000.0.6
|
|
1179
|
+
- @pnpm/manifest-utils@1000.0.7
|
|
1180
|
+
- @pnpm/read-package-json@1000.0.6
|
|
1181
|
+
- @pnpm/npm-resolver@1001.0.1
|
|
1182
|
+
- @pnpm/resolver-base@1000.2.1
|
|
1183
|
+
- @pnpm/store-controller-types@1001.0.5
|
|
1184
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1185
|
+
|
|
1186
|
+
## 1004.0.7
|
|
1187
|
+
|
|
1188
|
+
### Patch Changes
|
|
1189
|
+
|
|
1190
|
+
- f0f95ab: Fix usages of the [`catalog:` protocol](https://pnpm.io/catalogs) in [injected local workspace packages](https://pnpm.io/package_json#dependenciesmetainjected). This previously errored with `ERR_PNPM_SPEC_NOT_SUPPORTED_BY_ANY_RESOLVER`. [#8715](https://github.com/pnpm/pnpm/issues/8715)
|
|
1191
|
+
- Updated dependencies [3d52365]
|
|
1192
|
+
- @pnpm/resolver-base@1000.2.0
|
|
1193
|
+
- @pnpm/npm-resolver@1001.0.0
|
|
1194
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1195
|
+
- @pnpm/lockfile.preferred-versions@1000.0.8
|
|
1196
|
+
- @pnpm/lockfile.utils@1001.0.6
|
|
1197
|
+
- @pnpm/store-controller-types@1001.0.4
|
|
1198
|
+
|
|
1199
|
+
## 1004.0.6
|
|
1200
|
+
|
|
1201
|
+
### Patch Changes
|
|
1202
|
+
|
|
1203
|
+
- @pnpm/dependency-path@1000.0.5
|
|
1204
|
+
- @pnpm/npm-resolver@1000.1.7
|
|
1205
|
+
- @pnpm/lockfile.pruner@1001.0.5
|
|
1206
|
+
- @pnpm/lockfile.utils@1001.0.5
|
|
1207
|
+
- @pnpm/lockfile.preferred-versions@1000.0.7
|
|
1208
|
+
|
|
1209
|
+
## 1004.0.5
|
|
1210
|
+
|
|
1211
|
+
### Patch Changes
|
|
1212
|
+
|
|
1213
|
+
- Updated dependencies [8371664]
|
|
1214
|
+
- @pnpm/npm-resolver@1000.1.6
|
|
1215
|
+
|
|
1216
|
+
## 1004.0.4
|
|
1217
|
+
|
|
1218
|
+
### Patch Changes
|
|
1219
|
+
|
|
1220
|
+
- Updated dependencies [a5e4965]
|
|
1221
|
+
- @pnpm/types@1000.2.1
|
|
1222
|
+
- @pnpm/dependency-path@1000.0.4
|
|
1223
|
+
- @pnpm/npm-resolver@1000.1.5
|
|
1224
|
+
- @pnpm/pick-registry-for-package@1000.0.4
|
|
1225
|
+
- @pnpm/lockfile.preferred-versions@1000.0.6
|
|
1226
|
+
- @pnpm/lockfile.pruner@1001.0.4
|
|
1227
|
+
- @pnpm/lockfile.types@1001.0.4
|
|
1228
|
+
- @pnpm/lockfile.utils@1001.0.4
|
|
1229
|
+
- @pnpm/core-loggers@1000.1.4
|
|
1230
|
+
- @pnpm/manifest-utils@1000.0.6
|
|
1231
|
+
- @pnpm/read-package-json@1000.0.5
|
|
1232
|
+
- @pnpm/resolver-base@1000.1.4
|
|
1233
|
+
- @pnpm/store-controller-types@1001.0.3
|
|
1234
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1235
|
+
|
|
1236
|
+
## 1004.0.3
|
|
1237
|
+
|
|
1238
|
+
### Patch Changes
|
|
1239
|
+
|
|
1240
|
+
- Updated dependencies [8fcc221]
|
|
1241
|
+
- @pnpm/types@1000.2.0
|
|
1242
|
+
- @pnpm/pick-registry-for-package@1000.0.3
|
|
1243
|
+
- @pnpm/lockfile.preferred-versions@1000.0.5
|
|
1244
|
+
- @pnpm/lockfile.pruner@1001.0.3
|
|
1245
|
+
- @pnpm/lockfile.types@1001.0.3
|
|
1246
|
+
- @pnpm/lockfile.utils@1001.0.3
|
|
1247
|
+
- @pnpm/core-loggers@1000.1.3
|
|
1248
|
+
- @pnpm/dependency-path@1000.0.3
|
|
1249
|
+
- @pnpm/manifest-utils@1000.0.5
|
|
1250
|
+
- @pnpm/read-package-json@1000.0.4
|
|
1251
|
+
- @pnpm/npm-resolver@1000.1.4
|
|
1252
|
+
- @pnpm/resolver-base@1000.1.3
|
|
1253
|
+
- @pnpm/store-controller-types@1001.0.2
|
|
1254
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1255
|
+
|
|
1256
|
+
## 1004.0.2
|
|
1257
|
+
|
|
1258
|
+
### Patch Changes
|
|
1259
|
+
|
|
1260
|
+
- e8c2b17: Prevent `overrides` from adding invalid version ranges to `peerDependencies` by keeping the `peerDependencies` and overriding them with prod `dependencies` [#8978](https://github.com/pnpm/pnpm/issues/8978).
|
|
1261
|
+
- Updated dependencies [e8c2b17]
|
|
1262
|
+
- @pnpm/semver.peer-range@1000.0.0
|
|
1263
|
+
|
|
1264
|
+
## 1004.0.1
|
|
1265
|
+
|
|
1266
|
+
### Patch Changes
|
|
1267
|
+
|
|
1268
|
+
- ea58bfd: Allow `workspace:` and `catalog:` to be part of wider version range in `peerDependencies`.
|
|
1269
|
+
- Updated dependencies [9a44e6c]
|
|
1270
|
+
- Updated dependencies [b562deb]
|
|
1271
|
+
- @pnpm/constants@1001.1.0
|
|
1272
|
+
- @pnpm/types@1000.1.1
|
|
1273
|
+
- @pnpm/lockfile.pruner@1001.0.2
|
|
1274
|
+
- @pnpm/error@1000.0.2
|
|
1275
|
+
- @pnpm/npm-resolver@1000.1.3
|
|
1276
|
+
- @pnpm/pick-registry-for-package@1000.0.2
|
|
1277
|
+
- @pnpm/lockfile.preferred-versions@1000.0.4
|
|
1278
|
+
- @pnpm/lockfile.types@1001.0.2
|
|
1279
|
+
- @pnpm/lockfile.utils@1001.0.2
|
|
1280
|
+
- @pnpm/core-loggers@1000.1.2
|
|
1281
|
+
- @pnpm/dependency-path@1000.0.2
|
|
1282
|
+
- @pnpm/manifest-utils@1000.0.4
|
|
1283
|
+
- @pnpm/read-package-json@1000.0.3
|
|
1284
|
+
- @pnpm/resolver-base@1000.1.2
|
|
1285
|
+
- @pnpm/store-controller-types@1001.0.1
|
|
1286
|
+
- @pnpm/catalogs.resolver@1000.0.2
|
|
1287
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1288
|
+
|
|
1289
|
+
## 1004.0.0
|
|
1290
|
+
|
|
1291
|
+
### Major Changes
|
|
1292
|
+
|
|
1293
|
+
- 26fe994: Refuse to install when `peerDependencies` has specifications that don't make sense.
|
|
1294
|
+
|
|
1295
|
+
### Patch Changes
|
|
1296
|
+
|
|
1297
|
+
- dde650b: Fix a case in `resolveDependencies`, whereby an importer that should not have been updated altogether, was being updated when `updateToLatest` was specified in the options.
|
|
1298
|
+
- Updated dependencies [dde650b]
|
|
1299
|
+
- @pnpm/store-controller-types@1001.0.0
|
|
1300
|
+
|
|
1301
|
+
## 1003.0.0
|
|
1302
|
+
|
|
1303
|
+
### Major Changes
|
|
1304
|
+
|
|
1305
|
+
- c7eefdd: The `updateToLatest` option is now part of projects/importers, instead of an option of the resolution/installation.
|
|
1306
|
+
|
|
1307
|
+
### Patch Changes
|
|
1308
|
+
|
|
1309
|
+
- Updated dependencies [9591a18]
|
|
1310
|
+
- @pnpm/types@1000.1.0
|
|
1311
|
+
- @pnpm/pick-registry-for-package@1000.0.1
|
|
1312
|
+
- @pnpm/lockfile.preferred-versions@1000.0.3
|
|
1313
|
+
- @pnpm/lockfile.pruner@1001.0.1
|
|
1314
|
+
- @pnpm/lockfile.types@1001.0.1
|
|
1315
|
+
- @pnpm/lockfile.utils@1001.0.1
|
|
1316
|
+
- @pnpm/core-loggers@1000.1.1
|
|
1317
|
+
- @pnpm/dependency-path@1000.0.1
|
|
1318
|
+
- @pnpm/manifest-utils@1000.0.3
|
|
1319
|
+
- @pnpm/read-package-json@1000.0.2
|
|
1320
|
+
- @pnpm/npm-resolver@1000.1.2
|
|
1321
|
+
- @pnpm/resolver-base@1000.1.1
|
|
1322
|
+
- @pnpm/store-controller-types@1000.1.1
|
|
1323
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1324
|
+
|
|
1325
|
+
## 1002.0.0
|
|
1326
|
+
|
|
1327
|
+
### Major Changes
|
|
1328
|
+
|
|
1329
|
+
- 512465c: Remove `allowBuild` from options.
|
|
1330
|
+
|
|
1331
|
+
### Patch Changes
|
|
1332
|
+
|
|
1333
|
+
- 3bc9d5c: Installation with hoisted node_modules should not fail, when a dependency has itself in its own peer dependencies [#8854](https://github.com/pnpm/pnpm/issues/8854).
|
|
1334
|
+
- Updated dependencies [516c4b3]
|
|
1335
|
+
- @pnpm/core-loggers@1000.1.0
|
|
1336
|
+
- @pnpm/manifest-utils@1000.0.2
|
|
1337
|
+
- @pnpm/npm-resolver@1000.1.1
|
|
1338
|
+
- @pnpm/lockfile.preferred-versions@1000.0.2
|
|
1339
|
+
|
|
1340
|
+
## 1001.0.0
|
|
1341
|
+
|
|
1342
|
+
### Major Changes
|
|
1343
|
+
|
|
1344
|
+
- a76da0c: Removed lockfile conversion from v6 to v9. If you need to convert lockfile v6 to v9, use pnpm CLI v9.
|
|
1345
|
+
|
|
1346
|
+
### Minor Changes
|
|
1347
|
+
|
|
1348
|
+
- 6483b64: A new setting, `inject-workspace-packages`, has been added to allow hard-linking all local workspace dependencies instead of symlinking them. Previously, this behavior was achievable via the [`dependenciesMeta[].injected`](https://pnpm.io/package_json#dependenciesmetainjected) setting, which remains supported [#8836](https://github.com/pnpm/pnpm/pull/8836).
|
|
1349
|
+
|
|
1350
|
+
### Patch Changes
|
|
1351
|
+
|
|
1352
|
+
- Updated dependencies [d2e83b0]
|
|
1353
|
+
- Updated dependencies [6483b64]
|
|
1354
|
+
- Updated dependencies [a76da0c]
|
|
1355
|
+
- @pnpm/constants@1001.0.0
|
|
1356
|
+
- @pnpm/store-controller-types@1000.1.0
|
|
1357
|
+
- @pnpm/resolver-base@1000.1.0
|
|
1358
|
+
- @pnpm/npm-resolver@1000.1.0
|
|
1359
|
+
- @pnpm/lockfile.types@1001.0.0
|
|
1360
|
+
- @pnpm/lockfile.pruner@1001.0.0
|
|
1361
|
+
- @pnpm/lockfile.utils@1001.0.0
|
|
1362
|
+
- @pnpm/error@1000.0.1
|
|
1363
|
+
- @pnpm/pick-fetcher@1000.0.0
|
|
1364
|
+
- @pnpm/lockfile.preferred-versions@1000.0.1
|
|
1365
|
+
- @pnpm/catalogs.resolver@1000.0.1
|
|
1366
|
+
- @pnpm/manifest-utils@1000.0.1
|
|
1367
|
+
- @pnpm/read-package-json@1000.0.1
|
|
1368
|
+
|
|
1369
|
+
## 36.0.7
|
|
1370
|
+
|
|
1371
|
+
### Patch Changes
|
|
1372
|
+
|
|
1373
|
+
- 5b91ec4: Don't duplicate leaf nodes in dependenciesTree.
|
|
1374
|
+
- ee5dde3: Fix `Cannot read properties of undefined (reading 'name')` that is printed while trying to render the missing peer dependencies warning message [#8538](https://github.com/pnpm/pnpm/issues/8538).
|
|
1375
|
+
- 52d2965: Fixed some edge cases where resolving circular peer dependencies caused a dead lock [#8720](https://github.com/pnpm/pnpm/issues/8720).
|
|
1376
|
+
- bd01a2a: Detection of circular peer dependencies should not crash with aliased dependencies [#8759](https://github.com/pnpm/pnpm/issues/8759). Fixes a regression introduced in the previous version.
|
|
1377
|
+
- Updated dependencies [19d5b51]
|
|
1378
|
+
- Updated dependencies [8108680]
|
|
1379
|
+
- Updated dependencies [dcd2917]
|
|
1380
|
+
- Updated dependencies [501c152]
|
|
1381
|
+
- Updated dependencies [d55b259]
|
|
1382
|
+
- Updated dependencies [c4f5231]
|
|
1383
|
+
- @pnpm/constants@10.0.0
|
|
1384
|
+
- @pnpm/dependency-path@6.0.0
|
|
1385
|
+
- @pnpm/npm-resolver@22.0.0
|
|
1386
|
+
- @pnpm/lockfile.pruner@0.0.7
|
|
1387
|
+
- @pnpm/error@6.0.3
|
|
1388
|
+
- @pnpm/lockfile.utils@1.0.5
|
|
1389
|
+
- @pnpm/store-controller-types@18.1.6
|
|
1390
|
+
- @pnpm/catalogs.resolver@0.1.2
|
|
1391
|
+
- @pnpm/manifest-utils@6.0.10
|
|
1392
|
+
- @pnpm/read-package-json@9.0.10
|
|
1393
|
+
- @pnpm/lockfile.preferred-versions@1.0.15
|
|
1394
|
+
|
|
1395
|
+
## 36.0.6
|
|
1396
|
+
|
|
1397
|
+
### Patch Changes
|
|
1398
|
+
|
|
1399
|
+
- Updated dependencies [222d10a]
|
|
1400
|
+
- @pnpm/npm-resolver@21.1.1
|
|
1401
|
+
- @pnpm/dependency-path@5.1.7
|
|
1402
|
+
- @pnpm/lockfile.pruner@0.0.6
|
|
1403
|
+
- @pnpm/lockfile.utils@1.0.4
|
|
1404
|
+
- @pnpm/lockfile.preferred-versions@1.0.14
|
|
1405
|
+
|
|
1406
|
+
## 36.0.5
|
|
1407
|
+
|
|
1408
|
+
### Patch Changes
|
|
1409
|
+
|
|
1410
|
+
- 4f4e073: `pnpm update --latest` should not update the automatically installed peer dependencies [#6657](https://github.com/pnpm/pnpm/issues/6657).
|
|
1411
|
+
|
|
1412
|
+
## 36.0.4
|
|
1413
|
+
|
|
1414
|
+
### Patch Changes
|
|
1415
|
+
|
|
1416
|
+
- d7b9ae5: Fix peer dependency resolution dead lock [#8570](https://github.com/pnpm/pnpm/issues/8570). This change might change some of the keys in the `snapshots` field inside `pnpm-lock.yaml` but it should happen very rarely.
|
|
1417
|
+
- Updated dependencies [83681da]
|
|
1418
|
+
- @pnpm/constants@9.0.0
|
|
1419
|
+
- @pnpm/npm-resolver@21.1.0
|
|
1420
|
+
- @pnpm/lockfile.pruner@0.0.5
|
|
1421
|
+
- @pnpm/error@6.0.2
|
|
1422
|
+
- @pnpm/catalogs.resolver@0.1.1
|
|
1423
|
+
- @pnpm/manifest-utils@6.0.9
|
|
1424
|
+
- @pnpm/read-package-json@9.0.9
|
|
1425
|
+
- @pnpm/lockfile.preferred-versions@1.0.13
|
|
1426
|
+
|
|
1427
|
+
## 36.0.3
|
|
1428
|
+
|
|
1429
|
+
### Patch Changes
|
|
1430
|
+
|
|
1431
|
+
- Updated dependencies [d500d9f]
|
|
1432
|
+
- @pnpm/types@12.2.0
|
|
1433
|
+
- @pnpm/pick-registry-for-package@6.0.7
|
|
1434
|
+
- @pnpm/lockfile.preferred-versions@1.0.12
|
|
1435
|
+
- @pnpm/lockfile.pruner@0.0.4
|
|
1436
|
+
- @pnpm/lockfile.types@1.0.3
|
|
1437
|
+
- @pnpm/lockfile.utils@1.0.3
|
|
1438
|
+
- @pnpm/core-loggers@10.0.7
|
|
1439
|
+
- @pnpm/dependency-path@5.1.6
|
|
1440
|
+
- @pnpm/manifest-utils@6.0.8
|
|
1441
|
+
- @pnpm/read-package-json@9.0.8
|
|
1442
|
+
- @pnpm/npm-resolver@21.0.5
|
|
1443
|
+
- @pnpm/resolver-base@13.0.4
|
|
1444
|
+
- @pnpm/store-controller-types@18.1.6
|
|
1445
|
+
- @pnpm/pick-fetcher@3.0.0
|
|
1446
|
+
|
|
1447
|
+
## 36.0.2
|
|
1448
|
+
|
|
1449
|
+
### Patch Changes
|
|
1450
|
+
|
|
1451
|
+
- 96aa4bc: Reduce memory usage during peer dependencies resolution [#8478](https://github.com/pnpm/pnpm/pull/8478).
|
|
1452
|
+
|
|
1453
|
+
## 36.0.1
|
|
1454
|
+
|
|
1455
|
+
### Patch Changes
|
|
1456
|
+
|
|
1457
|
+
- Updated dependencies [7ee59a1]
|
|
1458
|
+
- @pnpm/types@12.1.0
|
|
1459
|
+
- @pnpm/pick-registry-for-package@6.0.6
|
|
1460
|
+
- @pnpm/lockfile.preferred-versions@1.0.11
|
|
1461
|
+
- @pnpm/lockfile.pruner@0.0.3
|
|
1462
|
+
- @pnpm/lockfile.types@1.0.2
|
|
1463
|
+
- @pnpm/lockfile.utils@1.0.2
|
|
1464
|
+
- @pnpm/core-loggers@10.0.6
|
|
1465
|
+
- @pnpm/dependency-path@5.1.5
|
|
1466
|
+
- @pnpm/manifest-utils@6.0.7
|
|
1467
|
+
- @pnpm/read-package-json@9.0.7
|
|
1468
|
+
- @pnpm/npm-resolver@21.0.4
|
|
1469
|
+
- @pnpm/resolver-base@13.0.3
|
|
1470
|
+
- @pnpm/store-controller-types@18.1.5
|
|
1471
|
+
- @pnpm/pick-fetcher@3.0.0
|
|
1472
|
+
|
|
1473
|
+
## 36.0.0
|
|
1474
|
+
|
|
1475
|
+
### Major Changes
|
|
1476
|
+
|
|
1477
|
+
- 2393a49: **Minor breaking change.** This change might result in resolving your peer dependencies slightly differently but we don't expect it to introduce issues.
|
|
1478
|
+
|
|
1479
|
+
We had to optimize how we resolve peer dependencies in order to fix some [infinite loops and out-of-memory errors during peer dependencies resolution](https://github.com/pnpm/pnpm/issues/8370).
|
|
1480
|
+
|
|
1481
|
+
When a peer dependency is a prod dependency somewhere in the dependency graph (with the same version), pnpm will resolve the peers of that peer dependency in the same way across the subgraph.
|
|
1482
|
+
|
|
1483
|
+
For example, we have `react-dom` in the peer deps of the `form` and `button` packages. `card` has `react-dom` and `react` as regular dependencies and `card` is a dependency of `form`.
|
|
1484
|
+
|
|
1485
|
+
These are the direct dependencies of our example project:
|
|
1486
|
+
|
|
1487
|
+
```
|
|
1488
|
+
form
|
|
1489
|
+
react@16
|
|
1490
|
+
react-dom@16
|
|
1491
|
+
```
|
|
1492
|
+
|
|
1493
|
+
These are the dependencies of card:
|
|
1494
|
+
|
|
1495
|
+
```
|
|
1496
|
+
button
|
|
1497
|
+
react@17
|
|
1498
|
+
react-dom@16
|
|
1499
|
+
```
|
|
1500
|
+
|
|
1501
|
+
When resolving peers, pnpm will not re-resolve `react-dom` for `card`, even though `card` shadows `react@16` from the root with `react@17`. So, all 3 packages (`form`, `card`, and `button`) will use `react-dom@16`, which in turn uses `react@16`. `form` will use `react@16`, while `card` and `button` will use `react@17`.
|
|
1502
|
+
|
|
1503
|
+
Before this optimization `react-dom@16` was duplicated for the `card`, so that `card` and `button` would use a `react-dom@16` instance that uses `react@17`.
|
|
1504
|
+
|
|
1505
|
+
Before the change:
|
|
1506
|
+
|
|
1507
|
+
```
|
|
1508
|
+
form
|
|
1509
|
+
-> react-dom@16(react@16)
|
|
1510
|
+
-> react@16
|
|
1511
|
+
card
|
|
1512
|
+
-> react-dom@16(react@17)
|
|
1513
|
+
-> react@17
|
|
1514
|
+
button
|
|
1515
|
+
-> react-dom@16(react@17)
|
|
1516
|
+
-> react@17
|
|
1517
|
+
```
|
|
1518
|
+
|
|
1519
|
+
After the change
|
|
1520
|
+
|
|
1521
|
+
```
|
|
1522
|
+
form
|
|
1523
|
+
-> react-dom@16(react@16)
|
|
1524
|
+
-> react@16
|
|
1525
|
+
card
|
|
1526
|
+
-> react-dom@16(react@16)
|
|
1527
|
+
-> react@17
|
|
1528
|
+
button
|
|
1529
|
+
-> react-dom@16(react@16)
|
|
1530
|
+
-> react@17
|
|
1531
|
+
```
|
|
1532
|
+
|
|
1533
|
+
## 35.0.0
|
|
1534
|
+
|
|
1535
|
+
### Major Changes
|
|
1536
|
+
|
|
1537
|
+
- cb006df: Add ability to apply patch to all versions:
|
|
1538
|
+
If the key of `pnpm.patchedDependencies` is a package name without a version (e.g. `pkg`), pnpm will attempt to apply the patch to all versions of
|
|
1539
|
+
the package, failure will be skipped.
|
|
1540
|
+
If it is a package name and an exact version (e.g. `pkg@x.y.z`), pnpm will attempt to apply the patch to that exact version only, failure will
|
|
1541
|
+
cause pnpm to fail.
|
|
1542
|
+
|
|
1543
|
+
If there's only one version of `pkg` installed, `pnpm patch pkg` and subsequent `pnpm patch-commit $edit_dir` will create an entry named `pkg` in
|
|
1544
|
+
`pnpm.patchedDependencies`. And pnpm will attempt to apply this patch to other versions of `pkg` in the future.
|
|
1545
|
+
|
|
1546
|
+
If there's multiple versions of `pkg` installed, `pnpm patch pkg` will ask which version to edit and whether to attempt to apply the patch to all.
|
|
1547
|
+
If the user chooses to apply the patch to all, `pnpm patch-commit $edit_dir` would create a `pkg` entry in `pnpm.patchedDependencies`.
|
|
1548
|
+
If the user chooses not to apply the patch to all, `pnpm patch-commit $edit_dir` would create a `pkg@x.y.z` entry in `pnpm.patchedDependencies` with
|
|
1549
|
+
`x.y.z` being the version the user chose to edit.
|
|
1550
|
+
|
|
1551
|
+
If the user runs `pnpm patch pkg@x.y.z` with `x.y.z` being the exact version of `pkg` that has been installed, `pnpm patch-commit $edit_dir` will always
|
|
1552
|
+
create a `pkg@x.y.z` entry in `pnpm.patchedDependencies`.
|
|
1553
|
+
|
|
1554
|
+
### Patch Changes
|
|
1555
|
+
|
|
1556
|
+
- Updated dependencies [cb006df]
|
|
1557
|
+
- @pnpm/lockfile.types@1.0.1
|
|
1558
|
+
- @pnpm/patching.config@1.0.0
|
|
1559
|
+
- @pnpm/patching.types@1.0.0
|
|
1560
|
+
- @pnpm/types@12.0.0
|
|
1561
|
+
- @pnpm/lockfile.pruner@0.0.2
|
|
1562
|
+
- @pnpm/lockfile.utils@1.0.1
|
|
1563
|
+
- @pnpm/pick-registry-for-package@6.0.5
|
|
1564
|
+
- @pnpm/lockfile.preferred-versions@1.0.10
|
|
1565
|
+
- @pnpm/core-loggers@10.0.5
|
|
1566
|
+
- @pnpm/dependency-path@5.1.4
|
|
1567
|
+
- @pnpm/manifest-utils@6.0.6
|
|
1568
|
+
- @pnpm/read-package-json@9.0.6
|
|
1569
|
+
- @pnpm/npm-resolver@21.0.3
|
|
1570
|
+
- @pnpm/resolver-base@13.0.2
|
|
1571
|
+
- @pnpm/store-controller-types@18.1.4
|
|
1572
|
+
- @pnpm/pick-fetcher@3.0.0
|
|
1573
|
+
|
|
1574
|
+
## 34.0.3
|
|
1575
|
+
|
|
1576
|
+
### Patch Changes
|
|
1577
|
+
|
|
1578
|
+
- 9682129: Peer dependencies of optional peer dependencies should be automatically installed [#8323](https://github.com/pnpm/pnpm/issues/8323).
|
|
1579
|
+
- Updated dependencies [c5ef9b0]
|
|
1580
|
+
- Updated dependencies [daa45df]
|
|
1581
|
+
- Updated dependencies [797ef0f]
|
|
1582
|
+
- @pnpm/lockfile.utils@1.0.0
|
|
1583
|
+
- @pnpm/lockfile.pruner@0.0.1
|
|
1584
|
+
- @pnpm/lockfile.types@1.0.0
|
|
1585
|
+
- @pnpm/lockfile.preferred-versions@1.0.9
|
|
1586
|
+
- @pnpm/npm-resolver@21.0.2
|
|
1587
|
+
|
|
1588
|
+
## 34.0.2
|
|
1589
|
+
|
|
1590
|
+
### Patch Changes
|
|
1591
|
+
|
|
1592
|
+
- Updated dependencies [0ef168b]
|
|
1593
|
+
- @pnpm/types@11.1.0
|
|
1594
|
+
- @pnpm/pick-registry-for-package@6.0.4
|
|
1595
|
+
- @pnpm/lockfile-types@7.1.3
|
|
1596
|
+
- @pnpm/lockfile-utils@11.0.4
|
|
1597
|
+
- @pnpm/lockfile.preferred-versions@1.0.8
|
|
1598
|
+
- @pnpm/prune-lockfile@6.1.4
|
|
1599
|
+
- @pnpm/core-loggers@10.0.4
|
|
1600
|
+
- @pnpm/dependency-path@5.1.3
|
|
1601
|
+
- @pnpm/manifest-utils@6.0.5
|
|
1602
|
+
- @pnpm/read-package-json@9.0.5
|
|
1603
|
+
- @pnpm/npm-resolver@21.0.2
|
|
1604
|
+
- @pnpm/resolver-base@13.0.1
|
|
1605
|
+
- @pnpm/store-controller-types@18.1.3
|
|
1606
|
+
- @pnpm/pick-fetcher@3.0.0
|
|
1607
|
+
|
|
1608
|
+
## 34.0.1
|
|
1609
|
+
|
|
1610
|
+
### Patch Changes
|
|
1611
|
+
|
|
1612
|
+
- afe520d: Update rename-overwrite to v6.
|
|
1613
|
+
- Updated dependencies [afe520d]
|
|
1614
|
+
- @pnpm/npm-resolver@21.0.1
|
|
1615
|
+
|
|
1616
|
+
## 34.0.0
|
|
1617
|
+
|
|
1618
|
+
### Major Changes
|
|
1619
|
+
|
|
1620
|
+
- dd00eeb: Renamed dir to rootDir in the Project object.
|
|
1621
|
+
|
|
1622
|
+
### Patch Changes
|
|
1623
|
+
|
|
1624
|
+
- 9bf9f71: When encountering an external dependency using the `catalog:` protocol, a clearer error will be shown. Previously a confusing `ERR_PNPM_SPEC_NOT_SUPPORTED_BY_ANY_RESOLVER` error was thrown. The new error message will explain that the author of the dependency needs to run `pnpm publish` to replace the catalog protocol.
|
|
1625
|
+
- Updated dependencies [dd00eeb]
|
|
1626
|
+
- Updated dependencies
|
|
1627
|
+
- @pnpm/resolver-base@13.0.0
|
|
1628
|
+
- @pnpm/npm-resolver@21.0.0
|
|
1629
|
+
- @pnpm/types@11.0.0
|
|
1630
|
+
- @pnpm/pick-fetcher@3.0.0
|
|
1631
|
+
- @pnpm/lockfile-utils@11.0.3
|
|
1632
|
+
- @pnpm/lockfile.preferred-versions@1.0.7
|
|
1633
|
+
- @pnpm/store-controller-types@18.1.2
|
|
1634
|
+
- @pnpm/pick-registry-for-package@6.0.3
|
|
1635
|
+
- @pnpm/lockfile-types@7.1.2
|
|
1636
|
+
- @pnpm/prune-lockfile@6.1.3
|
|
1637
|
+
- @pnpm/core-loggers@10.0.3
|
|
1638
|
+
- @pnpm/dependency-path@5.1.2
|
|
1639
|
+
- @pnpm/manifest-utils@6.0.4
|
|
1640
|
+
- @pnpm/read-package-json@9.0.4
|
|
1641
|
+
|
|
1642
|
+
## 33.1.1
|
|
1643
|
+
|
|
1644
|
+
### Patch Changes
|
|
1645
|
+
|
|
1646
|
+
- Updated dependencies [13e55b2]
|
|
1647
|
+
- @pnpm/types@10.1.1
|
|
1648
|
+
- @pnpm/pick-registry-for-package@6.0.2
|
|
1649
|
+
- @pnpm/lockfile-types@7.1.1
|
|
1650
|
+
- @pnpm/lockfile-utils@11.0.2
|
|
1651
|
+
- @pnpm/lockfile.preferred-versions@1.0.6
|
|
1652
|
+
- @pnpm/prune-lockfile@6.1.2
|
|
1653
|
+
- @pnpm/core-loggers@10.0.2
|
|
1654
|
+
- @pnpm/dependency-path@5.1.1
|
|
1655
|
+
- @pnpm/manifest-utils@6.0.3
|
|
1656
|
+
- @pnpm/read-package-json@9.0.3
|
|
1657
|
+
- @pnpm/npm-resolver@20.0.1
|
|
1658
|
+
- @pnpm/resolver-base@12.0.2
|
|
1659
|
+
- @pnpm/store-controller-types@18.1.1
|
|
1660
|
+
- @pnpm/pick-fetcher@3.0.0
|
|
1661
|
+
|
|
1662
|
+
## 33.1.0
|
|
1663
|
+
|
|
1664
|
+
### Minor Changes
|
|
1665
|
+
|
|
1666
|
+
- 47341e5: **Semi-breaking.** Dependency key names in the lockfile are shortened if they are longer than 1000 characters. We don't expect this change to affect many users. Affected users most probably can't run install successfully at the moment. This change is required to fix some edge cases in which installation fails with an out-of-memory error or "Invalid string length (RangeError: Invalid string length)" error. The max allowed length of the dependency key can be controlled with the `peers-suffix-max-length` setting [#8177](https://github.com/pnpm/pnpm/pull/8177).
|
|
1667
|
+
|
|
1668
|
+
### Patch Changes
|
|
1669
|
+
|
|
1670
|
+
- Updated dependencies [47341e5]
|
|
1671
|
+
- @pnpm/dependency-path@5.1.0
|
|
1672
|
+
- @pnpm/lockfile-types@7.1.0
|
|
1673
|
+
- @pnpm/lockfile-utils@11.0.1
|
|
1674
|
+
- @pnpm/prune-lockfile@6.1.1
|
|
1675
|
+
- @pnpm/lockfile.preferred-versions@1.0.5
|
|
1676
|
+
- @pnpm/npm-resolver@20.0.0
|
|
1677
|
+
|
|
1678
|
+
## 33.0.4
|
|
1679
|
+
|
|
1680
|
+
### Patch Changes
|
|
1681
|
+
|
|
1682
|
+
- 74c1057: Improved the performance of the resolution stage by changing how missing peer dependencies are detected [#8144](https://github.com/pnpm/pnpm/pull/8144).
|
|
1683
|
+
|
|
1684
|
+
## 33.0.3
|
|
1685
|
+
|
|
1686
|
+
### Patch Changes
|
|
1687
|
+
|
|
1688
|
+
- 4b65113: Temporary fix. Don't hoist peer dependencies, when peers deduplication is on.
|
|
1689
|
+
|
|
1690
|
+
## 33.0.2
|
|
1691
|
+
|
|
1692
|
+
### Patch Changes
|
|
1693
|
+
|
|
1694
|
+
- 81d90c9: Reduce memory usage during peer dependency resolution by using numbers for Node IDs.
|
|
1695
|
+
- 27c33f0: Fix a bug in which a dependency that is both optional for one package but non-optional for another is omitted when `optional=false` [#8066](https://github.com/pnpm/pnpm/issues/8066).
|
|
1696
|
+
- Updated dependencies [27c33f0]
|
|
1697
|
+
- @pnpm/prune-lockfile@6.1.0
|
|
1698
|
+
|
|
1699
|
+
## 33.0.1
|
|
1700
|
+
|
|
1701
|
+
### Patch Changes
|
|
1702
|
+
|
|
1703
|
+
- Updated dependencies [0c08e1c]
|
|
1704
|
+
- Updated dependencies [0c08e1c]
|
|
1705
|
+
- @pnpm/npm-resolver@20.0.0
|
|
1706
|
+
- @pnpm/store-controller-types@18.1.0
|
|
1707
|
+
|
|
1708
|
+
## 33.0.0
|
|
1709
|
+
|
|
1710
|
+
### Major Changes
|
|
1711
|
+
|
|
1712
|
+
- Breaking changes to the API.
|
|
1713
|
+
|
|
1714
|
+
### Patch Changes
|
|
1715
|
+
|
|
1716
|
+
- ef73c19: Decrease memory consumption [#8084](https://github.com/pnpm/pnpm/pull/8084).
|
|
1717
|
+
- 471ee65: Reduce memory usage by peer dependencies resolution [#8072](https://github.com/pnpm/pnpm/issues/8072).
|
|
1718
|
+
- Updated dependencies [45f4262]
|
|
1719
|
+
- Updated dependencies
|
|
1720
|
+
- @pnpm/types@10.1.0
|
|
1721
|
+
- @pnpm/lockfile-types@7.0.0
|
|
1722
|
+
- @pnpm/lockfile-utils@11.0.0
|
|
1723
|
+
- @pnpm/dependency-path@5.0.0
|
|
1724
|
+
- @pnpm/pick-registry-for-package@6.0.1
|
|
1725
|
+
- @pnpm/lockfile.preferred-versions@1.0.4
|
|
1726
|
+
- @pnpm/prune-lockfile@6.0.2
|
|
1727
|
+
- @pnpm/core-loggers@10.0.1
|
|
1728
|
+
- @pnpm/manifest-utils@6.0.2
|
|
1729
|
+
- @pnpm/read-package-json@9.0.2
|
|
1730
|
+
- @pnpm/npm-resolver@19.0.4
|
|
1731
|
+
- @pnpm/resolver-base@12.0.1
|
|
1732
|
+
- @pnpm/store-controller-types@18.0.1
|
|
1733
|
+
- @pnpm/pick-fetcher@3.0.0
|
|
1734
|
+
|
|
1735
|
+
## 32.1.3
|
|
1736
|
+
|
|
1737
|
+
### Patch Changes
|
|
1738
|
+
|
|
1739
|
+
- Updated dependencies [a7aef51]
|
|
1740
|
+
- @pnpm/error@6.0.1
|
|
1741
|
+
- @pnpm/manifest-utils@6.0.1
|
|
1742
|
+
- @pnpm/read-package-json@9.0.1
|
|
1743
|
+
- @pnpm/npm-resolver@19.0.3
|
|
1744
|
+
- @pnpm/lockfile.preferred-versions@1.0.3
|
|
1745
|
+
|
|
1746
|
+
## 32.1.2
|
|
1747
|
+
|
|
1748
|
+
### Patch Changes
|
|
1749
|
+
|
|
1750
|
+
- 2cb67d7: Improve the performance of the peers resolution stage by utilizing more cache [#8058](https://github.com/pnpm/pnpm/pull/8058).
|
|
1751
|
+
- Updated dependencies [43b6bb7]
|
|
1752
|
+
- @pnpm/npm-resolver@19.0.2
|
|
1753
|
+
|
|
1754
|
+
## 32.1.1
|
|
1755
|
+
|
|
1756
|
+
### Patch Changes
|
|
1757
|
+
|
|
1758
|
+
- 7a0536e: Fix `Cannot read properties of undefined (reading 'missingPeersOfChildren')` exception that happens on install [#8041](https://github.com/pnpm/pnpm/issues/8041).
|
|
1759
|
+
- cb0f459: `pnpm update` should not fail when there's an aliased local workspace dependency [#7975](https://github.com/pnpm/pnpm/issues/7975).
|
|
1760
|
+
- Updated dependencies [cb0f459]
|
|
1761
|
+
- Updated dependencies [7a0536e]
|
|
1762
|
+
- Updated dependencies [cb0f459]
|
|
1763
|
+
- @pnpm/workspace.spec-parser@1.0.0
|
|
1764
|
+
- @pnpm/lockfile-utils@10.1.1
|
|
1765
|
+
- @pnpm/npm-resolver@19.0.1
|
|
1766
|
+
- @pnpm/lockfile.preferred-versions@1.0.2
|
|
1767
|
+
|
|
1768
|
+
## 32.1.0
|
|
1769
|
+
|
|
1770
|
+
### Minor Changes
|
|
1771
|
+
|
|
1772
|
+
- 9719a42: New setting called `virtual-store-dir-max-length` added to modify the maximum allowed length of the directories inside `node_modules/.pnpm`. The default length is set to 120 characters. This setting is particularly useful on Windows, where there is a limit to the maximum length of a file path [#7355](https://github.com/pnpm/pnpm/issues/7355).
|
|
1773
|
+
|
|
1774
|
+
### Patch Changes
|
|
1775
|
+
|
|
1776
|
+
- 1a6f7fb: A dependency is hoisted to resolve an optional peer dependency only if it satisfies the range provided for the optional peer dependency [#8028](https://github.com/pnpm/pnpm/pull/8028).
|
|
1777
|
+
- Updated dependencies [9719a42]
|
|
1778
|
+
- @pnpm/dependency-path@4.0.0
|
|
1779
|
+
- @pnpm/lockfile-utils@10.1.0
|
|
1780
|
+
- @pnpm/prune-lockfile@6.0.1
|
|
1781
|
+
- @pnpm/lockfile.preferred-versions@1.0.1
|
|
1782
|
+
- @pnpm/npm-resolver@19.0.0
|
|
1783
|
+
|
|
1784
|
+
## 32.0.4
|
|
1785
|
+
|
|
1786
|
+
### Patch Changes
|
|
1787
|
+
|
|
1788
|
+
- abaf12e: Resolve peer dependencies correctly, when they have prerelease versions [#7977](https://github.com/pnpm/pnpm/issues/7977).
|
|
1789
|
+
- e9530a8: Fix aliased dependencies resolution on repeat install with existing lockfile, when the aliased dependency doesn't specify a version or range [#7957](https://github.com/pnpm/pnpm/issues/7957).
|
|
1790
|
+
|
|
1791
|
+
## 32.0.3
|
|
1792
|
+
|
|
1793
|
+
### Patch Changes
|
|
1794
|
+
|
|
1795
|
+
- eb19475: Fix aliased dependencies resolution on repeat install with existing lockfile [#7957](https://github.com/pnpm/pnpm/issues/7957).
|
|
1796
|
+
|
|
1797
|
+
## 32.0.2
|
|
1798
|
+
|
|
1799
|
+
### Patch Changes
|
|
1800
|
+
|
|
1801
|
+
- b3961cb: Fixed an issue where optional dependencies were not linked into the dependent's node_modules [#7943](https://github.com/pnpm/pnpm/issues/7943).
|
|
1802
|
+
|
|
1803
|
+
## 32.0.1
|
|
1804
|
+
|
|
1805
|
+
### Patch Changes
|
|
1806
|
+
|
|
1807
|
+
- 253d50c: Optional peer dependencies should be resolved as optional dependencies [#7918](https://github.com/pnpm/pnpm/pull/7918).
|
|
1808
|
+
|
|
1809
|
+
## 32.0.0
|
|
1810
|
+
|
|
1811
|
+
### Major Changes
|
|
1812
|
+
|
|
1813
|
+
- cdd8365: Package ID does not contain the registry domain.
|
|
1814
|
+
- 43cdd87: Node.js v16 support dropped. Use at least Node.js v18.12.
|
|
1815
|
+
- 98a1266: Peer dependencies of peer dependencies are now resolved correctly. When peer dependencies have peer dependencies of their own, the peer dependencies are grouped with their own peer dependencies before being linked to their dependents.
|
|
1816
|
+
|
|
1817
|
+
For instance, if `card` has `react` in peer dependencies and `react` has `typescript` in its peer dependencies, then the same version of `react` may be linked from different places if there are multiple versions of `typescript`. For instance:
|
|
1818
|
+
|
|
1819
|
+
```
|
|
1820
|
+
project1/package.json
|
|
1821
|
+
{
|
|
1822
|
+
"dependencies": {
|
|
1823
|
+
"card": "1.0.0",
|
|
1824
|
+
"react": "16.8.0",
|
|
1825
|
+
"typescript": "7.0.0"
|
|
1826
|
+
}
|
|
1827
|
+
}
|
|
1828
|
+
project2/package.json
|
|
1829
|
+
{
|
|
1830
|
+
"dependencies": {
|
|
1831
|
+
"card": "1.0.0",
|
|
1832
|
+
"react": "16.8.0",
|
|
1833
|
+
"typescript": "8.0.0"
|
|
1834
|
+
}
|
|
1835
|
+
}
|
|
1836
|
+
node_modules
|
|
1837
|
+
.pnpm
|
|
1838
|
+
card@1.0.0(react@16.8.0(typescript@7.0.0))
|
|
1839
|
+
node_modules
|
|
1840
|
+
card
|
|
1841
|
+
react --> ../../react@16.8.0(typescript@7.0.0)/node_modules/react
|
|
1842
|
+
react@16.8.0(typescript@7.0.0)
|
|
1843
|
+
node_modules
|
|
1844
|
+
react
|
|
1845
|
+
typescript --> ../../typescript@7.0.0/node_modules/typescript
|
|
1846
|
+
typescript@7.0.0
|
|
1847
|
+
node_modules
|
|
1848
|
+
typescript
|
|
1849
|
+
card@1.0.0(react@16.8.0(typescript@8.0.0))
|
|
1850
|
+
node_modules
|
|
1851
|
+
card
|
|
1852
|
+
react --> ../../react@16.8.0(typescript@8.0.0)/node_modules/react
|
|
1853
|
+
react@16.8.0(typescript@8.0.0)
|
|
1854
|
+
node_modules
|
|
1855
|
+
react
|
|
1856
|
+
typescript --> ../../typescript@8.0.0/node_modules/typescript
|
|
1857
|
+
typescript@8.0.0
|
|
1858
|
+
node_modules
|
|
1859
|
+
typescript
|
|
1860
|
+
```
|
|
1861
|
+
|
|
1862
|
+
In the above example, both projects have `card` in dependencies but the projects use different versions of `typescript`. Hence, even though the same version of `card` is used, `card` in `project1` will reference `react` from a directory where it is placed with `typescript@7.0.0` (because it resolves `typescript` from the dependencies of `project1`), while `card` in `project2` will reference `react` with `typescript@8.0.0`.
|
|
1863
|
+
|
|
1864
|
+
Related issue: [#7444](https://github.com/pnpm/pnpm/issues/7444).
|
|
1865
|
+
Related PR: [#7606](https://github.com/pnpm/pnpm/pull/7606).
|
|
1866
|
+
|
|
1867
|
+
### Minor Changes
|
|
1868
|
+
|
|
1869
|
+
- 7733f3a: Added support for registry-scoped SSL configurations (cert, key, and ca). Three new settings supported: `<registryURL>:certfile`, `<registryURL>:keyfile`, and `<registryURL>:ca`. For instance:
|
|
1870
|
+
|
|
1871
|
+
```
|
|
1872
|
+
//registry.mycomp.com/:certfile=server-cert.pem
|
|
1873
|
+
//registry.mycomp.com/:keyfile=server-key.pem
|
|
1874
|
+
//registry.mycomp.com/:cafile=client-cert.pem
|
|
1875
|
+
```
|
|
1876
|
+
|
|
1877
|
+
Related issue: [#7427](https://github.com/pnpm/pnpm/issues/7427).
|
|
1878
|
+
Related PR: [#7626](https://github.com/pnpm/pnpm/pull/7626).
|
|
1879
|
+
|
|
1880
|
+
- 086b69c: The checksum of the `.pnpmfile.cjs` is saved into the lockfile. If the pnpmfile gets modified, the lockfile is reanalyzed to apply the changes [#7662](https://github.com/pnpm/pnpm/pull/7662).
|
|
1881
|
+
- 9f8948c: Add a new option autoInstallPeersFromHighestMatch that makes pnpm install the highest version satisfying one of the peer dependencies even if the peer dependency ranges don't overlap.
|
|
1882
|
+
- 730929e: Add a field named `ignoredOptionalDependencies`. This is an array of strings. If an optional dependency has its name included in this array, it will be skipped.
|
|
1883
|
+
|
|
1884
|
+
### Patch Changes
|
|
1885
|
+
|
|
1886
|
+
- 977060f: Properly resolve peer dependencies of peer dependencies [#7444](https://github.com/pnpm/pnpm/issues/7444).
|
|
1887
|
+
- f5eadba: Revert [#7583](https://github.com/pnpm/pnpm/pull/7583).
|
|
1888
|
+
- 7edb917: Deleting a dependencies field via a `readPackage` hook should work [#7704](https://github.com/pnpm/pnpm/pull/7704).
|
|
1889
|
+
- 732430a: `bundledDependencies` should never be added to the lockfile with `false` as the value [#7576](https://github.com/pnpm/pnpm/issues/7576).
|
|
1890
|
+
- 22c7acc: Link globally the command of a package that has no name in `package.json` [#4761](https://github.com/pnpm/pnpm/issues/4761).
|
|
1891
|
+
- Updated dependencies [7733f3a]
|
|
1892
|
+
- Updated dependencies [3ded840]
|
|
1893
|
+
- Updated dependencies [cdd8365]
|
|
1894
|
+
- Updated dependencies [c692f80]
|
|
1895
|
+
- Updated dependencies [89b396b]
|
|
1896
|
+
- Updated dependencies [43cdd87]
|
|
1897
|
+
- Updated dependencies [086b69c]
|
|
1898
|
+
- Updated dependencies [d381a60]
|
|
1899
|
+
- Updated dependencies [27a96a8]
|
|
1900
|
+
- Updated dependencies [b13d2dc]
|
|
1901
|
+
- Updated dependencies [730929e]
|
|
1902
|
+
- Updated dependencies [8eddd21]
|
|
1903
|
+
- Updated dependencies [98a1266]
|
|
1904
|
+
- @pnpm/types@10.0.0
|
|
1905
|
+
- @pnpm/error@6.0.0
|
|
1906
|
+
- @pnpm/dependency-path@3.0.0
|
|
1907
|
+
- @pnpm/lockfile-utils@10.0.0
|
|
1908
|
+
- @pnpm/npm-resolver@19.0.0
|
|
1909
|
+
- @pnpm/constants@8.0.0
|
|
1910
|
+
- @pnpm/pick-registry-for-package@6.0.0
|
|
1911
|
+
- @pnpm/which-version-is-pinned@6.0.0
|
|
1912
|
+
- @pnpm/read-package-json@9.0.0
|
|
1913
|
+
- @pnpm/store-controller-types@18.0.0
|
|
1914
|
+
- @pnpm/manifest-utils@6.0.0
|
|
1915
|
+
- @pnpm/lockfile-types@6.0.0
|
|
1916
|
+
- @pnpm/prune-lockfile@6.0.0
|
|
1917
|
+
- @pnpm/resolver-base@12.0.0
|
|
1918
|
+
- @pnpm/pick-fetcher@3.0.0
|
|
1919
|
+
- @pnpm/core-loggers@10.0.0
|
|
1920
|
+
- @pnpm/lockfile.preferred-versions@1.0.0
|
|
1921
|
+
|
|
1922
|
+
## 31.4.0
|
|
1923
|
+
|
|
1924
|
+
### Minor Changes
|
|
1925
|
+
|
|
1926
|
+
- 31054a63e: Running `pnpm update -r --latest` will no longer downgrade prerelease dependencies [#7436](https://github.com/pnpm/pnpm/issues/7436).
|
|
1927
|
+
|
|
1928
|
+
### Patch Changes
|
|
1929
|
+
|
|
1930
|
+
- Updated dependencies [31054a63e]
|
|
1931
|
+
- @pnpm/store-controller-types@17.2.0
|
|
1932
|
+
- @pnpm/resolver-base@11.1.0
|
|
1933
|
+
- @pnpm/npm-resolver@18.1.0
|
|
1934
|
+
- @pnpm/pick-fetcher@2.0.1
|
|
1935
|
+
- @pnpm/lockfile-utils@9.0.5
|
|
1936
|
+
|
|
1937
|
+
## 31.3.1
|
|
1938
|
+
|
|
1939
|
+
### Patch Changes
|
|
1940
|
+
|
|
1941
|
+
- 33313d2fd: Update rename-overwrite to v5.
|
|
1942
|
+
- 4d34684f1: Added support for boolean values in 'bundleDependencies' package.json fields when installing a dependency. Fix to properly handle 'bundledDependencies' alias [#7411](https://github.com/pnpm/pnpm/issues/7411).
|
|
1943
|
+
- Updated dependencies [33313d2fd]
|
|
1944
|
+
- Updated dependencies [4d34684f1]
|
|
1945
|
+
- @pnpm/npm-resolver@18.0.2
|
|
1946
|
+
- @pnpm/lockfile-types@5.1.5
|
|
1947
|
+
- @pnpm/types@9.4.2
|
|
1948
|
+
- @pnpm/lockfile-utils@9.0.4
|
|
1949
|
+
- @pnpm/prune-lockfile@5.0.9
|
|
1950
|
+
- @pnpm/pick-registry-for-package@5.0.6
|
|
1951
|
+
- @pnpm/core-loggers@9.0.6
|
|
1952
|
+
- @pnpm/dependency-path@2.1.7
|
|
1953
|
+
- @pnpm/manifest-utils@5.0.7
|
|
1954
|
+
- @pnpm/read-package-json@8.0.7
|
|
1955
|
+
- @pnpm/resolver-base@11.0.2
|
|
1956
|
+
- @pnpm/store-controller-types@17.1.4
|
|
1957
|
+
- @pnpm/pick-fetcher@2.0.1
|
|
1958
|
+
|
|
1959
|
+
## 31.3.0
|
|
1960
|
+
|
|
1961
|
+
### Minor Changes
|
|
1962
|
+
|
|
1963
|
+
- 672c559e4: A new setting added for symlinking [injected dependencies](https://pnpm.io/package_json#dependenciesmetainjected) from the workspace, if their dependencies use the same peer dependencies as the dependent package. The setting is called `dedupe-injected-deps` [#7416](https://github.com/pnpm/pnpm/pull/7416).
|
|
1964
|
+
|
|
1965
|
+
### Patch Changes
|
|
1966
|
+
|
|
1967
|
+
- Added support for boolean values in 'bundleDependencies' package.json fields when installing a dependency. Fix to properly handle 'bundledDependencies' alias [#7411](https://github.com/pnpm/pnpm/issues/7411).
|
|
1968
|
+
- Updated dependencies
|
|
1969
|
+
- @pnpm/lockfile-types@5.1.4
|
|
1970
|
+
- @pnpm/types@9.4.1
|
|
1971
|
+
- @pnpm/lockfile-utils@9.0.3
|
|
1972
|
+
- @pnpm/prune-lockfile@5.0.8
|
|
1973
|
+
- @pnpm/pick-registry-for-package@5.0.5
|
|
1974
|
+
- @pnpm/core-loggers@9.0.5
|
|
1975
|
+
- @pnpm/dependency-path@2.1.6
|
|
1976
|
+
- @pnpm/manifest-utils@5.0.6
|
|
1977
|
+
- @pnpm/read-package-json@8.0.6
|
|
1978
|
+
- @pnpm/npm-resolver@18.0.1
|
|
1979
|
+
- @pnpm/resolver-base@11.0.1
|
|
1980
|
+
- @pnpm/store-controller-types@17.1.3
|
|
1981
|
+
- @pnpm/pick-fetcher@2.0.1
|
|
1982
|
+
|
|
1983
|
+
## 31.2.7
|
|
1984
|
+
|
|
1985
|
+
### Patch Changes
|
|
1986
|
+
|
|
1987
|
+
- d5a176af7: Fix a bug where `--fix-lockfile` crashes on tarballs [#7368](https://github.com/pnpm/pnpm/issues/7368).
|
|
1988
|
+
- Updated dependencies [d5a176af7]
|
|
1989
|
+
- @pnpm/lockfile-utils@9.0.2
|
|
1990
|
+
|
|
1991
|
+
## 31.2.6
|
|
1992
|
+
|
|
1993
|
+
### Patch Changes
|
|
1994
|
+
|
|
1995
|
+
- 5462cb6d4: Fix dependencies deduplication.
|
|
1996
|
+
|
|
1997
|
+
## 31.2.5
|
|
1998
|
+
|
|
1999
|
+
### Patch Changes
|
|
2000
|
+
|
|
2001
|
+
- 6558d1865: When `dedupe-direct-deps` is set to `true`, commands of dependencies should be deduplicated [#7359](https://github.com/pnpm/pnpm/pull/7359).
|
|
2002
|
+
|
|
2003
|
+
## 31.2.4
|
|
2004
|
+
|
|
2005
|
+
### Patch Changes
|
|
2006
|
+
|
|
2007
|
+
- Updated dependencies [cd4fcfff0]
|
|
2008
|
+
- @pnpm/npm-resolver@18.0.0
|
|
2009
|
+
|
|
2010
|
+
## 31.2.3
|
|
2011
|
+
|
|
2012
|
+
### Patch Changes
|
|
2013
|
+
|
|
2014
|
+
- Updated dependencies [b4194fe52]
|
|
2015
|
+
- @pnpm/lockfile-utils@9.0.1
|
|
2016
|
+
|
|
2017
|
+
## 31.2.2
|
|
2018
|
+
|
|
2019
|
+
### Patch Changes
|
|
2020
|
+
|
|
2021
|
+
- 4da7b463f: (Important) Increased the default amount of allowed concurrent network request on systems that have more than 16 CPUs [#7285](https://github.com/pnpm/pnpm/pull/7285).
|
|
2022
|
+
- Updated dependencies [291607c5a]
|
|
2023
|
+
- @pnpm/store-controller-types@17.1.2
|
|
2024
|
+
- @pnpm/npm-resolver@17.0.0
|
|
2025
|
+
|
|
2026
|
+
## 31.2.1
|
|
2027
|
+
|
|
2028
|
+
### Patch Changes
|
|
2029
|
+
|
|
2030
|
+
- 7ea45afbe: If a package's tarball cannot be fetched, print the dependency chain that leads to the failed package [#7265](https://github.com/pnpm/pnpm/pull/7265).
|
|
2031
|
+
- Updated dependencies [4c2450208]
|
|
2032
|
+
- Updated dependencies [7ea45afbe]
|
|
2033
|
+
- Updated dependencies [cfc017ee3]
|
|
2034
|
+
- @pnpm/lockfile-utils@9.0.0
|
|
2035
|
+
- @pnpm/resolver-base@11.0.0
|
|
2036
|
+
- @pnpm/npm-resolver@17.0.0
|
|
2037
|
+
- @pnpm/store-controller-types@17.1.1
|
|
2038
|
+
- @pnpm/exec.files-include-install-scripts@1.0.0
|
|
2039
|
+
- @pnpm/pick-fetcher@2.0.1
|
|
2040
|
+
|
|
2041
|
+
## 31.2.0
|
|
2042
|
+
|
|
2043
|
+
### Minor Changes
|
|
2044
|
+
|
|
2045
|
+
- 43ce9e4a6: Support for multiple architectures when installing dependencies [#5965](https://github.com/pnpm/pnpm/issues/5965).
|
|
2046
|
+
|
|
2047
|
+
You can now specify architectures for which you'd like to install optional dependencies, even if they don't match the architecture of the system running the install. Use the `supportedArchitectures` field in `package.json` to define your preferences.
|
|
2048
|
+
|
|
2049
|
+
For example, the following configuration tells pnpm to install optional dependencies for Windows x64:
|
|
2050
|
+
|
|
2051
|
+
```json
|
|
2052
|
+
{
|
|
2053
|
+
"pnpm": {
|
|
2054
|
+
"supportedArchitectures": {
|
|
2055
|
+
"os": ["win32"],
|
|
2056
|
+
"cpu": ["x64"]
|
|
2057
|
+
}
|
|
2058
|
+
}
|
|
2059
|
+
}
|
|
2060
|
+
```
|
|
2061
|
+
|
|
2062
|
+
Whereas this configuration will have pnpm install optional dependencies for Windows, macOS, and the architecture of the system currently running the install. It includes artifacts for both x64 and arm64 CPUs:
|
|
2063
|
+
|
|
2064
|
+
```json
|
|
2065
|
+
{
|
|
2066
|
+
"pnpm": {
|
|
2067
|
+
"supportedArchitectures": {
|
|
2068
|
+
"os": ["win32", "darwin", "current"],
|
|
2069
|
+
"cpu": ["x64", "arm64"]
|
|
2070
|
+
}
|
|
2071
|
+
}
|
|
2072
|
+
}
|
|
2073
|
+
```
|
|
2074
|
+
|
|
2075
|
+
Additionally, `supportedArchitectures` also supports specifying the `libc` of the system.
|
|
2076
|
+
|
|
2077
|
+
### Patch Changes
|
|
2078
|
+
|
|
2079
|
+
- Updated dependencies [43ce9e4a6]
|
|
2080
|
+
- @pnpm/store-controller-types@17.1.0
|
|
2081
|
+
- @pnpm/types@9.4.0
|
|
2082
|
+
- @pnpm/pick-registry-for-package@5.0.4
|
|
2083
|
+
- @pnpm/lockfile-types@5.1.3
|
|
2084
|
+
- @pnpm/lockfile-utils@8.0.7
|
|
2085
|
+
- @pnpm/prune-lockfile@5.0.7
|
|
2086
|
+
- @pnpm/core-loggers@9.0.4
|
|
2087
|
+
- @pnpm/dependency-path@2.1.5
|
|
2088
|
+
- @pnpm/manifest-utils@5.0.5
|
|
2089
|
+
- @pnpm/read-package-json@8.0.5
|
|
2090
|
+
- @pnpm/npm-resolver@16.0.13
|
|
2091
|
+
- @pnpm/resolver-base@10.0.4
|
|
2092
|
+
- @pnpm/pick-fetcher@2.0.1
|
|
2093
|
+
|
|
2094
|
+
## 31.1.21
|
|
2095
|
+
|
|
2096
|
+
### Patch Changes
|
|
2097
|
+
|
|
2098
|
+
- Updated dependencies [01bc58e2c]
|
|
2099
|
+
- Updated dependencies [ff55119a8]
|
|
2100
|
+
- @pnpm/npm-resolver@16.0.12
|
|
2101
|
+
|
|
2102
|
+
## 31.1.20
|
|
2103
|
+
|
|
2104
|
+
### Patch Changes
|
|
2105
|
+
|
|
2106
|
+
- Updated dependencies [d774a3196]
|
|
2107
|
+
- @pnpm/types@9.3.0
|
|
2108
|
+
- @pnpm/pick-registry-for-package@5.0.3
|
|
2109
|
+
- @pnpm/lockfile-types@5.1.2
|
|
2110
|
+
- @pnpm/lockfile-utils@8.0.6
|
|
2111
|
+
- @pnpm/prune-lockfile@5.0.6
|
|
2112
|
+
- @pnpm/core-loggers@9.0.3
|
|
2113
|
+
- @pnpm/dependency-path@2.1.4
|
|
2114
|
+
- @pnpm/manifest-utils@5.0.4
|
|
2115
|
+
- @pnpm/read-package-json@8.0.4
|
|
2116
|
+
- @pnpm/npm-resolver@16.0.11
|
|
2117
|
+
- @pnpm/resolver-base@10.0.3
|
|
2118
|
+
- @pnpm/store-controller-types@17.0.1
|
|
2119
|
+
- @pnpm/pick-fetcher@2.0.1
|
|
2120
|
+
|
|
2121
|
+
## 31.1.19
|
|
2122
|
+
|
|
2123
|
+
### Patch Changes
|
|
2124
|
+
|
|
2125
|
+
- b0afd7833: Optimize peers resolution to avoid out-of-memory exceptions in some rare cases, when there are too many circular dependencies and peer dependencies [#7149](https://github.com/pnpm/pnpm/pull/7149).
|
|
2126
|
+
|
|
2127
|
+
## 31.1.18
|
|
2128
|
+
|
|
2129
|
+
### Patch Changes
|
|
2130
|
+
|
|
2131
|
+
- f394cfccd: Don't update git-hosted dependencies when adding an unrelated dependency [#7008](https://github.com/pnpm/pnpm/issues/7008).
|
|
2132
|
+
- Updated dependencies [f394cfccd]
|
|
2133
|
+
- @pnpm/lockfile-utils@8.0.5
|
|
2134
|
+
- @pnpm/pick-fetcher@2.0.1
|
|
2135
|
+
|
|
2136
|
+
## 31.1.17
|
|
2137
|
+
|
|
2138
|
+
### Patch Changes
|
|
2139
|
+
|
|
2140
|
+
- Updated dependencies [9caa33d53]
|
|
2141
|
+
- Updated dependencies [9caa33d53]
|
|
2142
|
+
- @pnpm/store-controller-types@17.0.0
|
|
2143
|
+
- @pnpm/npm-resolver@16.0.10
|
|
2144
|
+
|
|
2145
|
+
## 31.1.16
|
|
2146
|
+
|
|
2147
|
+
### Patch Changes
|
|
2148
|
+
|
|
2149
|
+
- Updated dependencies [03cdccc6e]
|
|
2150
|
+
- @pnpm/store-controller-types@16.1.0
|
|
2151
|
+
- @pnpm/npm-resolver@16.0.9
|
|
2152
|
+
|
|
2153
|
+
## 31.1.15
|
|
2154
|
+
|
|
2155
|
+
### Patch Changes
|
|
2156
|
+
|
|
2157
|
+
- @pnpm/store-controller-types@16.0.1
|
|
2158
|
+
- @pnpm/npm-resolver@16.0.9
|
|
2159
|
+
|
|
2160
|
+
## 31.1.14
|
|
2161
|
+
|
|
2162
|
+
### Patch Changes
|
|
2163
|
+
|
|
2164
|
+
- 77e24d341: Dedupe deps with the same alias in direct dependencies [6966](https://github.com/pnpm/pnpm/issues/6966)
|
|
2165
|
+
- Updated dependencies [41c2b65cf]
|
|
2166
|
+
- Updated dependencies [494f87544]
|
|
2167
|
+
- Updated dependencies [e9aa6f682]
|
|
2168
|
+
- @pnpm/npm-resolver@16.0.9
|
|
2169
|
+
- @pnpm/store-controller-types@16.0.0
|
|
2170
|
+
- @pnpm/lockfile-utils@8.0.4
|
|
2171
|
+
|
|
2172
|
+
## 31.1.13
|
|
2173
|
+
|
|
2174
|
+
### Patch Changes
|
|
2175
|
+
|
|
2176
|
+
- a13a0e8f5: Installation succeeds if a non-optional dependency of an optional dependency has failing installation scripts [#6822](https://github.com/pnpm/pnpm/issues/6822).
|
|
2177
|
+
- @pnpm/npm-resolver@16.0.8
|
|
2178
|
+
|
|
2179
|
+
## 31.1.12
|
|
2180
|
+
|
|
2181
|
+
### Patch Changes
|
|
2182
|
+
|
|
2183
|
+
- Updated dependencies [aa2ae8fe2]
|
|
2184
|
+
- Updated dependencies [e958707b2]
|
|
2185
|
+
- @pnpm/types@9.2.0
|
|
2186
|
+
- @pnpm/npm-resolver@16.0.8
|
|
2187
|
+
- @pnpm/pick-registry-for-package@5.0.2
|
|
2188
|
+
- @pnpm/lockfile-types@5.1.1
|
|
2189
|
+
- @pnpm/lockfile-utils@8.0.3
|
|
2190
|
+
- @pnpm/prune-lockfile@5.0.5
|
|
2191
|
+
- @pnpm/core-loggers@9.0.2
|
|
2192
|
+
- @pnpm/dependency-path@2.1.3
|
|
2193
|
+
- @pnpm/manifest-utils@5.0.3
|
|
2194
|
+
- @pnpm/read-package-json@8.0.3
|
|
2195
|
+
- @pnpm/resolver-base@10.0.2
|
|
2196
|
+
- @pnpm/store-controller-types@15.0.2
|
|
2197
|
+
|
|
2198
|
+
## 31.1.11
|
|
2199
|
+
|
|
2200
|
+
### Patch Changes
|
|
2201
|
+
|
|
2202
|
+
- e9684b559: replacing object copying with a prototype chain, avoiding extra memory allocations in resolveDependencies function
|
|
2203
|
+
- 9b5110810: Replacing usages of ramda isEmpty, which happens to be slow and resource intensive
|
|
2204
|
+
- 8a68f5ad2: replacing object copying with a prototype chain, avoiding extra memory allocations in resolvePeersOfNode function
|
|
2205
|
+
- fee263822: Refactor resolve-dependencies to use maps and sets instead of objects
|
|
2206
|
+
- 17e4a3ab1: Replacing object spread with a prototype chain, avoiding extra memory allocations in resolveDependenciesOfImporters.
|
|
2207
|
+
- abdb77f48: Fix edge case where invalid "nodeId" was created. Small optimization.
|
|
2208
|
+
- ba9335601: Prefer versions found in parent package dependencies only [#6737](https://github.com/pnpm/pnpm/issues/6737).
|
|
2209
|
+
- @pnpm/npm-resolver@16.0.7
|
|
2210
|
+
|
|
2211
|
+
## 31.1.10
|
|
2212
|
+
|
|
2213
|
+
### Patch Changes
|
|
2214
|
+
|
|
2215
|
+
- e2c3ef313: In cases where both aliased and non-aliased dependencies exist to the same package, non-aliased dependencies will be used for resolving peer dependencies, addressing issue [#6588](https://github.com/pnpm/pnpm/issues/6588).
|
|
2216
|
+
- df3eb8313: Return bundled manifest for local dependency.
|
|
2217
|
+
|
|
2218
|
+
## 31.1.9
|
|
2219
|
+
|
|
2220
|
+
### Patch Changes
|
|
2221
|
+
|
|
2222
|
+
- 61f22f9ef: Don't add the version of a local directory dependency to the lockfile. This information is not used anywhere by pnpm and is only causing more Git conflicts [#6695](https://github.com/pnpm/pnpm/pull/6695).
|
|
2223
|
+
|
|
2224
|
+
## 31.1.8
|
|
2225
|
+
|
|
2226
|
+
### Patch Changes
|
|
2227
|
+
|
|
2228
|
+
- Updated dependencies [d9da627cd]
|
|
2229
|
+
- Updated dependencies [302ebffc5]
|
|
2230
|
+
- @pnpm/lockfile-utils@8.0.2
|
|
2231
|
+
- @pnpm/constants@7.1.1
|
|
2232
|
+
- @pnpm/prune-lockfile@5.0.4
|
|
2233
|
+
- @pnpm/error@5.0.2
|
|
2234
|
+
- @pnpm/manifest-utils@5.0.2
|
|
2235
|
+
- @pnpm/read-package-json@8.0.2
|
|
2236
|
+
- @pnpm/npm-resolver@16.0.7
|
|
2237
|
+
|
|
2238
|
+
## 31.1.7
|
|
2239
|
+
|
|
2240
|
+
### Patch Changes
|
|
2241
|
+
|
|
2242
|
+
- e83eacdcc: When `dedupe-peer-dependents` is enabled (default), use the path (not id) to
|
|
2243
|
+
determine compatibility.
|
|
2244
|
+
|
|
2245
|
+
When multiple dependency groups can be deduplicated, the
|
|
2246
|
+
latter ones are sorted according to number of peers to allow them to
|
|
2247
|
+
benefit from deduplication.
|
|
2248
|
+
|
|
2249
|
+
Resolves: [#6605](https://github.com/pnpm/pnpm/issues/6605)
|
|
2250
|
+
|
|
2251
|
+
- 4b97f1f07: Don't use await in loops.
|
|
2252
|
+
- d55b41a8b: Dependencies have been updated.
|
|
2253
|
+
- Updated dependencies [d55b41a8b]
|
|
2254
|
+
- @pnpm/npm-resolver@16.0.6
|
|
2255
|
+
|
|
2256
|
+
## 31.1.6
|
|
2257
|
+
|
|
2258
|
+
### Patch Changes
|
|
2259
|
+
|
|
2260
|
+
- Updated dependencies [4fc497882]
|
|
2261
|
+
- Updated dependencies [e6052260c]
|
|
2262
|
+
- Updated dependencies [9c4ae87bd]
|
|
2263
|
+
- Updated dependencies [a9e0b7cbf]
|
|
2264
|
+
- Updated dependencies [a9e0b7cbf]
|
|
2265
|
+
- Updated dependencies [9c4ae87bd]
|
|
2266
|
+
- @pnpm/which-version-is-pinned@5.0.1
|
|
2267
|
+
- @pnpm/npm-resolver@16.0.5
|
|
2268
|
+
- @pnpm/lockfile-types@5.1.0
|
|
2269
|
+
- @pnpm/types@9.1.0
|
|
2270
|
+
- @pnpm/manifest-utils@5.0.1
|
|
2271
|
+
- @pnpm/constants@7.1.0
|
|
2272
|
+
- @pnpm/lockfile-utils@8.0.1
|
|
2273
|
+
- @pnpm/prune-lockfile@5.0.3
|
|
2274
|
+
- @pnpm/pick-registry-for-package@5.0.1
|
|
2275
|
+
- @pnpm/core-loggers@9.0.1
|
|
2276
|
+
- @pnpm/dependency-path@2.1.2
|
|
2277
|
+
- @pnpm/read-package-json@8.0.1
|
|
2278
|
+
- @pnpm/resolver-base@10.0.1
|
|
2279
|
+
- @pnpm/store-controller-types@15.0.1
|
|
2280
|
+
- @pnpm/error@5.0.1
|
|
2281
|
+
|
|
2282
|
+
## 31.1.5
|
|
2283
|
+
|
|
2284
|
+
### Patch Changes
|
|
2285
|
+
|
|
2286
|
+
- ee78f144d: Peers resolution should not fail when a linked in dependency resolves a peer dependency.
|
|
2287
|
+
|
|
2288
|
+
## 31.1.4
|
|
2289
|
+
|
|
2290
|
+
### Patch Changes
|
|
2291
|
+
|
|
2292
|
+
- Updated dependencies [d58cdb962]
|
|
2293
|
+
- @pnpm/lockfile-utils@8.0.0
|
|
2294
|
+
|
|
2295
|
+
## 31.1.3
|
|
2296
|
+
|
|
2297
|
+
### Patch Changes
|
|
2298
|
+
|
|
2299
|
+
- d8c1013a9: Do not include external links in the lockfile, when they are used to resolve peers.
|
|
2300
|
+
|
|
2301
|
+
## 31.1.2
|
|
2302
|
+
|
|
2303
|
+
### Patch Changes
|
|
2304
|
+
|
|
2305
|
+
- Updated dependencies [edb3072a9]
|
|
2306
|
+
- @pnpm/npm-resolver@16.0.4
|
|
2307
|
+
|
|
2308
|
+
## 31.1.1
|
|
2309
|
+
|
|
2310
|
+
### Patch Changes
|
|
2311
|
+
|
|
2312
|
+
- c0760128d: bump semver to 7.4.0
|
|
2313
|
+
- Updated dependencies [c0760128d]
|
|
2314
|
+
- @pnpm/dependency-path@2.1.1
|
|
2315
|
+
- @pnpm/npm-resolver@16.0.3
|
|
2316
|
+
- @pnpm/lockfile-utils@7.0.1
|
|
2317
|
+
- @pnpm/prune-lockfile@5.0.2
|
|
2318
|
+
|
|
2319
|
+
## 31.1.0
|
|
2320
|
+
|
|
2321
|
+
### Minor Changes
|
|
2322
|
+
|
|
2323
|
+
- 72ba638e3: When `excludeLinksFromLockfile` is set to `true`, linked dependencies are not added to the lockfile.
|
|
2324
|
+
|
|
2325
|
+
### Patch Changes
|
|
2326
|
+
|
|
2327
|
+
- e440d784f: Update yarn dependencies.
|
|
2328
|
+
- d52c6d751: Don't print an info message about linked dependencies if they are real linked dependencies specified via the `link:` protocol in `package.json`.
|
|
2329
|
+
- Updated dependencies [72ba638e3]
|
|
2330
|
+
- @pnpm/lockfile-utils@7.0.0
|
|
2331
|
+
|
|
2332
|
+
## 31.0.3
|
|
2333
|
+
|
|
2334
|
+
### Patch Changes
|
|
2335
|
+
|
|
2336
|
+
- Updated dependencies [5087636b6]
|
|
2337
|
+
- Updated dependencies [ef6c22e12]
|
|
2338
|
+
- Updated dependencies [94f94eed6]
|
|
2339
|
+
- @pnpm/dependency-path@2.1.0
|
|
2340
|
+
- @pnpm/npm-resolver@16.0.2
|
|
2341
|
+
- @pnpm/lockfile-utils@6.0.1
|
|
2342
|
+
- @pnpm/prune-lockfile@5.0.1
|
|
2343
|
+
|
|
2344
|
+
## 31.0.2
|
|
2345
|
+
|
|
2346
|
+
### Patch Changes
|
|
2347
|
+
|
|
2348
|
+
- Updated dependencies [642f8c1d0]
|
|
2349
|
+
- @pnpm/npm-resolver@16.0.1
|
|
2350
|
+
|
|
2351
|
+
## 31.0.1
|
|
2352
|
+
|
|
2353
|
+
### Patch Changes
|
|
2354
|
+
|
|
2355
|
+
- 65e3af8a0: Remove the replaceall polyfill from the dependencies.
|
|
2356
|
+
|
|
2357
|
+
## 31.0.0
|
|
2358
|
+
|
|
2359
|
+
### Major Changes
|
|
2360
|
+
|
|
2361
|
+
- 1d105e7fc: Save the whole tarball URL in the lockfile, if it doesn't use the standard format [#6265](https://github.com/pnpm/pnpm/pull/6265).
|
|
2362
|
+
- c92936158: The registry field is removed from the `resolution` object in `pnpm-lock.yaml`.
|
|
2363
|
+
- 158d8cf22: `useLockfileV6` field is deleted. Lockfile v5 cannot be written anymore, only transformed to the new format.
|
|
2364
|
+
- eceaa8b8b: Node.js 14 support dropped.
|
|
2365
|
+
|
|
2366
|
+
### Patch Changes
|
|
2367
|
+
|
|
2368
|
+
- 634d6874b: Peer dependency is not unlinked when adding a new dependency [#6272](https://github.com/pnpm/pnpm/issues/6272).
|
|
2369
|
+
- b4f26e41a: Fix regression introduced in v7.30.1 [#6271](https://github.com/pnpm/pnpm/issues/6271).
|
|
2370
|
+
- cfb6bb3bf: Aliased packages should be used to resolve peer dependencies too [#4301](https://github.com/pnpm/pnpm/issues/4301).
|
|
2371
|
+
- Updated dependencies [c92936158]
|
|
2372
|
+
- Updated dependencies [ca8f51e60]
|
|
2373
|
+
- Updated dependencies [eceaa8b8b]
|
|
2374
|
+
- Updated dependencies [f835994ea]
|
|
2375
|
+
- Updated dependencies [0e26acb0f]
|
|
2376
|
+
- Updated dependencies [9d026b7cb]
|
|
2377
|
+
- @pnpm/lockfile-types@5.0.0
|
|
2378
|
+
- @pnpm/lockfile-utils@6.0.0
|
|
2379
|
+
- @pnpm/dependency-path@2.0.0
|
|
2380
|
+
- @pnpm/pick-registry-for-package@5.0.0
|
|
2381
|
+
- @pnpm/which-version-is-pinned@5.0.0
|
|
2382
|
+
- @pnpm/read-package-json@8.0.0
|
|
2383
|
+
- @pnpm/store-controller-types@15.0.0
|
|
2384
|
+
- @pnpm/manifest-utils@5.0.0
|
|
2385
|
+
- @pnpm/prune-lockfile@5.0.0
|
|
2386
|
+
- @pnpm/resolver-base@10.0.0
|
|
2387
|
+
- @pnpm/npm-resolver@16.0.0
|
|
2388
|
+
- @pnpm/core-loggers@9.0.0
|
|
2389
|
+
- @pnpm/constants@7.0.0
|
|
2390
|
+
- @pnpm/error@5.0.0
|
|
2391
|
+
- @pnpm/types@9.0.0
|
|
2392
|
+
|
|
2393
|
+
## 30.0.2
|
|
2394
|
+
|
|
2395
|
+
### Patch Changes
|
|
2396
|
+
|
|
2397
|
+
- @pnpm/npm-resolver@15.0.9
|
|
2398
|
+
|
|
2399
|
+
## 30.0.1
|
|
2400
|
+
|
|
2401
|
+
### Patch Changes
|
|
2402
|
+
|
|
2403
|
+
- 9d906fc94: Fix the incorrect error block when subproject has been patched [#6183](https://github.com/pnpm/pnpm/issues/6183)
|
|
2404
|
+
|
|
2405
|
+
## 30.0.0
|
|
2406
|
+
|
|
2407
|
+
### Major Changes
|
|
2408
|
+
|
|
2409
|
+
- 670bea844: The update options are passed on per project basis. So the `update` and `updateMatching` options are options of importers/projects.
|
|
2410
|
+
|
|
2411
|
+
## 29.4.0
|
|
2412
|
+
|
|
2413
|
+
### Minor Changes
|
|
2414
|
+
|
|
2415
|
+
- 5c31fa8be: A new setting is now supported: `dedupe-peer-dependents`.
|
|
2416
|
+
|
|
2417
|
+
When this setting is set to `true`, packages with peer dependencies will be deduplicated after peers resolution.
|
|
2418
|
+
|
|
2419
|
+
For instance, let's say we have a workspace with two projects and both of them have `webpack` in their dependencies. `webpack` has `esbuild` in its optional peer dependencies, and one of the projects has `esbuild` in its dependencies. In this case, pnpm will link two instances of `webpack` to the `node_modules/.pnpm` directory: one with `esbuild` and another one without it:
|
|
2420
|
+
|
|
2421
|
+
```
|
|
2422
|
+
node_modules
|
|
2423
|
+
.pnpm
|
|
2424
|
+
webpack@1.0.0_esbuild@1.0.0
|
|
2425
|
+
webpack@1.0.0
|
|
2426
|
+
project1
|
|
2427
|
+
node_modules
|
|
2428
|
+
webpack -> ../../node_modules/.pnpm/webpack@1.0.0/node_modules/webpack
|
|
2429
|
+
project2
|
|
2430
|
+
node_modules
|
|
2431
|
+
webpack -> ../../node_modules/.pnpm/webpack@1.0.0_esbuild@1.0.0/node_modules/webpack
|
|
2432
|
+
esbuild
|
|
2433
|
+
```
|
|
2434
|
+
|
|
2435
|
+
This makes sense because `webpack` is used in two projects, and one of the projects doesn't have `esbuild`, so the two projects cannot share the same instance of `webpack`. However, this is not what most developers expect, especially since in a hoisted `node_modules`, there would only be one instance of `webpack`. Therefore, you may now use the `dedupe-peer-dependents` setting to deduplicate `webpack` when it has no conflicting peer dependencies. In this case, if we set `dedupe-peer-dependents` to `true`, both projects will use the same `webpack` instance, which is the one that has `esbuild` resolved:
|
|
2436
|
+
|
|
2437
|
+
```
|
|
2438
|
+
node_modules
|
|
2439
|
+
.pnpm
|
|
2440
|
+
webpack@1.0.0_esbuild@1.0.0
|
|
2441
|
+
project1
|
|
2442
|
+
node_modules
|
|
2443
|
+
webpack -> ../../node_modules/.pnpm/webpack@1.0.0_esbuild@1.0.0/node_modules/webpack
|
|
2444
|
+
project2
|
|
2445
|
+
node_modules
|
|
2446
|
+
webpack -> ../../node_modules/.pnpm/webpack@1.0.0_esbuild@1.0.0/node_modules/webpack
|
|
2447
|
+
esbuild
|
|
2448
|
+
```
|
|
2449
|
+
|
|
2450
|
+
## 29.3.2
|
|
2451
|
+
|
|
2452
|
+
### Patch Changes
|
|
2453
|
+
|
|
2454
|
+
- 1b2e09ccf: Fix a case of installs not being deterministic and causing lockfile changes between repeat installs. When a dependency only declares `peerDependenciesMeta` and not `peerDependencies`, `dependencies`, or `optionalDependencies`, the dependency's peers were not considered deterministically before.
|
|
2455
|
+
|
|
2456
|
+
## 29.3.1
|
|
2457
|
+
|
|
2458
|
+
### Patch Changes
|
|
2459
|
+
|
|
2460
|
+
- 029143cff: When resolving dependencies, prefer versions that are already used in the root of the project. This is important to minimize the number of packages that will be nested during hoisting [#6054](https://github.com/pnpm/pnpm/pull/6054).
|
|
2461
|
+
- Updated dependencies [029143cff]
|
|
2462
|
+
- Updated dependencies [029143cff]
|
|
2463
|
+
- @pnpm/resolver-base@9.2.0
|
|
2464
|
+
- @pnpm/npm-resolver@15.0.8
|
|
2465
|
+
- @pnpm/lockfile-utils@5.0.7
|
|
2466
|
+
- @pnpm/store-controller-types@14.3.1
|
|
2467
|
+
|
|
2468
|
+
## 29.3.0
|
|
2469
|
+
|
|
2470
|
+
### Minor Changes
|
|
2471
|
+
|
|
2472
|
+
- 59ee53678: A new `resolution-mode` added: `lowest-direct`. With this resolution mode direct dependencies will be resolved to their lowest versions. So if there is `foo@^1.1.0` in the dependencies, then `1.1.0` will be installed, even if the latest version of `foo` is `1.2.0`.
|
|
2473
|
+
|
|
2474
|
+
### Patch Changes
|
|
2475
|
+
|
|
2476
|
+
- Updated dependencies [d89d7a078]
|
|
2477
|
+
- Updated dependencies [74b535f19]
|
|
2478
|
+
- Updated dependencies [65563ae09]
|
|
2479
|
+
- @pnpm/dependency-path@1.1.3
|
|
2480
|
+
- @pnpm/npm-resolver@15.0.7
|
|
2481
|
+
- @pnpm/lockfile-utils@5.0.6
|
|
2482
|
+
- @pnpm/prune-lockfile@4.0.24
|
|
2483
|
+
|
|
2484
|
+
## 29.2.5
|
|
2485
|
+
|
|
2486
|
+
### Patch Changes
|
|
2487
|
+
|
|
2488
|
+
- 6348f5931: The update command should not replace dependency versions specified via dist-tags [#5996](https://github.com/pnpm/pnpm/pull/5996).
|
|
2489
|
+
- Updated dependencies [9247f6781]
|
|
2490
|
+
- @pnpm/dependency-path@1.1.2
|
|
2491
|
+
- @pnpm/lockfile-utils@5.0.5
|
|
2492
|
+
- @pnpm/prune-lockfile@4.0.23
|
|
2493
|
+
|
|
2494
|
+
## 29.2.4
|
|
2495
|
+
|
|
2496
|
+
### Patch Changes
|
|
2497
|
+
|
|
2498
|
+
- 5cfe9e77a: Fix lockfile v6 on projects that use patched dependencies [#5967](https://github.com/pnpm/pnpm/issues/5967).
|
|
2499
|
+
|
|
2500
|
+
## 29.2.3
|
|
2501
|
+
|
|
2502
|
+
### Patch Changes
|
|
2503
|
+
|
|
2504
|
+
- 6c7ac6320: `pnpm install --fix-lockfile` should not fail if the package has no dependencies [#5878](https://github.com/pnpm/pnpm/issues/5878).
|
|
2505
|
+
- @pnpm/npm-resolver@15.0.6
|
|
2506
|
+
|
|
2507
|
+
## 29.2.2
|
|
2508
|
+
|
|
2509
|
+
### Patch Changes
|
|
2510
|
+
|
|
2511
|
+
- Updated dependencies [1e6de89b6]
|
|
2512
|
+
- @pnpm/npm-resolver@15.0.6
|
|
2513
|
+
|
|
2514
|
+
## 29.2.1
|
|
2515
|
+
|
|
2516
|
+
### Patch Changes
|
|
2517
|
+
|
|
2518
|
+
- Updated dependencies [0f6e95872]
|
|
2519
|
+
- @pnpm/dependency-path@1.1.1
|
|
2520
|
+
- @pnpm/lockfile-utils@5.0.4
|
|
2521
|
+
- @pnpm/prune-lockfile@4.0.22
|
|
2522
|
+
|
|
2523
|
+
## 29.2.0
|
|
2524
|
+
|
|
2525
|
+
### Minor Changes
|
|
2526
|
+
|
|
2527
|
+
- c7b05cd9a: When ignoreScripts=true is passed to the fetcher, do not build git-hosted dependencies.
|
|
2528
|
+
- 3ebce5db7: Added support for `pnpm-lock.yaml` format v6. This new format will be the new lockfile format in pnpm v8. To use the new lockfile format, use the `use-lockfile-v6=true` setting in `.npmrc`. Or run `pnpm install --use-lockfile-v6` [#5810](https://github.com/pnpm/pnpm/pull/5810).
|
|
2529
|
+
|
|
2530
|
+
### Patch Changes
|
|
2531
|
+
|
|
2532
|
+
- Updated dependencies [891a8d763]
|
|
2533
|
+
- Updated dependencies [c7b05cd9a]
|
|
2534
|
+
- Updated dependencies [3ebce5db7]
|
|
2535
|
+
- Updated dependencies [3ebce5db7]
|
|
2536
|
+
- @pnpm/store-controller-types@14.3.0
|
|
2537
|
+
- @pnpm/constants@6.2.0
|
|
2538
|
+
- @pnpm/dependency-path@1.1.0
|
|
2539
|
+
- @pnpm/prune-lockfile@4.0.21
|
|
2540
|
+
- @pnpm/error@4.0.1
|
|
2541
|
+
- @pnpm/lockfile-utils@5.0.3
|
|
2542
|
+
- @pnpm/manifest-utils@4.1.4
|
|
2543
|
+
- @pnpm/read-package-json@7.0.5
|
|
2544
|
+
- @pnpm/npm-resolver@15.0.5
|
|
2545
|
+
|
|
2546
|
+
## 29.1.0
|
|
2547
|
+
|
|
2548
|
+
### Minor Changes
|
|
2549
|
+
|
|
2550
|
+
- 1fad508b0: When the `resolve-peers-from-workspace-root` setting is set to `true`, pnpm will use dependencies installed in the root of the workspace to resolve peer dependencies in any of the workspace's projects [#5882](https://github.com/pnpm/pnpm/pull/5882).
|
|
2551
|
+
|
|
2552
|
+
## 29.0.12
|
|
2553
|
+
|
|
2554
|
+
### Patch Changes
|
|
2555
|
+
|
|
2556
|
+
- Updated dependencies [83ba90fb8]
|
|
2557
|
+
- @pnpm/npm-resolver@15.0.4
|
|
2558
|
+
|
|
2559
|
+
## 29.0.11
|
|
2560
|
+
|
|
2561
|
+
### Patch Changes
|
|
2562
|
+
|
|
2563
|
+
- Updated dependencies [b77651d14]
|
|
2564
|
+
- Updated dependencies [2458741fa]
|
|
2565
|
+
- @pnpm/types@8.10.0
|
|
2566
|
+
- @pnpm/store-controller-types@14.2.0
|
|
2567
|
+
- @pnpm/pick-registry-for-package@4.0.3
|
|
2568
|
+
- @pnpm/lockfile-types@4.3.6
|
|
2569
|
+
- @pnpm/lockfile-utils@5.0.2
|
|
2570
|
+
- @pnpm/prune-lockfile@4.0.20
|
|
2571
|
+
- @pnpm/core-loggers@8.0.3
|
|
2572
|
+
- @pnpm/dependency-path@1.0.1
|
|
2573
|
+
- @pnpm/manifest-utils@4.1.3
|
|
2574
|
+
- @pnpm/read-package-json@7.0.4
|
|
2575
|
+
- @pnpm/npm-resolver@15.0.3
|
|
2576
|
+
- @pnpm/resolver-base@9.1.5
|
|
2577
|
+
|
|
2578
|
+
## 29.0.10
|
|
2579
|
+
|
|
2580
|
+
### Patch Changes
|
|
2581
|
+
|
|
2582
|
+
- Updated dependencies [313702d76]
|
|
2583
|
+
- @pnpm/dependency-path@1.0.0
|
|
2584
|
+
- @pnpm/lockfile-utils@5.0.1
|
|
2585
|
+
- @pnpm/prune-lockfile@4.0.19
|
|
2586
|
+
|
|
2587
|
+
## 29.0.9
|
|
2588
|
+
|
|
2589
|
+
### Patch Changes
|
|
2590
|
+
|
|
2591
|
+
- 49f6c917f: `pnpm update` should not replace `workspace:*`, `workspace:~`, and `workspace:^` with `workspace:<version>` [#5764](https://github.com/pnpm/pnpm/pull/5764).
|
|
2592
|
+
|
|
2593
|
+
## 29.0.8
|
|
2594
|
+
|
|
2595
|
+
### Patch Changes
|
|
2596
|
+
|
|
2597
|
+
- a9d59d8bc: Update dependencies.
|
|
2598
|
+
- Updated dependencies [c245edf1b]
|
|
2599
|
+
- Updated dependencies [a9d59d8bc]
|
|
2600
|
+
- Updated dependencies [f3bfa2aae]
|
|
2601
|
+
- @pnpm/manifest-utils@4.1.2
|
|
2602
|
+
- @pnpm/read-package-json@7.0.3
|
|
2603
|
+
- @pnpm/npm-resolver@15.0.2
|
|
2604
|
+
|
|
2605
|
+
## 29.0.7
|
|
2606
|
+
|
|
2607
|
+
### Patch Changes
|
|
2608
|
+
|
|
2609
|
+
- Updated dependencies [ecc8794bb]
|
|
2610
|
+
- Updated dependencies [ecc8794bb]
|
|
2611
|
+
- @pnpm/lockfile-utils@5.0.0
|
|
2612
|
+
|
|
2613
|
+
## 29.0.6
|
|
2614
|
+
|
|
2615
|
+
### Patch Changes
|
|
2616
|
+
|
|
2617
|
+
- 4a4b2ac93: Fix the nodeId in dependenciesTree for linked local packages.
|
|
2618
|
+
|
|
2619
|
+
## 29.0.5
|
|
2620
|
+
|
|
2621
|
+
### Patch Changes
|
|
2622
|
+
|
|
2623
|
+
- Updated dependencies [702e847c1]
|
|
2624
|
+
- @pnpm/types@8.9.0
|
|
2625
|
+
- @pnpm/core-loggers@8.0.2
|
|
2626
|
+
- dependency-path@9.2.8
|
|
2627
|
+
- @pnpm/lockfile-types@4.3.5
|
|
2628
|
+
- @pnpm/lockfile-utils@4.2.8
|
|
2629
|
+
- @pnpm/manifest-utils@4.1.1
|
|
2630
|
+
- @pnpm/npm-resolver@15.0.1
|
|
2631
|
+
- @pnpm/pick-registry-for-package@4.0.2
|
|
2632
|
+
- @pnpm/prune-lockfile@4.0.18
|
|
2633
|
+
- @pnpm/read-package-json@7.0.2
|
|
2634
|
+
- @pnpm/resolver-base@9.1.4
|
|
2635
|
+
- @pnpm/store-controller-types@14.1.5
|
|
2636
|
+
|
|
2637
|
+
## 29.0.4
|
|
2638
|
+
|
|
2639
|
+
### Patch Changes
|
|
2640
|
+
|
|
2641
|
+
- 0da2f0412: Update dependencies.
|
|
2642
|
+
|
|
2643
|
+
## 29.0.3
|
|
2644
|
+
|
|
2645
|
+
### Patch Changes
|
|
2646
|
+
|
|
2647
|
+
- 3c36e7e02: Don't crash on lockfile with no packages field [#5553](https://github.com/pnpm/pnpm/issues/5553).
|
|
2648
|
+
|
|
2649
|
+
## 29.0.2
|
|
2650
|
+
|
|
2651
|
+
### Patch Changes
|
|
2652
|
+
|
|
2653
|
+
- Updated dependencies [804de211e]
|
|
2654
|
+
- @pnpm/npm-resolver@15.0.0
|
|
2655
|
+
|
|
2656
|
+
## 29.0.1
|
|
2657
|
+
|
|
2658
|
+
### Patch Changes
|
|
2659
|
+
|
|
2660
|
+
- Updated dependencies [844e82f3a]
|
|
2661
|
+
- Updated dependencies [844e82f3a]
|
|
2662
|
+
- @pnpm/types@8.8.0
|
|
2663
|
+
- @pnpm/manifest-utils@4.1.0
|
|
2664
|
+
- @pnpm/core-loggers@8.0.1
|
|
2665
|
+
- dependency-path@9.2.7
|
|
2666
|
+
- @pnpm/lockfile-types@4.3.4
|
|
2667
|
+
- @pnpm/lockfile-utils@4.2.7
|
|
2668
|
+
- @pnpm/npm-resolver@14.0.1
|
|
2669
|
+
- @pnpm/pick-registry-for-package@4.0.1
|
|
2670
|
+
- @pnpm/prune-lockfile@4.0.17
|
|
2671
|
+
- @pnpm/read-package-json@7.0.1
|
|
2672
|
+
- @pnpm/resolver-base@9.1.3
|
|
2673
|
+
- @pnpm/store-controller-types@14.1.4
|
|
2674
|
+
|
|
2675
|
+
## 29.0.0
|
|
2676
|
+
|
|
2677
|
+
### Major Changes
|
|
2678
|
+
|
|
2679
|
+
- 043d988fc: Breaking change to the API. Defaul export is not used.
|
|
2680
|
+
- f884689e0: Require `@pnpm/logger` v5.
|
|
2681
|
+
|
|
2682
|
+
### Patch Changes
|
|
2683
|
+
|
|
2684
|
+
- e35988d1f: Update Yarn dependencies.
|
|
2685
|
+
- Updated dependencies [043d988fc]
|
|
2686
|
+
- Updated dependencies [f884689e0]
|
|
2687
|
+
- @pnpm/error@4.0.0
|
|
2688
|
+
- @pnpm/core-loggers@8.0.0
|
|
2689
|
+
- @pnpm/manifest-utils@4.0.0
|
|
2690
|
+
- @pnpm/npm-resolver@14.0.0
|
|
2691
|
+
- @pnpm/pick-registry-for-package@4.0.0
|
|
2692
|
+
- @pnpm/read-package-json@7.0.0
|
|
2693
|
+
- @pnpm/which-version-is-pinned@4.0.0
|
|
2694
|
+
|
|
2695
|
+
## 28.4.5
|
|
2696
|
+
|
|
2697
|
+
### Patch Changes
|
|
2698
|
+
|
|
2699
|
+
- 84f440419: Don't crash when `auto-install-peers` is set to `true` and installation is done on a workspace with that has the same dependencies in multiple projects [#5454](https://github.com/pnpm/pnpm/issues/5454).
|
|
2700
|
+
- Updated dependencies [3ae888c28]
|
|
2701
|
+
- @pnpm/core-loggers@7.1.0
|
|
2702
|
+
- @pnpm/manifest-utils@3.1.6
|
|
2703
|
+
- @pnpm/npm-resolver@13.1.11
|
|
2704
|
+
|
|
2705
|
+
## 28.4.4
|
|
2706
|
+
|
|
2707
|
+
### Patch Changes
|
|
2708
|
+
|
|
2709
|
+
- e8a631bf0: When a direct dependency fails to resolve, print the path to the project directory in the error message.
|
|
2710
|
+
- Updated dependencies [e8a631bf0]
|
|
2711
|
+
- @pnpm/error@3.1.0
|
|
2712
|
+
- @pnpm/manifest-utils@3.1.5
|
|
2713
|
+
- @pnpm/npm-resolver@13.1.10
|
|
2714
|
+
- @pnpm/read-package-json@6.0.11
|
|
2715
|
+
|
|
2716
|
+
## 28.4.3
|
|
2717
|
+
|
|
2718
|
+
### Patch Changes
|
|
2719
|
+
|
|
2720
|
+
- ff331dd95: Don't override the root dependency when auto installing peer dependencies [#5412](https://github.com/pnpm/pnpm/issues/5412).
|
|
2721
|
+
- Updated dependencies [d665f3ff7]
|
|
2722
|
+
- @pnpm/types@8.7.0
|
|
2723
|
+
- @pnpm/core-loggers@7.0.8
|
|
2724
|
+
- dependency-path@9.2.6
|
|
2725
|
+
- @pnpm/lockfile-types@4.3.3
|
|
2726
|
+
- @pnpm/lockfile-utils@4.2.6
|
|
2727
|
+
- @pnpm/manifest-utils@3.1.4
|
|
2728
|
+
- @pnpm/npm-resolver@13.1.9
|
|
2729
|
+
- @pnpm/pick-registry-for-package@3.0.8
|
|
2730
|
+
- @pnpm/prune-lockfile@4.0.16
|
|
2731
|
+
- @pnpm/read-package-json@6.0.10
|
|
2732
|
+
- @pnpm/resolver-base@9.1.2
|
|
2733
|
+
- @pnpm/store-controller-types@14.1.3
|
|
2734
|
+
|
|
2735
|
+
## 28.4.2
|
|
2736
|
+
|
|
2737
|
+
### Patch Changes
|
|
2738
|
+
|
|
2739
|
+
- 77f7cee48: Don't crash when auto-install-peers is true and the project has many complex circular dependencies.
|
|
2740
|
+
|
|
2741
|
+
## 28.4.1
|
|
2742
|
+
|
|
2743
|
+
### Patch Changes
|
|
2744
|
+
|
|
2745
|
+
- a1e834bfc: Deduplicate peer dependencies when automatically installing them [#5373](https://github.com/pnpm/pnpm/issues/5373).
|
|
2746
|
+
|
|
2747
|
+
## 28.4.0
|
|
2748
|
+
|
|
2749
|
+
### Minor Changes
|
|
2750
|
+
|
|
2751
|
+
- 156cc1ef6: A new setting supported in the pnpm section of the `package.json` file: `allowNonAppliedPatches`. When it is set to `true`, non-applied patches will not cause an error, just a warning will be printed. For example:
|
|
2752
|
+
|
|
2753
|
+
```json
|
|
2754
|
+
{
|
|
2755
|
+
"name": "foo",
|
|
2756
|
+
"version": "1.0.0",
|
|
2757
|
+
"pnpm": {
|
|
2758
|
+
"patchedDependencies": {
|
|
2759
|
+
"express@4.18.1": "patches/express@4.18.1.patch"
|
|
2760
|
+
},
|
|
2761
|
+
"allowNonAppliedPatches": true
|
|
2762
|
+
}
|
|
2763
|
+
}
|
|
2764
|
+
```
|
|
2765
|
+
|
|
2766
|
+
### Patch Changes
|
|
2767
|
+
|
|
2768
|
+
- 8cecfcbe3: When the same dependency with missing peers is used in multiple workspace projects, install the missing peers in each workspace project [#4820](https://github.com/pnpm/pnpm/issues/4820).
|
|
2769
|
+
- Updated dependencies [156cc1ef6]
|
|
2770
|
+
- @pnpm/types@8.6.0
|
|
2771
|
+
- @pnpm/core-loggers@7.0.7
|
|
2772
|
+
- dependency-path@9.2.5
|
|
2773
|
+
- @pnpm/lockfile-types@4.3.2
|
|
2774
|
+
- @pnpm/lockfile-utils@4.2.5
|
|
2775
|
+
- @pnpm/manifest-utils@3.1.3
|
|
2776
|
+
- @pnpm/npm-resolver@13.1.8
|
|
2777
|
+
- @pnpm/pick-registry-for-package@3.0.7
|
|
2778
|
+
- @pnpm/prune-lockfile@4.0.15
|
|
2779
|
+
- @pnpm/read-package-json@6.0.9
|
|
2780
|
+
- @pnpm/resolver-base@9.1.1
|
|
2781
|
+
- @pnpm/store-controller-types@14.1.2
|
|
2782
|
+
|
|
2783
|
+
## 28.3.11
|
|
2784
|
+
|
|
2785
|
+
### Patch Changes
|
|
2786
|
+
|
|
2787
|
+
- Updated dependencies [a3ccd27a3]
|
|
2788
|
+
- @pnpm/npm-resolver@13.1.7
|
|
2789
|
+
|
|
2790
|
+
## 28.3.10
|
|
2791
|
+
|
|
2792
|
+
### Patch Changes
|
|
2793
|
+
|
|
2794
|
+
- 2acf38be3: Auto installing a peer dependency in a workspace that also has it as a dev dependency in another project [#5144](https://github.com/pnpm/pnpm/issues/5144).
|
|
2795
|
+
|
|
2796
|
+
## 28.3.9
|
|
2797
|
+
|
|
2798
|
+
### Patch Changes
|
|
2799
|
+
|
|
2800
|
+
- 0373af22e: Always correctly update the "time" field in "pnpm-lock.yaml".
|
|
2801
|
+
- Updated dependencies [d7fc07cc7]
|
|
2802
|
+
- @pnpm/npm-resolver@13.1.6
|
|
2803
|
+
|
|
2804
|
+
## 28.3.8
|
|
2805
|
+
|
|
2806
|
+
### Patch Changes
|
|
2807
|
+
|
|
2808
|
+
- 829b4d924: Don't fail when publishedBy date cannot be calculated.
|
|
2809
|
+
- Updated dependencies [7fac3b446]
|
|
2810
|
+
- @pnpm/npm-resolver@13.1.5
|
|
2811
|
+
|
|
2812
|
+
## 28.3.7
|
|
2813
|
+
|
|
2814
|
+
### Patch Changes
|
|
2815
|
+
|
|
2816
|
+
- 53506c7ae: Don't modify the manifest of the injected workspace project, when it has the same dependency in prod and peer dependencies.
|
|
2817
|
+
- Updated dependencies [53506c7ae]
|
|
2818
|
+
- @pnpm/npm-resolver@13.1.4
|
|
2819
|
+
|
|
2820
|
+
## 28.3.6
|
|
2821
|
+
|
|
2822
|
+
### Patch Changes
|
|
2823
|
+
|
|
2824
|
+
- dbac0ca01: Update @yarnpkg/core.
|
|
2825
|
+
- 9faf0221d: Update Yarn dependencies.
|
|
2826
|
+
- 054b4e062: Replace replace-string with string.prototype.replaceall.
|
|
2827
|
+
- 071aa1842: When the same package is both in "peerDependencies" and in "dependencies", treat this dependency as a peer dependency if it may be resolved from the dependencies of parent packages [#5210](https://github.com/pnpm/pnpm/pull/5210).
|
|
2828
|
+
- Updated dependencies [dbac0ca01]
|
|
2829
|
+
- Updated dependencies [07bc24ad1]
|
|
2830
|
+
- @pnpm/npm-resolver@13.1.3
|
|
2831
|
+
- @pnpm/read-package-json@6.0.8
|
|
2832
|
+
|
|
2833
|
+
## 28.3.5
|
|
2834
|
+
|
|
2835
|
+
### Patch Changes
|
|
2836
|
+
|
|
2837
|
+
- Updated dependencies [32915f0e4]
|
|
2838
|
+
- Updated dependencies [23984abd1]
|
|
2839
|
+
- @pnpm/store-controller-types@14.1.1
|
|
2840
|
+
- @pnpm/resolver-base@9.1.0
|
|
2841
|
+
- @pnpm/lockfile-utils@4.2.4
|
|
2842
|
+
- @pnpm/npm-resolver@13.1.2
|
|
2843
|
+
|
|
2844
|
+
## 28.3.4
|
|
2845
|
+
|
|
2846
|
+
### Patch Changes
|
|
2847
|
+
|
|
2848
|
+
- Updated dependencies [238a165a5]
|
|
2849
|
+
- @pnpm/npm-resolver@13.1.1
|
|
2850
|
+
|
|
2851
|
+
## 28.3.3
|
|
2852
|
+
|
|
2853
|
+
### Patch Changes
|
|
2854
|
+
|
|
2855
|
+
- 0321ca32a: Don't print the same deprecation warning multiple times.
|
|
2856
|
+
- 8103f92bd: Use a patched version of ramda to fix deprecation warnings on Node.js 16. Related issue: https://github.com/ramda/ramda/pull/3270
|
|
2857
|
+
- Updated dependencies [8103f92bd]
|
|
2858
|
+
- Updated dependencies [65c4260de]
|
|
2859
|
+
- @pnpm/lockfile-utils@4.2.3
|
|
2860
|
+
- @pnpm/prune-lockfile@4.0.14
|
|
2861
|
+
- @pnpm/store-controller-types@14.1.0
|
|
2862
|
+
- @pnpm/npm-resolver@13.1.0
|
|
2863
|
+
|
|
2864
|
+
## 28.3.2
|
|
2865
|
+
|
|
2866
|
+
### Patch Changes
|
|
2867
|
+
|
|
2868
|
+
- Updated dependencies [c90798461]
|
|
2869
|
+
- @pnpm/npm-resolver@13.1.0
|
|
2870
|
+
- @pnpm/types@8.5.0
|
|
2871
|
+
- @pnpm/core-loggers@7.0.6
|
|
2872
|
+
- dependency-path@9.2.4
|
|
2873
|
+
- @pnpm/lockfile-types@4.3.1
|
|
2874
|
+
- @pnpm/lockfile-utils@4.2.2
|
|
2875
|
+
- @pnpm/manifest-utils@3.1.2
|
|
2876
|
+
- @pnpm/pick-registry-for-package@3.0.6
|
|
2877
|
+
- @pnpm/prune-lockfile@4.0.13
|
|
2878
|
+
- @pnpm/read-package-json@6.0.7
|
|
2879
|
+
- @pnpm/resolver-base@9.0.6
|
|
2880
|
+
- @pnpm/store-controller-types@14.0.2
|
|
2881
|
+
|
|
2882
|
+
## 28.3.1
|
|
2883
|
+
|
|
2884
|
+
### Patch Changes
|
|
2885
|
+
|
|
2886
|
+
- Updated dependencies [c83f40c10]
|
|
2887
|
+
- @pnpm/lockfile-utils@4.2.1
|
|
2888
|
+
|
|
2889
|
+
## 28.3.0
|
|
2890
|
+
|
|
2891
|
+
### Minor Changes
|
|
2892
|
+
|
|
2893
|
+
- 8dcfbe357: Add `publishDirectory` field to the lockfile and relink the project when it changes.
|
|
2894
|
+
|
|
2895
|
+
### Patch Changes
|
|
2896
|
+
|
|
2897
|
+
- Updated dependencies [8dcfbe357]
|
|
2898
|
+
- @pnpm/lockfile-types@4.3.0
|
|
2899
|
+
- @pnpm/lockfile-utils@4.2.0
|
|
2900
|
+
- @pnpm/prune-lockfile@4.0.12
|
|
2901
|
+
- @pnpm/npm-resolver@13.0.7
|
|
2902
|
+
|
|
2903
|
+
## 28.2.3
|
|
2904
|
+
|
|
2905
|
+
### Patch Changes
|
|
2906
|
+
|
|
2907
|
+
- Updated dependencies [eb2426cf8]
|
|
2908
|
+
- @pnpm/npm-resolver@13.0.7
|
|
2909
|
+
|
|
2910
|
+
## 28.2.2
|
|
2911
|
+
|
|
2912
|
+
### Patch Changes
|
|
2913
|
+
|
|
2914
|
+
- e3f4d131c: When `auto-install-peers` is set to `true`, automatically install direct peer dependencies [#5028](https://github.com/pnpm/pnpm/pull/5067).
|
|
2915
|
+
|
|
2916
|
+
So if your project the next manifest:
|
|
2917
|
+
|
|
2918
|
+
```json
|
|
2919
|
+
{
|
|
2920
|
+
"dependencies": {
|
|
2921
|
+
"lodash": "^4.17.21"
|
|
2922
|
+
},
|
|
2923
|
+
"peerDependencies": {
|
|
2924
|
+
"react": "^18.2.0"
|
|
2925
|
+
}
|
|
2926
|
+
}
|
|
2927
|
+
```
|
|
2928
|
+
|
|
2929
|
+
pnpm will install both lodash and react as a regular dependencies.
|
|
2930
|
+
|
|
2931
|
+
- Updated dependencies [e3f4d131c]
|
|
2932
|
+
- Updated dependencies [e3f4d131c]
|
|
2933
|
+
- @pnpm/manifest-utils@3.1.1
|
|
2934
|
+
- @pnpm/lockfile-utils@4.1.0
|
|
2935
|
+
|
|
2936
|
+
## 28.2.1
|
|
2937
|
+
|
|
2938
|
+
### Patch Changes
|
|
2939
|
+
|
|
2940
|
+
- 406656f80: When `lockfile-include-tarball-url` is set to `true`, every entry in `pnpm-lock.yaml` will contain the full URL to the package's tarball [#5054](https://github.com/pnpm/pnpm/pull/5054).
|
|
2941
|
+
- @pnpm/npm-resolver@13.0.6
|
|
2942
|
+
|
|
2943
|
+
## 28.2.0
|
|
2944
|
+
|
|
2945
|
+
### Minor Changes
|
|
2946
|
+
|
|
2947
|
+
- f5621a42c: A new value `rolling` for option `save-workspace-protocol`. When selected, pnpm will save workspace versions using a rolling alias (e.g. `"foo": "workspace:^"`) instead of pinning the current version number (e.g. `"foo": "workspace:^1.0.0"`). Usage example:
|
|
2948
|
+
|
|
2949
|
+
```
|
|
2950
|
+
pnpm --save-workspace-protocol=rolling add foo
|
|
2951
|
+
```
|
|
2952
|
+
|
|
2953
|
+
### Patch Changes
|
|
2954
|
+
|
|
2955
|
+
- Updated dependencies [f5621a42c]
|
|
2956
|
+
- @pnpm/manifest-utils@3.1.0
|
|
2957
|
+
- @pnpm/which-version-is-pinned@3.0.0
|
|
2958
|
+
- dependency-path@9.2.3
|
|
2959
|
+
- @pnpm/lockfile-utils@4.0.10
|
|
2960
|
+
- @pnpm/prune-lockfile@4.0.11
|
|
2961
|
+
|
|
2962
|
+
## 28.1.4
|
|
2963
|
+
|
|
2964
|
+
### Patch Changes
|
|
2965
|
+
|
|
2966
|
+
- 5e0e7f5db: `pnpm install` in a workspace with patches should not fail when doing partial installation [#4954](https://github.com/pnpm/pnpm/issues/4954).
|
|
2967
|
+
|
|
2968
|
+
## 28.1.3
|
|
2969
|
+
|
|
2970
|
+
### Patch Changes
|
|
2971
|
+
|
|
2972
|
+
- 5f643f23b: Update ramda to v0.28.
|
|
2973
|
+
- Updated dependencies [5f643f23b]
|
|
2974
|
+
- @pnpm/lockfile-utils@4.0.9
|
|
2975
|
+
- @pnpm/prune-lockfile@4.0.10
|
|
2976
|
+
|
|
2977
|
+
## 28.1.2
|
|
2978
|
+
|
|
2979
|
+
### Patch Changes
|
|
2980
|
+
|
|
2981
|
+
- fc581d371: Don't fail when the patched package appears multiple times in the dependency graph [#4938](https://github.com/pnpm/pnpm/issues/4938).
|
|
2982
|
+
- Updated dependencies [fc581d371]
|
|
2983
|
+
- dependency-path@9.2.2
|
|
2984
|
+
- @pnpm/lockfile-utils@4.0.8
|
|
2985
|
+
- @pnpm/prune-lockfile@4.0.9
|
|
2986
|
+
|
|
2987
|
+
## 28.1.1
|
|
2988
|
+
|
|
2989
|
+
### Patch Changes
|
|
2990
|
+
|
|
2991
|
+
- 8e5b77ef6: Update the dependencies when a patch file is modified.
|
|
2992
|
+
- Updated dependencies [d01c32355]
|
|
2993
|
+
- Updated dependencies [8e5b77ef6]
|
|
2994
|
+
- Updated dependencies [8e5b77ef6]
|
|
2995
|
+
- @pnpm/lockfile-types@4.2.0
|
|
2996
|
+
- @pnpm/types@8.4.0
|
|
2997
|
+
- @pnpm/lockfile-utils@4.0.7
|
|
2998
|
+
- @pnpm/prune-lockfile@4.0.8
|
|
2999
|
+
- @pnpm/core-loggers@7.0.5
|
|
3000
|
+
- dependency-path@9.2.1
|
|
3001
|
+
- @pnpm/manifest-utils@3.0.6
|
|
3002
|
+
- @pnpm/npm-resolver@13.0.6
|
|
3003
|
+
- @pnpm/pick-registry-for-package@3.0.5
|
|
3004
|
+
- @pnpm/read-package-json@6.0.6
|
|
3005
|
+
- @pnpm/resolver-base@9.0.5
|
|
3006
|
+
- @pnpm/store-controller-types@14.0.1
|
|
3007
|
+
|
|
3008
|
+
## 28.1.0
|
|
3009
|
+
|
|
3010
|
+
### Minor Changes
|
|
3011
|
+
|
|
3012
|
+
- 2a34b21ce: Dependencies patching is possible via the `pnpm.patchedDependencies` field of the `package.json`.
|
|
3013
|
+
To patch a package, the package name, exact version, and the relative path to the patch file should be specified. For instance:
|
|
3014
|
+
|
|
3015
|
+
```json
|
|
3016
|
+
{
|
|
3017
|
+
"pnpm": {
|
|
3018
|
+
"patchedDependencies": {
|
|
3019
|
+
"eslint@1.0.0": "./patches/eslint@1.0.0.patch"
|
|
3020
|
+
}
|
|
3021
|
+
}
|
|
3022
|
+
}
|
|
3023
|
+
```
|
|
3024
|
+
|
|
3025
|
+
### Patch Changes
|
|
3026
|
+
|
|
3027
|
+
- Updated dependencies [2a34b21ce]
|
|
3028
|
+
- Updated dependencies [c635f9fc1]
|
|
3029
|
+
- Updated dependencies [2a34b21ce]
|
|
3030
|
+
- @pnpm/types@8.3.0
|
|
3031
|
+
- @pnpm/lockfile-types@4.1.0
|
|
3032
|
+
- dependency-path@9.2.0
|
|
3033
|
+
- @pnpm/store-controller-types@14.0.0
|
|
3034
|
+
- @pnpm/core-loggers@7.0.4
|
|
3035
|
+
- @pnpm/lockfile-utils@4.0.6
|
|
3036
|
+
- @pnpm/manifest-utils@3.0.5
|
|
3037
|
+
- @pnpm/npm-resolver@13.0.5
|
|
3038
|
+
- @pnpm/pick-registry-for-package@3.0.4
|
|
3039
|
+
- @pnpm/prune-lockfile@4.0.7
|
|
3040
|
+
- @pnpm/read-package-json@6.0.5
|
|
3041
|
+
- @pnpm/resolver-base@9.0.4
|
|
3042
|
+
|
|
3043
|
+
## 28.0.0
|
|
3044
|
+
|
|
3045
|
+
### Major Changes
|
|
3046
|
+
|
|
3047
|
+
- 0abfe1718: `requiresBuild` is sometimes a function that return a boolean promise.
|
|
3048
|
+
|
|
3049
|
+
### Patch Changes
|
|
3050
|
+
|
|
3051
|
+
- Updated dependencies [fb5bbfd7a]
|
|
3052
|
+
- Updated dependencies [725636a90]
|
|
3053
|
+
- @pnpm/types@8.2.0
|
|
3054
|
+
- dependency-path@9.1.4
|
|
3055
|
+
- @pnpm/core-loggers@7.0.3
|
|
3056
|
+
- @pnpm/lockfile-types@4.0.3
|
|
3057
|
+
- @pnpm/lockfile-utils@4.0.5
|
|
3058
|
+
- @pnpm/manifest-utils@3.0.4
|
|
3059
|
+
- @pnpm/npm-resolver@13.0.4
|
|
3060
|
+
- @pnpm/pick-registry-for-package@3.0.3
|
|
3061
|
+
- @pnpm/prune-lockfile@4.0.6
|
|
3062
|
+
- @pnpm/read-package-json@6.0.4
|
|
3063
|
+
- @pnpm/resolver-base@9.0.3
|
|
3064
|
+
- @pnpm/store-controller-types@13.0.4
|
|
3065
|
+
|
|
3066
|
+
## 27.2.0
|
|
3067
|
+
|
|
3068
|
+
### Minor Changes
|
|
3069
|
+
|
|
3070
|
+
- 4d39e4a0c: A new setting is supported for ignoring specific deprecation messages: `pnpm.allowedDeprecatedVersions`. The setting should be provided in the `pnpm` section of the root `package.json` file. The below example will mute any deprecation warnings about the `request` package and warnings about `express` v1:
|
|
3071
|
+
|
|
3072
|
+
```json
|
|
3073
|
+
{
|
|
3074
|
+
"pnpm": {
|
|
3075
|
+
"allowedDeprecatedVersions": {
|
|
3076
|
+
"request": "*",
|
|
3077
|
+
"express": "1"
|
|
3078
|
+
}
|
|
3079
|
+
}
|
|
3080
|
+
}
|
|
3081
|
+
```
|
|
3082
|
+
|
|
3083
|
+
Related issue: [#4306](https://github.com/pnpm/pnpm/issues/4306)
|
|
3084
|
+
Related PR: [#4864](https://github.com/pnpm/pnpm/pull/4864)
|
|
3085
|
+
|
|
3086
|
+
### Patch Changes
|
|
3087
|
+
|
|
3088
|
+
- 26413c30c: Report only the first occurrence of a deprecated package.
|
|
3089
|
+
- Updated dependencies [4d39e4a0c]
|
|
3090
|
+
- @pnpm/types@8.1.0
|
|
3091
|
+
- @pnpm/core-loggers@7.0.2
|
|
3092
|
+
- dependency-path@9.1.3
|
|
3093
|
+
- @pnpm/lockfile-types@4.0.2
|
|
3094
|
+
- @pnpm/lockfile-utils@4.0.4
|
|
3095
|
+
- @pnpm/manifest-utils@3.0.3
|
|
3096
|
+
- @pnpm/npm-resolver@13.0.3
|
|
3097
|
+
- @pnpm/pick-registry-for-package@3.0.2
|
|
3098
|
+
- @pnpm/prune-lockfile@4.0.5
|
|
3099
|
+
- @pnpm/read-package-json@6.0.3
|
|
3100
|
+
- @pnpm/resolver-base@9.0.2
|
|
3101
|
+
- @pnpm/store-controller-types@13.0.3
|
|
3102
|
+
|
|
3103
|
+
## 27.1.4
|
|
3104
|
+
|
|
3105
|
+
### Patch Changes
|
|
3106
|
+
|
|
3107
|
+
- 9f5352014: When the same package is found several times in the dependency graph, correctly autoinstall its missing peer dependencies at all times [#4820](https://github.com/pnpm/pnpm/issues/4820).
|
|
3108
|
+
|
|
3109
|
+
## 27.1.3
|
|
3110
|
+
|
|
3111
|
+
### Patch Changes
|
|
3112
|
+
|
|
3113
|
+
- 6756c2b02: It should be possible to install a git-hosted package that has no `package.json` file [#4822](https://github.com/pnpm/pnpm/issues/4822).
|
|
3114
|
+
- Updated dependencies [6756c2b02]
|
|
3115
|
+
- @pnpm/store-controller-types@13.0.2
|
|
3116
|
+
- @pnpm/npm-resolver@13.0.2
|
|
3117
|
+
|
|
3118
|
+
## 27.1.2
|
|
3119
|
+
|
|
3120
|
+
### Patch Changes
|
|
3121
|
+
|
|
3122
|
+
- 2b543c774: Correctly detect repeated dependency sequence during resolution.
|
|
3123
|
+
|
|
3124
|
+
## 27.1.1
|
|
3125
|
+
|
|
3126
|
+
### Patch Changes
|
|
3127
|
+
|
|
3128
|
+
- 45238e358: Don't fail on projects with linked dependencies, when `auto-install-peers` is set to `true` [#4796](https://github.com/pnpm/pnpm/issues/4796).
|
|
3129
|
+
|
|
3130
|
+
## 27.1.0
|
|
3131
|
+
|
|
3132
|
+
### Minor Changes
|
|
3133
|
+
|
|
3134
|
+
- 190f0b331: New option added for automatically installing missing peer dependencies: `autoInstallPeers`.
|
|
3135
|
+
|
|
3136
|
+
### Patch Changes
|
|
3137
|
+
|
|
3138
|
+
- Updated dependencies [190f0b331]
|
|
3139
|
+
- @pnpm/prune-lockfile@4.0.4
|
|
3140
|
+
|
|
3141
|
+
## 27.0.4
|
|
3142
|
+
|
|
3143
|
+
### Patch Changes
|
|
3144
|
+
|
|
3145
|
+
- Updated dependencies [c57695550]
|
|
3146
|
+
- dependency-path@9.1.2
|
|
3147
|
+
- @pnpm/lockfile-utils@4.0.3
|
|
3148
|
+
- @pnpm/prune-lockfile@4.0.3
|
|
3149
|
+
|
|
3150
|
+
## 27.0.3
|
|
3151
|
+
|
|
3152
|
+
### Patch Changes
|
|
3153
|
+
|
|
3154
|
+
- 52b0576af: feat: support libc filed
|
|
3155
|
+
|
|
3156
|
+
## 27.0.2
|
|
3157
|
+
|
|
3158
|
+
### Patch Changes
|
|
3159
|
+
|
|
3160
|
+
- Updated dependencies [18ba5e2c0]
|
|
3161
|
+
- @pnpm/types@8.0.1
|
|
3162
|
+
- @pnpm/core-loggers@7.0.1
|
|
3163
|
+
- dependency-path@9.1.1
|
|
3164
|
+
- @pnpm/lockfile-types@4.0.1
|
|
3165
|
+
- @pnpm/lockfile-utils@4.0.2
|
|
3166
|
+
- @pnpm/manifest-utils@3.0.2
|
|
3167
|
+
- @pnpm/npm-resolver@13.0.2
|
|
3168
|
+
- @pnpm/pick-registry-for-package@3.0.1
|
|
3169
|
+
- @pnpm/prune-lockfile@4.0.2
|
|
3170
|
+
- @pnpm/read-package-json@6.0.2
|
|
3171
|
+
- @pnpm/resolver-base@9.0.1
|
|
3172
|
+
- @pnpm/store-controller-types@13.0.1
|
|
3173
|
+
|
|
3174
|
+
## 27.0.1
|
|
3175
|
+
|
|
3176
|
+
### Patch Changes
|
|
3177
|
+
|
|
3178
|
+
- 3345c2cce: It should be possible to use a chain of local file dependencies [#4611](https://github.com/pnpm/pnpm/issues/4611).
|
|
3179
|
+
- 7478cbd05: Installation shouldn't fail when a package from node_modules is moved to the `node_modules/.ignored` subfolder and a package with that name is already present in `node_modules/.ignored'.
|
|
3180
|
+
|
|
3181
|
+
## 27.0.0
|
|
3182
|
+
|
|
3183
|
+
### Major Changes
|
|
3184
|
+
|
|
3185
|
+
- 0a70aedb1: Use a base32 hash instead of a hex to encode too long dependency paths inside `node_modules/.pnpm` [#4552](https://github.com/pnpm/pnpm/pull/4552).
|
|
3186
|
+
- e7bdc2cc2: Dependencies of the root workspace project are not used to resolve peer dependencies of other workspace projects [#4469](https://github.com/pnpm/pnpm/pull/4469).
|
|
3187
|
+
|
|
3188
|
+
### Patch Changes
|
|
3189
|
+
|
|
3190
|
+
- 948a8151e: Fix an error with peer resolutions, which was happening when there was a circular dependency and another dependency that had the name of the circular dependency as a substring.
|
|
3191
|
+
- e531325c3: `dependenciesMeta` should be saved into the lockfile, when it is added to the package manifest by a hook.
|
|
3192
|
+
- aecd4acdd: Linked in dependencies should be considered when resolving peer dependencies [#4541](https://github.com/pnpm/pnpm/pull/4541).
|
|
3193
|
+
- dbe366990: Peer dependency should be correctly resolved from the workspace, when it is declared using a workspace protocol [#4529](https://github.com/pnpm/pnpm/issues/4529).
|
|
3194
|
+
- b716d2d06: Don't update a direct dependency that has the same name as a dependency in the workspace, when adding a new dependency to a workspace project [#4575](https://github.com/pnpm/pnpm/pull/4575).
|
|
3195
|
+
- Updated dependencies [0a70aedb1]
|
|
3196
|
+
- Updated dependencies [688b0eaff]
|
|
3197
|
+
- Updated dependencies [618842b0d]
|
|
3198
|
+
- Updated dependencies [1267e4eff]
|
|
3199
|
+
- dependency-path@9.1.0
|
|
3200
|
+
- @pnpm/lockfile-utils@4.0.1
|
|
3201
|
+
- @pnpm/manifest-utils@3.0.1
|
|
3202
|
+
- @pnpm/constants@6.1.0
|
|
3203
|
+
- @pnpm/prune-lockfile@4.0.1
|
|
3204
|
+
- @pnpm/error@3.0.1
|
|
3205
|
+
- @pnpm/npm-resolver@13.0.1
|
|
3206
|
+
- @pnpm/read-package-json@6.0.1
|
|
3207
|
+
|
|
3208
|
+
## 26.0.0
|
|
3209
|
+
|
|
3210
|
+
### Major Changes
|
|
3211
|
+
|
|
3212
|
+
- 542014839: Node.js 12 is not supported.
|
|
3213
|
+
- 0845a8704: A prerelease version is always added as an exact version to `package.json`. If the `next` version of `foo` is `1.0.0-beta.1` then running `pnpm add foo@next` will add this to `package.json`:
|
|
3214
|
+
|
|
3215
|
+
```json
|
|
3216
|
+
{
|
|
3217
|
+
"dependencies": {
|
|
3218
|
+
"foo": "1.0.0-beta.1"
|
|
3219
|
+
}
|
|
3220
|
+
}
|
|
3221
|
+
```
|
|
3222
|
+
|
|
3223
|
+
### Patch Changes
|
|
3224
|
+
|
|
3225
|
+
- 9b9b13c3a: Update Yarn dependencies.
|
|
3226
|
+
- Updated dependencies [d504dc380]
|
|
3227
|
+
- Updated dependencies [faf830b8f]
|
|
3228
|
+
- Updated dependencies [542014839]
|
|
3229
|
+
- @pnpm/types@8.0.0
|
|
3230
|
+
- dependency-path@9.0.0
|
|
3231
|
+
- @pnpm/constants@6.0.0
|
|
3232
|
+
- @pnpm/core-loggers@7.0.0
|
|
3233
|
+
- @pnpm/error@3.0.0
|
|
3234
|
+
- @pnpm/lockfile-types@4.0.0
|
|
3235
|
+
- @pnpm/lockfile-utils@4.0.0
|
|
3236
|
+
- @pnpm/manifest-utils@3.0.0
|
|
3237
|
+
- @pnpm/npm-resolver@13.0.0
|
|
3238
|
+
- @pnpm/pick-registry-for-package@3.0.0
|
|
3239
|
+
- @pnpm/prune-lockfile@4.0.0
|
|
3240
|
+
- @pnpm/read-package-json@6.0.0
|
|
3241
|
+
- @pnpm/resolver-base@9.0.0
|
|
3242
|
+
- @pnpm/store-controller-types@13.0.0
|
|
3243
|
+
- @pnpm/which-version-is-pinned@2.0.0
|
|
3244
|
+
|
|
3245
|
+
## 25.0.2
|
|
3246
|
+
|
|
3247
|
+
### Patch Changes
|
|
3248
|
+
|
|
3249
|
+
- 4941f31ee: The location of an injected directory dependency should be correctly located, when there is a chain of local dependencies (declared via the `file:` protocol`).
|
|
3250
|
+
|
|
3251
|
+
The next scenario was not working prior to the fix. There are 3 projects in the same folder: foo, bar, qar.
|
|
3252
|
+
|
|
3253
|
+
`foo/package.json`:
|
|
3254
|
+
|
|
3255
|
+
```json
|
|
3256
|
+
{
|
|
3257
|
+
"name": "foo",
|
|
3258
|
+
"dependencies": {
|
|
3259
|
+
"bar": "file:../bar"
|
|
3260
|
+
},
|
|
3261
|
+
"dependenciesMeta": {
|
|
3262
|
+
"bar": {
|
|
3263
|
+
"injected": true
|
|
3264
|
+
}
|
|
3265
|
+
}
|
|
3266
|
+
}
|
|
3267
|
+
```
|
|
3268
|
+
|
|
3269
|
+
`bar/package.json`:
|
|
3270
|
+
|
|
3271
|
+
```json
|
|
3272
|
+
{
|
|
3273
|
+
"name": "bar",
|
|
3274
|
+
"dependencies": {
|
|
3275
|
+
"qar": "file:../qar"
|
|
3276
|
+
},
|
|
3277
|
+
"dependenciesMeta": {
|
|
3278
|
+
"qar": {
|
|
3279
|
+
"injected": true
|
|
3280
|
+
}
|
|
3281
|
+
}
|
|
3282
|
+
}
|
|
3283
|
+
```
|
|
3284
|
+
|
|
3285
|
+
`qar/package.json`:
|
|
3286
|
+
|
|
3287
|
+
```json
|
|
3288
|
+
{
|
|
3289
|
+
"name": "qar"
|
|
3290
|
+
}
|
|
3291
|
+
```
|
|
3292
|
+
|
|
3293
|
+
Related PR: [#4415](https://github.com/pnpm/pnpm/pull/4415).
|
|
3294
|
+
|
|
3295
|
+
## 25.0.1
|
|
3296
|
+
|
|
3297
|
+
### Patch Changes
|
|
3298
|
+
|
|
3299
|
+
- 5c525db13: In order to guarantee that only correct data is written to the store, data from the lockfile should not be written to the store. Only data directly from the package tarball or package metadata.
|
|
3300
|
+
- Updated dependencies [70ba51da9]
|
|
3301
|
+
- Updated dependencies [5c525db13]
|
|
3302
|
+
- @pnpm/error@2.1.0
|
|
3303
|
+
- @pnpm/store-controller-types@12.0.0
|
|
3304
|
+
- @pnpm/manifest-utils@2.1.9
|
|
3305
|
+
- @pnpm/npm-resolver@12.1.8
|
|
3306
|
+
- @pnpm/read-package-json@5.0.12
|
|
3307
|
+
|
|
3308
|
+
## 25.0.0
|
|
3309
|
+
|
|
3310
|
+
### Major Changes
|
|
3311
|
+
|
|
3312
|
+
- b138d048c: Removed the `neverBuiltDependencies` option. In order to ignore scripts of some dependencies, use the new `allowBuild`. `allowBuild` is a function that accepts the package name and returns `true` if the package should be allowed to build.
|
|
3313
|
+
|
|
3314
|
+
### Patch Changes
|
|
3315
|
+
|
|
3316
|
+
- Updated dependencies [b138d048c]
|
|
3317
|
+
- @pnpm/lockfile-types@3.2.0
|
|
3318
|
+
- @pnpm/types@7.10.0
|
|
3319
|
+
- @pnpm/lockfile-utils@3.2.1
|
|
3320
|
+
- @pnpm/prune-lockfile@3.0.15
|
|
3321
|
+
- @pnpm/core-loggers@6.1.4
|
|
3322
|
+
- dependency-path@8.0.11
|
|
3323
|
+
- @pnpm/manifest-utils@2.1.8
|
|
3324
|
+
- @pnpm/npm-resolver@12.1.7
|
|
3325
|
+
- @pnpm/pick-registry-for-package@2.0.11
|
|
3326
|
+
- @pnpm/read-package-json@5.0.11
|
|
3327
|
+
- @pnpm/resolver-base@8.1.6
|
|
3328
|
+
- @pnpm/store-controller-types@11.0.12
|
|
3329
|
+
|
|
3330
|
+
## 24.0.0
|
|
3331
|
+
|
|
3332
|
+
### Major Changes
|
|
3333
|
+
|
|
3334
|
+
- 37d09a68f: Don't skip a dependency that is named the same way as the package, if it has a different version.
|
|
3335
|
+
|
|
3336
|
+
## 23.0.4
|
|
3337
|
+
|
|
3338
|
+
### Patch Changes
|
|
3339
|
+
|
|
3340
|
+
- Updated dependencies [cdc521cfa]
|
|
3341
|
+
- @pnpm/lockfile-utils@3.2.0
|
|
3342
|
+
- @pnpm/npm-resolver@12.1.6
|
|
3343
|
+
|
|
3344
|
+
## 23.0.3
|
|
3345
|
+
|
|
3346
|
+
### Patch Changes
|
|
3347
|
+
|
|
3348
|
+
- Updated dependencies [8a2cad034]
|
|
3349
|
+
- @pnpm/manifest-utils@2.1.7
|
|
3350
|
+
|
|
3351
|
+
## 23.0.2
|
|
3352
|
+
|
|
3353
|
+
### Patch Changes
|
|
3354
|
+
|
|
3355
|
+
- Updated dependencies [26cd01b88]
|
|
3356
|
+
- @pnpm/types@7.9.0
|
|
3357
|
+
- @pnpm/core-loggers@6.1.3
|
|
3358
|
+
- dependency-path@8.0.10
|
|
3359
|
+
- @pnpm/lockfile-types@3.1.5
|
|
3360
|
+
- @pnpm/lockfile-utils@3.1.6
|
|
3361
|
+
- @pnpm/manifest-utils@2.1.6
|
|
3362
|
+
- @pnpm/npm-resolver@12.1.6
|
|
3363
|
+
- @pnpm/pick-registry-for-package@2.0.10
|
|
3364
|
+
- @pnpm/prune-lockfile@3.0.14
|
|
3365
|
+
- @pnpm/read-package-json@5.0.10
|
|
3366
|
+
- @pnpm/resolver-base@8.1.5
|
|
3367
|
+
- @pnpm/store-controller-types@11.0.11
|
|
3368
|
+
|
|
3369
|
+
## 23.0.1
|
|
3370
|
+
|
|
3371
|
+
### Patch Changes
|
|
3372
|
+
|
|
3373
|
+
- cbd2f3e2a: Downgrade and pin Yarn lib versions.
|
|
3374
|
+
|
|
3375
|
+
## 23.0.0
|
|
3376
|
+
|
|
3377
|
+
### Major Changes
|
|
3378
|
+
|
|
3379
|
+
- 8ddcd5116: Don't log fetch statuses of packages. This logging was moved to `@pnpm/package-requester`.
|
|
3380
|
+
|
|
3381
|
+
## 22.1.0
|
|
3382
|
+
|
|
3383
|
+
### Minor Changes
|
|
3384
|
+
|
|
3385
|
+
- b5734a4a7: BadPeerDependencyIssue should contain the path to the package that has the dependency from which the peer dependency is resolved.
|
|
3386
|
+
|
|
3387
|
+
### Patch Changes
|
|
3388
|
+
|
|
3389
|
+
- b390c75a6: Injected subdependencies should be hard linked as well. So if `button` is injected into `card` and `card` is injected into `page`, then both `button` and `card` should be injected into `page`.
|
|
3390
|
+
- Updated dependencies [b5734a4a7]
|
|
3391
|
+
- @pnpm/types@7.8.0
|
|
3392
|
+
- @pnpm/core-loggers@6.1.2
|
|
3393
|
+
- dependency-path@8.0.9
|
|
3394
|
+
- @pnpm/lockfile-types@3.1.4
|
|
3395
|
+
- @pnpm/lockfile-utils@3.1.5
|
|
3396
|
+
- @pnpm/manifest-utils@2.1.5
|
|
3397
|
+
- @pnpm/npm-resolver@12.1.5
|
|
3398
|
+
- @pnpm/pick-registry-for-package@2.0.9
|
|
3399
|
+
- @pnpm/prune-lockfile@3.0.13
|
|
3400
|
+
- @pnpm/read-package-json@5.0.9
|
|
3401
|
+
- @pnpm/resolver-base@8.1.4
|
|
3402
|
+
- @pnpm/store-controller-types@11.0.10
|
|
3403
|
+
|
|
3404
|
+
## 22.0.2
|
|
3405
|
+
|
|
3406
|
+
### Patch Changes
|
|
3407
|
+
|
|
3408
|
+
- 7962c042e: Don't warn about unmet peer dependency when the peer is resolved from a prerelease version.
|
|
3409
|
+
|
|
3410
|
+
For instance, if a project has `react@*` as a peer dependency, then react `16.0.0-rc.0` should not cause a warning.
|
|
3411
|
+
|
|
3412
|
+
## 22.0.1
|
|
3413
|
+
|
|
3414
|
+
### Patch Changes
|
|
3415
|
+
|
|
3416
|
+
- cb1827b9c: If making an intersection of peer dependency ranges does not succeed, install should not crash [#4134](https://github.com/pnpm/pnpm/issues/4134).
|
|
3417
|
+
- Updated dependencies [6493e0c93]
|
|
3418
|
+
- @pnpm/types@7.7.1
|
|
3419
|
+
- @pnpm/core-loggers@6.1.1
|
|
3420
|
+
- dependency-path@8.0.8
|
|
3421
|
+
- @pnpm/lockfile-types@3.1.3
|
|
3422
|
+
- @pnpm/lockfile-utils@3.1.4
|
|
3423
|
+
- @pnpm/manifest-utils@2.1.4
|
|
3424
|
+
- @pnpm/npm-resolver@12.1.4
|
|
3425
|
+
- @pnpm/pick-registry-for-package@2.0.8
|
|
3426
|
+
- @pnpm/prune-lockfile@3.0.12
|
|
3427
|
+
- @pnpm/read-package-json@5.0.8
|
|
3428
|
+
- @pnpm/resolver-base@8.1.3
|
|
3429
|
+
- @pnpm/store-controller-types@11.0.9
|
|
3430
|
+
|
|
3431
|
+
## 22.0.0
|
|
3432
|
+
|
|
3433
|
+
### Major Changes
|
|
3434
|
+
|
|
3435
|
+
- ae32d313e: Breaking changes to the API. New required options added: `defaultUpdateDepth` and `preferredVersions`.
|
|
3436
|
+
|
|
3437
|
+
### Minor Changes
|
|
3438
|
+
|
|
3439
|
+
- 25f0fa9fa: `resolveDependencies()` should return `peerDependenciesIssues`.
|
|
3440
|
+
|
|
3441
|
+
### Patch Changes
|
|
3442
|
+
|
|
3443
|
+
- 5af305f39: Installation should be finished before an error about bad/missing peer dependencies is printed and kills the process.
|
|
3444
|
+
- a626c60fc: When `strict-peer-dependencies` is used, don't fail on the first peer dependency issue. Print all the peer dependency issues and then stop the installation process [#4082](https://github.com/pnpm/pnpm/pull/4082).
|
|
3445
|
+
- Updated dependencies [ae32d313e]
|
|
3446
|
+
- Updated dependencies [ba9b2eba1]
|
|
3447
|
+
- Updated dependencies [ba9b2eba1]
|
|
3448
|
+
- Updated dependencies [81ed15666]
|
|
3449
|
+
- @pnpm/which-version-is-pinned@1.0.0
|
|
3450
|
+
- @pnpm/core-loggers@6.1.0
|
|
3451
|
+
- @pnpm/types@7.7.0
|
|
3452
|
+
- @pnpm/npm-resolver@12.1.3
|
|
3453
|
+
- @pnpm/manifest-utils@2.1.3
|
|
3454
|
+
- dependency-path@8.0.7
|
|
3455
|
+
- @pnpm/lockfile-types@3.1.2
|
|
3456
|
+
- @pnpm/lockfile-utils@3.1.3
|
|
3457
|
+
- @pnpm/pick-registry-for-package@2.0.7
|
|
3458
|
+
- @pnpm/prune-lockfile@3.0.11
|
|
3459
|
+
- @pnpm/read-package-json@5.0.7
|
|
3460
|
+
- @pnpm/resolver-base@8.1.2
|
|
3461
|
+
- @pnpm/store-controller-types@11.0.8
|
|
3462
|
+
|
|
3463
|
+
## 21.2.3
|
|
3464
|
+
|
|
3465
|
+
### Patch Changes
|
|
3466
|
+
|
|
3467
|
+
- 3cf543fc1: Non-standard tarball URL should be correctly calculated when the registry has no traling slash in the configuration file [#4052](https://github.com/pnpm/pnpm/issues/4052). This is a regression caused introduced in v6.23.2 caused by [#4032](https://github.com/pnpm/pnpm/pull/4032).
|
|
3468
|
+
- Updated dependencies [3cf543fc1]
|
|
3469
|
+
- @pnpm/lockfile-utils@3.1.2
|
|
3470
|
+
|
|
3471
|
+
## 21.2.2
|
|
3472
|
+
|
|
3473
|
+
### Patch Changes
|
|
3474
|
+
|
|
3475
|
+
- Updated dependencies [9f61bd81b]
|
|
3476
|
+
- @pnpm/npm-resolver@12.1.2
|
|
3477
|
+
|
|
3478
|
+
## 21.2.1
|
|
3479
|
+
|
|
3480
|
+
### Patch Changes
|
|
3481
|
+
|
|
3482
|
+
- 828e3b9e4: `peerDependencies` ranges should be compared loosely [#3753](https://github.com/pnpm/pnpm/issues/3753).
|
|
3483
|
+
|
|
3484
|
+
## 21.2.0
|
|
3485
|
+
|
|
3486
|
+
### Minor Changes
|
|
3487
|
+
|
|
3488
|
+
- 302ae4f6f: Support async hooks
|
|
3489
|
+
|
|
3490
|
+
### Patch Changes
|
|
3491
|
+
|
|
3492
|
+
- 108bd4a39: Injected directory resolutions should contain the relative path to the directory.
|
|
3493
|
+
- Updated dependencies [302ae4f6f]
|
|
3494
|
+
- Updated dependencies [108bd4a39]
|
|
3495
|
+
- @pnpm/types@7.6.0
|
|
3496
|
+
- @pnpm/npm-resolver@12.1.1
|
|
3497
|
+
- @pnpm/core-loggers@6.0.6
|
|
3498
|
+
- dependency-path@8.0.6
|
|
3499
|
+
- @pnpm/lockfile-types@3.1.1
|
|
3500
|
+
- @pnpm/lockfile-utils@3.1.1
|
|
3501
|
+
- @pnpm/manifest-utils@2.1.2
|
|
3502
|
+
- @pnpm/pick-registry-for-package@2.0.6
|
|
3503
|
+
- @pnpm/prune-lockfile@3.0.10
|
|
3504
|
+
- @pnpm/read-package-json@5.0.6
|
|
3505
|
+
- @pnpm/resolver-base@8.1.1
|
|
3506
|
+
- @pnpm/store-controller-types@11.0.7
|
|
3507
|
+
|
|
3508
|
+
## 21.1.1
|
|
3509
|
+
|
|
3510
|
+
### Patch Changes
|
|
3511
|
+
|
|
3512
|
+
- bc1c2aa62: The `dependenciesMeta` field should be added to all packages that have it in the manifest.
|
|
3513
|
+
|
|
3514
|
+
## 21.1.0
|
|
3515
|
+
|
|
3516
|
+
### Minor Changes
|
|
3517
|
+
|
|
3518
|
+
- 4ab87844a: Added support for "injected" dependencies.
|
|
3519
|
+
|
|
3520
|
+
### Patch Changes
|
|
3521
|
+
|
|
3522
|
+
- Updated dependencies [4ab87844a]
|
|
3523
|
+
- Updated dependencies [4ab87844a]
|
|
3524
|
+
- Updated dependencies [4ab87844a]
|
|
3525
|
+
- Updated dependencies [4ab87844a]
|
|
3526
|
+
- Updated dependencies [4ab87844a]
|
|
3527
|
+
- @pnpm/types@7.5.0
|
|
3528
|
+
- @pnpm/npm-resolver@12.1.0
|
|
3529
|
+
- @pnpm/resolver-base@8.1.0
|
|
3530
|
+
- @pnpm/lockfile-types@3.1.0
|
|
3531
|
+
- @pnpm/lockfile-utils@3.1.0
|
|
3532
|
+
- @pnpm/core-loggers@6.0.5
|
|
3533
|
+
- dependency-path@8.0.5
|
|
3534
|
+
- @pnpm/manifest-utils@2.1.1
|
|
3535
|
+
- @pnpm/pick-registry-for-package@2.0.5
|
|
3536
|
+
- @pnpm/prune-lockfile@3.0.9
|
|
3537
|
+
- @pnpm/read-package-json@5.0.5
|
|
3538
|
+
- @pnpm/store-controller-types@11.0.6
|
|
3539
|
+
|
|
3540
|
+
## 21.0.7
|
|
3541
|
+
|
|
3542
|
+
### Patch Changes
|
|
3543
|
+
|
|
3544
|
+
- Updated dependencies [82caa0b56]
|
|
3545
|
+
- @pnpm/npm-resolver@12.0.5
|
|
3546
|
+
|
|
3547
|
+
## 21.0.6
|
|
3548
|
+
|
|
3549
|
+
### Patch Changes
|
|
3550
|
+
|
|
3551
|
+
- 4b163f69c: Dedupe dependencies when one of the packages is updated or a new one is added.
|
|
3552
|
+
|
|
3553
|
+
## 21.0.5
|
|
3554
|
+
|
|
3555
|
+
### Patch Changes
|
|
3556
|
+
|
|
3557
|
+
- Updated dependencies [553a5d840]
|
|
3558
|
+
- @pnpm/manifest-utils@2.1.0
|
|
3559
|
+
|
|
3560
|
+
## 21.0.4
|
|
3561
|
+
|
|
3562
|
+
### Patch Changes
|
|
3563
|
+
|
|
3564
|
+
- 11a934da1: `requiresBuild` fields should be updated when a full resolution is forced.
|
|
3565
|
+
- @pnpm/npm-resolver@12.0.4
|
|
3566
|
+
|
|
3567
|
+
## 21.0.3
|
|
3568
|
+
|
|
3569
|
+
### Patch Changes
|
|
3570
|
+
|
|
3571
|
+
- Updated dependencies [eadf0e505]
|
|
3572
|
+
- @pnpm/npm-resolver@12.0.3
|
|
3573
|
+
|
|
3574
|
+
## 21.0.2
|
|
3575
|
+
|
|
3576
|
+
### Patch Changes
|
|
3577
|
+
|
|
3578
|
+
- ee589ab9b: Installation should not fail if a non-optional dependency of a skipped dependency is not installable.
|
|
3579
|
+
|
|
3580
|
+
## 21.0.1
|
|
3581
|
+
|
|
3582
|
+
### Patch Changes
|
|
3583
|
+
|
|
3584
|
+
- 31e01d9a9: Fetch a package if it is not installable as optional but also exists as not optional.
|
|
3585
|
+
|
|
3586
|
+
## 21.0.0
|
|
3587
|
+
|
|
3588
|
+
### Major Changes
|
|
3589
|
+
|
|
3590
|
+
- 07e7b1c0c: Optional dependencies are always marked as `requiresBuild` as they are not always fetched and as a result there is no way to check whether they need to be built or not.
|
|
3591
|
+
|
|
3592
|
+
## 20.0.16
|
|
3593
|
+
|
|
3594
|
+
### Patch Changes
|
|
3595
|
+
|
|
3596
|
+
- Updated dependencies [a4fed2798]
|
|
3597
|
+
- @pnpm/npm-resolver@12.0.2
|
|
3598
|
+
|
|
3599
|
+
## 20.0.15
|
|
3600
|
+
|
|
3601
|
+
### Patch Changes
|
|
3602
|
+
|
|
3603
|
+
- 135d53827: Include the path to the project in which the peer dependency is missing.
|
|
3604
|
+
|
|
3605
|
+
## 20.0.14
|
|
3606
|
+
|
|
3607
|
+
### Patch Changes
|
|
3608
|
+
|
|
3609
|
+
- Updated dependencies [b734b45ea]
|
|
3610
|
+
- @pnpm/types@7.4.0
|
|
3611
|
+
- @pnpm/core-loggers@6.0.4
|
|
3612
|
+
- dependency-path@8.0.4
|
|
3613
|
+
- @pnpm/lockfile-utils@3.0.8
|
|
3614
|
+
- @pnpm/manifest-utils@2.0.4
|
|
3615
|
+
- @pnpm/npm-resolver@12.0.1
|
|
3616
|
+
- @pnpm/package-is-installable@5.0.4
|
|
3617
|
+
- @pnpm/pick-registry-for-package@2.0.4
|
|
3618
|
+
- @pnpm/prune-lockfile@3.0.8
|
|
3619
|
+
- @pnpm/read-package-json@5.0.4
|
|
3620
|
+
- @pnpm/resolver-base@8.0.4
|
|
3621
|
+
- @pnpm/store-controller-types@11.0.5
|
|
3622
|
+
|
|
3623
|
+
## 20.0.13
|
|
3624
|
+
|
|
3625
|
+
### Patch Changes
|
|
3626
|
+
|
|
3627
|
+
- Updated dependencies [691f64713]
|
|
3628
|
+
- @pnpm/npm-resolver@12.0.0
|
|
3629
|
+
|
|
3630
|
+
## 20.0.12
|
|
3631
|
+
|
|
3632
|
+
### Patch Changes
|
|
3633
|
+
|
|
3634
|
+
- 389858509: Dependencies from the root workspace package should be used to resolve peer dependencies of any projects in the workspace.
|
|
3635
|
+
|
|
3636
|
+
## 20.0.11
|
|
3637
|
+
|
|
3638
|
+
### Patch Changes
|
|
3639
|
+
|
|
3640
|
+
- Updated dependencies [8e76690f4]
|
|
3641
|
+
- @pnpm/types@7.3.0
|
|
3642
|
+
- @pnpm/core-loggers@6.0.3
|
|
3643
|
+
- dependency-path@8.0.3
|
|
3644
|
+
- @pnpm/lockfile-utils@3.0.7
|
|
3645
|
+
- @pnpm/manifest-utils@2.0.3
|
|
3646
|
+
- @pnpm/npm-resolver@11.1.4
|
|
3647
|
+
- @pnpm/package-is-installable@5.0.3
|
|
3648
|
+
- @pnpm/pick-registry-for-package@2.0.3
|
|
3649
|
+
- @pnpm/prune-lockfile@3.0.7
|
|
3650
|
+
- @pnpm/read-package-json@5.0.3
|
|
3651
|
+
- @pnpm/resolver-base@8.0.3
|
|
3652
|
+
- @pnpm/store-controller-types@11.0.4
|
|
3653
|
+
|
|
3654
|
+
## 20.0.10
|
|
3655
|
+
|
|
3656
|
+
### Patch Changes
|
|
3657
|
+
|
|
3658
|
+
- c1cdc0184: Peer dependencies should get resolved from the workspace root.
|
|
3659
|
+
- 060c73677: Use the real package names of the peer dependencies, when creating the paths in the virtual store.
|
|
3660
|
+
- Updated dependencies [6c418943c]
|
|
3661
|
+
- dependency-path@8.0.2
|
|
3662
|
+
- @pnpm/lockfile-utils@3.0.6
|
|
3663
|
+
- @pnpm/prune-lockfile@3.0.6
|
|
3664
|
+
|
|
3665
|
+
## 20.0.9
|
|
3666
|
+
|
|
3667
|
+
### Patch Changes
|
|
3668
|
+
|
|
3669
|
+
- Updated dependencies [724c5abd8]
|
|
3670
|
+
- @pnpm/types@7.2.0
|
|
3671
|
+
- @pnpm/npm-resolver@11.1.3
|
|
3672
|
+
- @pnpm/core-loggers@6.0.2
|
|
3673
|
+
- dependency-path@8.0.1
|
|
3674
|
+
- @pnpm/lockfile-utils@3.0.5
|
|
3675
|
+
- @pnpm/manifest-utils@2.0.2
|
|
3676
|
+
- @pnpm/package-is-installable@5.0.2
|
|
3677
|
+
- @pnpm/pick-registry-for-package@2.0.2
|
|
3678
|
+
- @pnpm/prune-lockfile@3.0.5
|
|
3679
|
+
- @pnpm/read-package-json@5.0.2
|
|
3680
|
+
- @pnpm/resolver-base@8.0.2
|
|
3681
|
+
- @pnpm/store-controller-types@11.0.3
|
|
3682
|
+
|
|
3683
|
+
## 20.0.8
|
|
3684
|
+
|
|
3685
|
+
### Patch Changes
|
|
3686
|
+
|
|
3687
|
+
- a1a03d145: Import only the required functions from ramda.
|
|
3688
|
+
- Updated dependencies [a1a03d145]
|
|
3689
|
+
- @pnpm/lockfile-utils@3.0.4
|
|
3690
|
+
- @pnpm/prune-lockfile@3.0.4
|
|
3691
|
+
|
|
3692
|
+
## 20.0.7
|
|
3693
|
+
|
|
3694
|
+
### Patch Changes
|
|
3695
|
+
|
|
3696
|
+
- Updated dependencies [20e2f235d]
|
|
3697
|
+
- Updated dependencies [ae36ac7d3]
|
|
3698
|
+
- Updated dependencies [bf322c702]
|
|
3699
|
+
- dependency-path@8.0.0
|
|
3700
|
+
- @pnpm/npm-resolver@11.1.2
|
|
3701
|
+
- @pnpm/lockfile-utils@3.0.3
|
|
3702
|
+
- @pnpm/prune-lockfile@3.0.3
|
|
3703
|
+
|
|
3704
|
+
## 20.0.6
|
|
3705
|
+
|
|
3706
|
+
### Patch Changes
|
|
3707
|
+
|
|
3708
|
+
- @pnpm/npm-resolver@11.1.1
|
|
3709
|
+
|
|
3710
|
+
## 20.0.5
|
|
3711
|
+
|
|
3712
|
+
### Patch Changes
|
|
3713
|
+
|
|
3714
|
+
- @pnpm/store-controller-types@11.0.2
|
|
3715
|
+
|
|
3716
|
+
## 20.0.4
|
|
3717
|
+
|
|
3718
|
+
### Patch Changes
|
|
3719
|
+
|
|
3720
|
+
- 787b69908: Fixing a regression introduced in 20.0.3
|
|
3721
|
+
|
|
3722
|
+
## 20.0.3
|
|
3723
|
+
|
|
3724
|
+
### Patch Changes
|
|
3725
|
+
|
|
3726
|
+
- Updated dependencies [85fb21a83]
|
|
3727
|
+
- Updated dependencies [05baaa6e7]
|
|
3728
|
+
- Updated dependencies [97c64bae4]
|
|
3729
|
+
- @pnpm/npm-resolver@11.1.0
|
|
3730
|
+
- @pnpm/types@7.1.0
|
|
3731
|
+
- @pnpm/core-loggers@6.0.1
|
|
3732
|
+
- dependency-path@7.0.1
|
|
3733
|
+
- @pnpm/lockfile-utils@3.0.2
|
|
3734
|
+
- @pnpm/manifest-utils@2.0.1
|
|
3735
|
+
- @pnpm/package-is-installable@5.0.1
|
|
3736
|
+
- @pnpm/pick-registry-for-package@2.0.1
|
|
3737
|
+
- @pnpm/prune-lockfile@3.0.2
|
|
3738
|
+
- @pnpm/read-package-json@5.0.1
|
|
3739
|
+
- @pnpm/resolver-base@8.0.1
|
|
3740
|
+
- @pnpm/store-controller-types@11.0.1
|
|
3741
|
+
|
|
3742
|
+
## 20.0.2
|
|
3743
|
+
|
|
3744
|
+
### Patch Changes
|
|
3745
|
+
|
|
3746
|
+
- Updated dependencies [6f198457d]
|
|
3747
|
+
- @pnpm/npm-resolver@11.0.1
|
|
3748
|
+
|
|
3749
|
+
## 20.0.1
|
|
3750
|
+
|
|
3751
|
+
### Patch Changes
|
|
3752
|
+
|
|
3753
|
+
- Updated dependencies [9ceab68f0]
|
|
3754
|
+
- dependency-path@7.0.0
|
|
3755
|
+
- @pnpm/lockfile-utils@3.0.1
|
|
3756
|
+
- @pnpm/prune-lockfile@3.0.1
|
|
3757
|
+
|
|
3758
|
+
## 20.0.0
|
|
3759
|
+
|
|
3760
|
+
### Major Changes
|
|
3761
|
+
|
|
3762
|
+
- 97b986fbc: Node.js 10 support is dropped. At least Node.js 12.17 is required for the package to work.
|
|
3763
|
+
|
|
3764
|
+
### Minor Changes
|
|
3765
|
+
|
|
3766
|
+
- 6871d74b2: Add new transitivePeerDependencies field to lockfile.
|
|
3767
|
+
|
|
3768
|
+
### Patch Changes
|
|
3769
|
+
|
|
3770
|
+
- Updated dependencies [6871d74b2]
|
|
3771
|
+
- Updated dependencies [97b986fbc]
|
|
3772
|
+
- Updated dependencies [6871d74b2]
|
|
3773
|
+
- Updated dependencies [90487a3a8]
|
|
3774
|
+
- Updated dependencies [e4efddbd2]
|
|
3775
|
+
- Updated dependencies [f2bb5cbeb]
|
|
3776
|
+
- Updated dependencies [f2bb5cbeb]
|
|
3777
|
+
- Updated dependencies [83645c8ed]
|
|
3778
|
+
- @pnpm/constants@5.0.0
|
|
3779
|
+
- @pnpm/core-loggers@6.0.0
|
|
3780
|
+
- dependency-path@6.0.0
|
|
3781
|
+
- @pnpm/error@2.0.0
|
|
3782
|
+
- @pnpm/lockfile-types@3.0.0
|
|
3783
|
+
- @pnpm/lockfile-utils@3.0.0
|
|
3784
|
+
- @pnpm/manifest-utils@2.0.0
|
|
3785
|
+
- @pnpm/npm-resolver@11.0.0
|
|
3786
|
+
- @pnpm/package-is-installable@5.0.0
|
|
3787
|
+
- @pnpm/pick-registry-for-package@2.0.0
|
|
3788
|
+
- @pnpm/prune-lockfile@3.0.0
|
|
3789
|
+
- @pnpm/read-package-json@5.0.0
|
|
3790
|
+
- @pnpm/resolver-base@8.0.0
|
|
3791
|
+
- @pnpm/store-controller-types@11.0.0
|
|
3792
|
+
- @pnpm/types@7.0.0
|
|
3793
|
+
|
|
3794
|
+
## 19.0.2
|
|
3795
|
+
|
|
3796
|
+
### Patch Changes
|
|
3797
|
+
|
|
3798
|
+
- Updated dependencies [d853fb14a]
|
|
3799
|
+
- @pnpm/read-package-json@4.0.0
|
|
3800
|
+
|
|
3801
|
+
## 19.0.1
|
|
3802
|
+
|
|
3803
|
+
### Patch Changes
|
|
3804
|
+
|
|
3805
|
+
- @pnpm/npm-resolver@10.2.2
|
|
3806
|
+
|
|
3807
|
+
## 19.0.0
|
|
3808
|
+
|
|
3809
|
+
### Major Changes
|
|
3810
|
+
|
|
3811
|
+
- 8d1dfa89c: Breaking changes to the store controller API.
|
|
3812
|
+
|
|
3813
|
+
The options to `requestPackage()` and `fetchPackage()` changed.
|
|
3814
|
+
|
|
3815
|
+
### Patch Changes
|
|
3816
|
+
|
|
3817
|
+
- Updated dependencies [8d1dfa89c]
|
|
3818
|
+
- @pnpm/store-controller-types@10.0.0
|
|
3819
|
+
|
|
3820
|
+
## 18.3.3
|
|
3821
|
+
|
|
3822
|
+
### Patch Changes
|
|
3823
|
+
|
|
3824
|
+
- ef1588413: `requestPackage()` should always return the resolution of the updated package.
|
|
3825
|
+
|
|
3826
|
+
## 18.3.2
|
|
3827
|
+
|
|
3828
|
+
### Patch Changes
|
|
3829
|
+
|
|
3830
|
+
- 249c068dd: fix scoped registry for aliased dependency
|
|
3831
|
+
- Updated dependencies [249c068dd]
|
|
3832
|
+
- @pnpm/pick-registry-for-package@1.1.0
|
|
3833
|
+
|
|
3834
|
+
## 18.3.1
|
|
3835
|
+
|
|
3836
|
+
### Patch Changes
|
|
3837
|
+
|
|
3838
|
+
- 7578a5ad4: The lockfile needs to be updated when the value of neverBuiltDependencies changes.
|
|
3839
|
+
|
|
3840
|
+
## 18.3.0
|
|
3841
|
+
|
|
3842
|
+
### Minor Changes
|
|
3843
|
+
|
|
3844
|
+
- 9ad8c27bf: New option added for ignore scripts in specified dependencies: `neverBuiltDependencies`.
|
|
3845
|
+
|
|
3846
|
+
### Patch Changes
|
|
3847
|
+
|
|
3848
|
+
- Updated dependencies [9ad8c27bf]
|
|
3849
|
+
- Updated dependencies [9ad8c27bf]
|
|
3850
|
+
- @pnpm/lockfile-types@2.2.0
|
|
3851
|
+
- @pnpm/types@6.4.0
|
|
3852
|
+
- @pnpm/lockfile-utils@2.0.22
|
|
3853
|
+
- @pnpm/prune-lockfile@2.0.19
|
|
3854
|
+
- @pnpm/core-loggers@5.0.3
|
|
3855
|
+
- dependency-path@5.1.1
|
|
3856
|
+
- @pnpm/manifest-utils@1.1.5
|
|
3857
|
+
- @pnpm/npm-resolver@10.2.2
|
|
3858
|
+
- @pnpm/package-is-installable@4.0.19
|
|
3859
|
+
- @pnpm/pick-registry-for-package@1.0.6
|
|
3860
|
+
- @pnpm/read-package-json@3.1.9
|
|
3861
|
+
- @pnpm/resolver-base@7.1.1
|
|
3862
|
+
- @pnpm/store-controller-types@9.2.1
|
|
3863
|
+
|
|
3864
|
+
## 18.2.6
|
|
3865
|
+
|
|
3866
|
+
### Patch Changes
|
|
3867
|
+
|
|
3868
|
+
- e665f5105: The workspace protocol should work in subdependencies.
|
|
3869
|
+
|
|
3870
|
+
## 18.2.5
|
|
3871
|
+
|
|
3872
|
+
### Patch Changes
|
|
3873
|
+
|
|
3874
|
+
- db0c7e157: When a new peer dependency is installed, don't remove the existing regular dependencies of the package that depends on the peer.
|
|
3875
|
+
- 4d64969a6: Update version-selector-type to v3.
|
|
3876
|
+
|
|
3877
|
+
## 18.2.4
|
|
3878
|
+
|
|
3879
|
+
### Patch Changes
|
|
3880
|
+
|
|
3881
|
+
- Updated dependencies [e27dcf0dc]
|
|
3882
|
+
- dependency-path@5.1.0
|
|
3883
|
+
- @pnpm/lockfile-utils@2.0.21
|
|
3884
|
+
- @pnpm/prune-lockfile@2.0.18
|
|
3885
|
+
|
|
3886
|
+
## 18.2.3
|
|
3887
|
+
|
|
3888
|
+
### Patch Changes
|
|
3889
|
+
|
|
3890
|
+
- Updated dependencies [f47551a3c]
|
|
3891
|
+
- @pnpm/npm-resolver@10.2.1
|
|
3892
|
+
|
|
3893
|
+
## 18.2.2
|
|
3894
|
+
|
|
3895
|
+
### Patch Changes
|
|
3896
|
+
|
|
3897
|
+
- @pnpm/npm-resolver@10.2.0
|
|
3898
|
+
|
|
3899
|
+
## 18.2.1
|
|
3900
|
+
|
|
3901
|
+
### Patch Changes
|
|
3902
|
+
|
|
3903
|
+
- @pnpm/npm-resolver@10.2.0
|
|
3904
|
+
|
|
3905
|
+
## 18.2.0
|
|
3906
|
+
|
|
3907
|
+
### Minor Changes
|
|
3908
|
+
|
|
3909
|
+
- 8698a7060: New option added: preferWorkspacePackages. When it is `true`, dependencies are linked from the workspace even, when there are newer version available in the registry.
|
|
3910
|
+
|
|
3911
|
+
### Patch Changes
|
|
3912
|
+
|
|
3913
|
+
- Updated dependencies [8698a7060]
|
|
3914
|
+
- @pnpm/npm-resolver@10.2.0
|
|
3915
|
+
- @pnpm/resolver-base@7.1.0
|
|
3916
|
+
- @pnpm/store-controller-types@9.2.0
|
|
3917
|
+
- @pnpm/lockfile-utils@2.0.20
|
|
3918
|
+
|
|
3919
|
+
## 18.1.4
|
|
3920
|
+
|
|
3921
|
+
### Patch Changes
|
|
3922
|
+
|
|
3923
|
+
- Updated dependencies [284e95c5e]
|
|
3924
|
+
- Updated dependencies [084614f55]
|
|
3925
|
+
- @pnpm/npm-resolver@10.1.0
|
|
3926
|
+
|
|
3927
|
+
## 18.1.3
|
|
3928
|
+
|
|
3929
|
+
### Patch Changes
|
|
3930
|
+
|
|
3931
|
+
- Updated dependencies [5ff6c28fa]
|
|
3932
|
+
- Updated dependencies [0c5f1bcc9]
|
|
3933
|
+
- @pnpm/npm-resolver@10.0.7
|
|
3934
|
+
- @pnpm/error@1.4.0
|
|
3935
|
+
- @pnpm/manifest-utils@1.1.4
|
|
3936
|
+
- @pnpm/package-is-installable@4.0.18
|
|
3937
|
+
- @pnpm/read-package-json@3.1.8
|
|
3938
|
+
|
|
3939
|
+
## 18.1.2
|
|
3940
|
+
|
|
3941
|
+
### Patch Changes
|
|
3942
|
+
|
|
3943
|
+
- 39142e2ad: Update encode-registry to v3.
|
|
3944
|
+
- Updated dependencies [39142e2ad]
|
|
3945
|
+
- dependency-path@5.0.6
|
|
3946
|
+
- @pnpm/npm-resolver@10.0.6
|
|
3947
|
+
- @pnpm/lockfile-utils@2.0.19
|
|
3948
|
+
- @pnpm/prune-lockfile@2.0.17
|
|
3949
|
+
|
|
3950
|
+
## 18.1.1
|
|
3951
|
+
|
|
3952
|
+
### Patch Changes
|
|
3953
|
+
|
|
3954
|
+
- Updated dependencies [b5d694e7f]
|
|
3955
|
+
- @pnpm/lockfile-types@2.1.1
|
|
3956
|
+
- @pnpm/types@6.3.1
|
|
3957
|
+
- @pnpm/lockfile-utils@2.0.18
|
|
3958
|
+
- @pnpm/prune-lockfile@2.0.16
|
|
3959
|
+
- @pnpm/core-loggers@5.0.2
|
|
3960
|
+
- dependency-path@5.0.5
|
|
3961
|
+
- @pnpm/manifest-utils@1.1.3
|
|
3962
|
+
- @pnpm/npm-resolver@10.0.5
|
|
3963
|
+
- @pnpm/package-is-installable@4.0.17
|
|
3964
|
+
- @pnpm/pick-registry-for-package@1.0.5
|
|
3965
|
+
- @pnpm/read-package-json@3.1.7
|
|
3966
|
+
- @pnpm/resolver-base@7.0.5
|
|
3967
|
+
- @pnpm/store-controller-types@9.1.2
|
|
3968
|
+
|
|
3969
|
+
## 18.1.0
|
|
3970
|
+
|
|
3971
|
+
### Minor Changes
|
|
3972
|
+
|
|
3973
|
+
- fcdad632f: When some of the dependencies of a package have the package as a peer dependency, don't make the dependency a peer dependency of itself.
|
|
3974
|
+
|
|
3975
|
+
### Patch Changes
|
|
3976
|
+
|
|
3977
|
+
- d54043ee4: When the version in the lockfile doesn't satisfy the range in the dependency's manifest, re-resolve the dependency.
|
|
3978
|
+
- Updated dependencies [d54043ee4]
|
|
3979
|
+
- Updated dependencies [d54043ee4]
|
|
3980
|
+
- Updated dependencies [fcdad632f]
|
|
3981
|
+
- Updated dependencies [212671848]
|
|
3982
|
+
- @pnpm/lockfile-types@2.1.0
|
|
3983
|
+
- @pnpm/types@6.3.0
|
|
3984
|
+
- @pnpm/constants@4.1.0
|
|
3985
|
+
- @pnpm/read-package-json@3.1.6
|
|
3986
|
+
- @pnpm/lockfile-utils@2.0.17
|
|
3987
|
+
- @pnpm/prune-lockfile@2.0.15
|
|
3988
|
+
- @pnpm/core-loggers@5.0.1
|
|
3989
|
+
- dependency-path@5.0.4
|
|
3990
|
+
- @pnpm/manifest-utils@1.1.2
|
|
3991
|
+
- @pnpm/npm-resolver@10.0.4
|
|
3992
|
+
- @pnpm/package-is-installable@4.0.16
|
|
3993
|
+
- @pnpm/pick-registry-for-package@1.0.4
|
|
3994
|
+
- @pnpm/resolver-base@7.0.4
|
|
3995
|
+
- @pnpm/store-controller-types@9.1.1
|
|
3996
|
+
|
|
3997
|
+
## 18.0.6
|
|
3998
|
+
|
|
3999
|
+
### Patch Changes
|
|
4000
|
+
|
|
4001
|
+
- 4241bc148: When a peer dependency is not resolved but is available through `require()`, don't print a warning but still consider it to be missing.
|
|
4002
|
+
- bde7cd164: Peer dependencies should get correctly resolved even in optional dependencies that will be skipped on the active system.
|
|
4003
|
+
- 9f003e94f: Don't cache the peer resolution of packages that have missing peer dependencies.
|
|
4004
|
+
- e8dcc42d5: Do not skip a package's peer resolution if it was previously resolved w/o peer dependencies but in the new node it has peer dependencies.
|
|
4005
|
+
- c6eaf01c9: Resolved peer dependencies should always be included.
|
|
4006
|
+
|
|
4007
|
+
## 18.0.5
|
|
4008
|
+
|
|
4009
|
+
### Patch Changes
|
|
4010
|
+
|
|
4011
|
+
- ddd98dd74: The lockfile should be correctly updated when a direct dependency that has peer dependencies has a new version specifier in `package.json`.
|
|
4012
|
+
|
|
4013
|
+
For instance, `jest@26` has `cascade@2` in its peer dependencies. So `pnpm install` will scope Jest to some version of cascade. This is how it will look like in `pnpm-lock.yaml`:
|
|
4014
|
+
|
|
4015
|
+
```yaml
|
|
4016
|
+
dependencies:
|
|
4017
|
+
canvas: 2.6.0
|
|
4018
|
+
jest: 26.4.0_canvas@2.6.0
|
|
4019
|
+
```
|
|
4020
|
+
|
|
4021
|
+
If the version specifier of Jest gets changed in the `package.json` to `26.5.0`, the next time `pnpm install` is executed, the lockfile should be changed to this:
|
|
4022
|
+
|
|
4023
|
+
```yaml
|
|
4024
|
+
dependencies:
|
|
4025
|
+
canvas: 2.6.0
|
|
4026
|
+
jest: 26.5.0_canvas@2.6.0
|
|
4027
|
+
```
|
|
4028
|
+
|
|
4029
|
+
Prior to this fix, after the update, Jest was not scoped with canvas, so the lockfile was incorrectly updated to the following:
|
|
4030
|
+
|
|
4031
|
+
```yaml
|
|
4032
|
+
dependencies:
|
|
4033
|
+
canvas: 2.6.0
|
|
4034
|
+
jest: 26.5.0
|
|
4035
|
+
```
|
|
4036
|
+
|
|
4037
|
+
Related issue: [#2919](https://github.com/pnpm/pnpm/issues/2919).
|
|
4038
|
+
Related PR: [#2920](https://github.com/pnpm/pnpm/pull/2920).
|
|
4039
|
+
|
|
4040
|
+
## 18.0.4
|
|
4041
|
+
|
|
4042
|
+
### Patch Changes
|
|
4043
|
+
|
|
4044
|
+
- Updated dependencies [d7b727795]
|
|
4045
|
+
- @pnpm/npm-resolver@10.0.3
|
|
4046
|
+
|
|
4047
|
+
## 18.0.3
|
|
4048
|
+
|
|
4049
|
+
### Patch Changes
|
|
4050
|
+
|
|
4051
|
+
- Updated dependencies [0a6544043]
|
|
4052
|
+
- @pnpm/store-controller-types@9.1.0
|
|
4053
|
+
|
|
4054
|
+
## 18.0.2
|
|
4055
|
+
|
|
4056
|
+
### Patch Changes
|
|
4057
|
+
|
|
4058
|
+
- Updated dependencies [86cd72de3]
|
|
4059
|
+
- Updated dependencies [3633f5e46]
|
|
4060
|
+
- Updated dependencies [86cd72de3]
|
|
4061
|
+
- @pnpm/core-loggers@5.0.0
|
|
4062
|
+
- @pnpm/npm-resolver@10.0.2
|
|
4063
|
+
- @pnpm/store-controller-types@9.0.0
|
|
4064
|
+
- @pnpm/manifest-utils@1.1.1
|
|
4065
|
+
- @pnpm/package-is-installable@4.0.15
|
|
4066
|
+
|
|
4067
|
+
## 18.0.1
|
|
4068
|
+
|
|
4069
|
+
### Patch Changes
|
|
4070
|
+
|
|
4071
|
+
- @pnpm/npm-resolver@10.0.1
|
|
4072
|
+
|
|
4073
|
+
## 18.0.0
|
|
4074
|
+
|
|
4075
|
+
### Major Changes
|
|
4076
|
+
|
|
4077
|
+
- e2f6b40b1: Breaking changes to the API. `resolveDependencies()` now returns a dependency graph with peer dependencies resolved.
|
|
4078
|
+
|
|
4079
|
+
### Patch Changes
|
|
4080
|
+
|
|
4081
|
+
- Updated dependencies [e2f6b40b1]
|
|
4082
|
+
- Updated dependencies [e2f6b40b1]
|
|
4083
|
+
- Updated dependencies [e2f6b40b1]
|
|
4084
|
+
- @pnpm/manifest-utils@1.1.0
|
|
4085
|
+
|
|
4086
|
+
## 17.0.0
|
|
4087
|
+
|
|
4088
|
+
### Major Changes
|
|
4089
|
+
|
|
4090
|
+
- 9d9456442: In case of leaf dependencies (dependencies that have no prod deps or peer deps), we only ever need to analyze one leaf dep in a graph, so the nodeId can be short and stateless, like the package ID.
|
|
4091
|
+
- 501efdabd: Use depPath in nodeIds instead of package IDs (depPath is unique as well but shorter).
|
|
4092
|
+
- 501efdabd: `resolvedPackagesByPackageId` is replaced with `resolvedPackagesByDepPath`.
|
|
4093
|
+
|
|
4094
|
+
### Minor Changes
|
|
4095
|
+
|
|
4096
|
+
- a43c12afe: We are building the dependency tree only until there are new packages or the packages repeat in a unique order. This is needed later during peer dependencies resolution.
|
|
4097
|
+
|
|
4098
|
+
So we resolve `foo > bar > qar > foo`.
|
|
4099
|
+
But we stop on `foo > bar > qar > foo > qar`.
|
|
4100
|
+
In the second example, there's no reason to walk qar again when qar is included the first time, the dependencies of foo are already resolved and included as parent dependencies of qar. So during peers resolution, qar cannot possibly get any new or different peers resolved, after the first occurrence.
|
|
4101
|
+
|
|
4102
|
+
However, in the next example we would analyze the second qar as well, because zoo is a new parent package:
|
|
4103
|
+
`foo > bar > qar > zoo > qar`
|
|
4104
|
+
|
|
4105
|
+
## 16.1.5
|
|
4106
|
+
|
|
4107
|
+
### Patch Changes
|
|
4108
|
+
|
|
4109
|
+
- 8242401c7: Ignore non-array bundle\[d]Dependencies fields. Fixes a regression caused by https://github.com/pnpm/pnpm/commit/5322cf9b39f637536aa4775aa64dd4e9a4156d8a
|
|
4110
|
+
|
|
4111
|
+
## 16.1.4
|
|
4112
|
+
|
|
4113
|
+
### Patch Changes
|
|
4114
|
+
|
|
4115
|
+
- Updated dependencies [75a36deba]
|
|
4116
|
+
- Updated dependencies [75a36deba]
|
|
4117
|
+
- @pnpm/error@1.3.1
|
|
4118
|
+
- @pnpm/npm-resolver@10.0.1
|
|
4119
|
+
- @pnpm/package-is-installable@4.0.14
|
|
4120
|
+
|
|
4121
|
+
## 16.1.3
|
|
4122
|
+
|
|
4123
|
+
### Patch Changes
|
|
4124
|
+
|
|
4125
|
+
- Updated dependencies [a1cdae3dc]
|
|
4126
|
+
- @pnpm/npm-resolver@10.0.0
|
|
4127
|
+
|
|
4128
|
+
## 16.1.2
|
|
4129
|
+
|
|
4130
|
+
### Patch Changes
|
|
4131
|
+
|
|
4132
|
+
- Updated dependencies [6d480dd7a]
|
|
4133
|
+
- Updated dependencies [6d480dd7a]
|
|
4134
|
+
- @pnpm/error@1.3.0
|
|
4135
|
+
- @pnpm/npm-resolver@9.1.0
|
|
4136
|
+
- @pnpm/package-is-installable@4.0.13
|
|
4137
|
+
|
|
4138
|
+
## 16.1.1
|
|
4139
|
+
|
|
4140
|
+
### Patch Changes
|
|
4141
|
+
|
|
4142
|
+
- a2ef8084f: Use the same versions of dependencies across the pnpm monorepo.
|
|
4143
|
+
- Updated dependencies [622c0b6f9]
|
|
4144
|
+
- Updated dependencies [1140ef721]
|
|
4145
|
+
- Updated dependencies [a2ef8084f]
|
|
4146
|
+
- @pnpm/npm-resolver@9.0.2
|
|
4147
|
+
- @pnpm/lockfile-utils@2.0.16
|
|
4148
|
+
- dependency-path@5.0.3
|
|
4149
|
+
|
|
4150
|
+
## 16.1.0
|
|
4151
|
+
|
|
4152
|
+
### Minor Changes
|
|
4153
|
+
|
|
4154
|
+
- 8c1cf25b7: New option added: updateMatching. updateMatching is a function that accepts a package name. It returns `true` if the specified package should be updated.
|
|
4155
|
+
|
|
4156
|
+
## 16.0.6
|
|
4157
|
+
|
|
4158
|
+
### Patch Changes
|
|
4159
|
+
|
|
4160
|
+
- Updated dependencies [9a908bc07]
|
|
4161
|
+
- Updated dependencies [9a908bc07]
|
|
4162
|
+
- @pnpm/core-loggers@4.2.0
|
|
4163
|
+
- @pnpm/package-is-installable@4.0.12
|
|
4164
|
+
- @pnpm/npm-resolver@9.0.1
|
|
4165
|
+
|
|
4166
|
+
## 16.0.5
|
|
4167
|
+
|
|
4168
|
+
### Patch Changes
|
|
4169
|
+
|
|
4170
|
+
- Updated dependencies [379cdcaf8]
|
|
4171
|
+
- @pnpm/npm-resolver@9.0.1
|
|
4172
|
+
|
|
4173
|
+
## 16.0.4
|
|
4174
|
+
|
|
4175
|
+
### Patch Changes
|
|
4176
|
+
|
|
4177
|
+
- 7f25dad04: Only add packages to the skipped set, when they are seen the first time.
|
|
4178
|
+
|
|
4179
|
+
## 16.0.3
|
|
4180
|
+
|
|
4181
|
+
### Patch Changes
|
|
4182
|
+
|
|
4183
|
+
- Updated dependencies [71aeb9a38]
|
|
4184
|
+
- @pnpm/npm-resolver@9.0.0
|
|
4185
|
+
|
|
4186
|
+
## 16.0.2
|
|
4187
|
+
|
|
4188
|
+
### Patch Changes
|
|
4189
|
+
|
|
4190
|
+
- Updated dependencies [db17f6f7b]
|
|
4191
|
+
- @pnpm/types@6.2.0
|
|
4192
|
+
- @pnpm/core-loggers@4.1.2
|
|
4193
|
+
- dependency-path@5.0.2
|
|
4194
|
+
- @pnpm/lockfile-utils@2.0.15
|
|
4195
|
+
- @pnpm/npm-resolver@8.1.2
|
|
4196
|
+
- @pnpm/package-is-installable@4.0.11
|
|
4197
|
+
- @pnpm/pick-registry-for-package@1.0.3
|
|
4198
|
+
- @pnpm/resolver-base@7.0.3
|
|
4199
|
+
- @pnpm/store-controller-types@8.0.2
|
|
4200
|
+
|
|
4201
|
+
## 16.0.1
|
|
4202
|
+
|
|
4203
|
+
### Patch Changes
|
|
4204
|
+
|
|
4205
|
+
- Updated dependencies [71a8c8ce3]
|
|
4206
|
+
- @pnpm/types@6.1.0
|
|
4207
|
+
- @pnpm/core-loggers@4.1.1
|
|
4208
|
+
- dependency-path@5.0.1
|
|
4209
|
+
- @pnpm/lockfile-utils@2.0.14
|
|
4210
|
+
- @pnpm/npm-resolver@8.1.1
|
|
4211
|
+
- @pnpm/package-is-installable@4.0.10
|
|
4212
|
+
- @pnpm/pick-registry-for-package@1.0.2
|
|
4213
|
+
- @pnpm/resolver-base@7.0.2
|
|
4214
|
+
- @pnpm/store-controller-types@8.0.1
|
|
4215
|
+
|
|
4216
|
+
## 16.0.0
|
|
4217
|
+
|
|
4218
|
+
### Major Changes
|
|
4219
|
+
|
|
4220
|
+
- 41d92948b: Expects direct tarball IDs to start with @.
|
|
4221
|
+
|
|
4222
|
+
### Patch Changes
|
|
4223
|
+
|
|
4224
|
+
- Updated dependencies [41d92948b]
|
|
4225
|
+
- dependency-path@5.0.0
|
|
4226
|
+
- @pnpm/lockfile-utils@2.0.13
|
|
4227
|
+
|
|
4228
|
+
## 15.1.2
|
|
4229
|
+
|
|
4230
|
+
### Patch Changes
|
|
4231
|
+
|
|
4232
|
+
- Updated dependencies [4cf7ef367]
|
|
4233
|
+
- Updated dependencies [d3ddd023c]
|
|
4234
|
+
- Updated dependencies [2ebb7af33]
|
|
4235
|
+
- @pnpm/npm-resolver@8.1.0
|
|
4236
|
+
- @pnpm/core-loggers@4.1.0
|
|
4237
|
+
- @pnpm/package-is-installable@4.0.9
|
|
4238
|
+
|
|
4239
|
+
## 15.1.1
|
|
4240
|
+
|
|
4241
|
+
### Patch Changes
|
|
4242
|
+
|
|
4243
|
+
- @pnpm/npm-resolver@8.0.1
|
|
4244
|
+
|
|
4245
|
+
## 15.1.0
|
|
4246
|
+
|
|
4247
|
+
### Minor Changes
|
|
4248
|
+
|
|
4249
|
+
- 71b0cb8fd: A new option added: `forceFullResolution`. When `true`, the whole dependency graph will be walked through during resolution.
|
|
4250
|
+
|
|
4251
|
+
## 15.0.1
|
|
4252
|
+
|
|
4253
|
+
### Patch Changes
|
|
4254
|
+
|
|
4255
|
+
- e2c4fdad5: Don't remove resolved peer dependencies from dependencies when lockfile is partially up-to-date.
|
|
4256
|
+
|
|
4257
|
+
## 15.0.0
|
|
4258
|
+
|
|
4259
|
+
### Major Changes
|
|
4260
|
+
|
|
4261
|
+
- 0730bb938: Check the existence of a dependency in `node_modules` at the right location.
|
|
4262
|
+
- 242cf8737: The `alwaysTryWorkspacePackages` option is removed. A new option called `linkWorkspacePackagesDepth` is added.
|
|
4263
|
+
When `linkWorkspacePackageDepth` is `0`, workspace packages are linked to direct dependencies even if these direct
|
|
4264
|
+
dependencies are not using workspace ranges (so this is similar to the old `alwaysTryWorkspacePackages=true`).
|
|
4265
|
+
`linkWorkspacePackageDepth` also allows to link workspace packages to subdependencies by setting the max depth.
|
|
4266
|
+
Setting it to `Infinity` will make the resolution algorithm always prefer packages from the workspace over packages
|
|
4267
|
+
from the registry.
|
|
4268
|
+
- cc8a3bd31: `updateLockfile` options property is removed. `updateDepth=Infinity` should be used instead. Which is set for each project separately.
|
|
4269
|
+
- 16d1ac0fd: `engineCache` is removed from `ResolvedPackage`. `sideEffectsCache` removed from input options.
|
|
4270
|
+
- e11019b89: Deprecate the resolution strategy setting. The fewer dependencies strategy is used always.
|
|
4271
|
+
- 802d145fc: Remove `independent-leaves` support.
|
|
4272
|
+
- 9fbb74ecb: The structure of virtual store directory changed. No subdirectory created with the registry name.
|
|
4273
|
+
So instead of storing packages inside `node_modules/.pnpm/<registry>/<pkg>`, packages are stored
|
|
4274
|
+
inside `node_modules/.pnpm/<pkg>`.
|
|
4275
|
+
|
|
4276
|
+
### Minor Changes
|
|
4277
|
+
|
|
4278
|
+
- a5febb913: Package request response contains the path to the files index file.
|
|
4279
|
+
- b47f9737a: When direct dependencies are present, subdependencies are not reanalyzed on repeat install.
|
|
4280
|
+
|
|
4281
|
+
### Patch Changes
|
|
4282
|
+
|
|
4283
|
+
- 77bc9b510: Resolve subdependencies only after all parent dependencies were resolved.
|
|
4284
|
+
- a7d20d927: The peer suffix at the end of local tarball dependency paths is not encoded.
|
|
4285
|
+
- 4cc0ead24: Update replace-string to v3.1.0.
|
|
4286
|
+
- c25cccdad: The lockfile should be recreated correctly when an up-to-date `node_modules` is present.
|
|
4287
|
+
The recreated lockfile should contain all the skipped optional dependencies.
|
|
4288
|
+
- Updated dependencies [5bc033c43]
|
|
4289
|
+
- Updated dependencies [16d1ac0fd]
|
|
4290
|
+
- Updated dependencies [f516d266c]
|
|
4291
|
+
- Updated dependencies [da091c711]
|
|
4292
|
+
- Updated dependencies [42e6490d1]
|
|
4293
|
+
- Updated dependencies [a5febb913]
|
|
4294
|
+
- Updated dependencies [b6a82072e]
|
|
4295
|
+
- Updated dependencies [802d145fc]
|
|
4296
|
+
- Updated dependencies [6a8a97eee]
|
|
4297
|
+
- Updated dependencies [a5febb913]
|
|
4298
|
+
- Updated dependencies [a5febb913]
|
|
4299
|
+
- Updated dependencies [a5febb913]
|
|
4300
|
+
- Updated dependencies [f453a5f46]
|
|
4301
|
+
- @pnpm/npm-resolver@8.0.0
|
|
4302
|
+
- @pnpm/store-controller-types@8.0.0
|
|
4303
|
+
- @pnpm/types@6.0.0
|
|
4304
|
+
- @pnpm/lockfile-types@2.0.1
|
|
4305
|
+
- @pnpm/core-loggers@4.0.2
|
|
4306
|
+
- dependency-path@4.0.7
|
|
4307
|
+
- @pnpm/error@1.2.1
|
|
4308
|
+
- @pnpm/lockfile-utils@2.0.12
|
|
4309
|
+
- @pnpm/package-is-installable@4.0.8
|
|
4310
|
+
- @pnpm/pick-registry-for-package@1.0.1
|
|
4311
|
+
- @pnpm/resolver-base@7.0.1
|
|
4312
|
+
|
|
4313
|
+
## 15.0.0-alpha.6
|
|
4314
|
+
|
|
4315
|
+
### Major Changes
|
|
4316
|
+
|
|
4317
|
+
- 242cf8737: The `alwaysTryWorkspacePackages` option is removed. A new option called `linkWorkspacePackagesDepth` is added.
|
|
4318
|
+
When `linkWorkspacePackageDepth` is `0`, workspace packages are linked to direct dependencies even if these direct
|
|
4319
|
+
dependencies are not using workspace ranges (so this is similar to the old `alwaysTryWorkspacePackages=true`).
|
|
4320
|
+
`linkWorkspacePackageDepth` also allows to link workspace packages to subdependencies by setting the max depth.
|
|
4321
|
+
Setting it to `Infinity` will make the resolution algorithm always prefer packages from the workspace over packages
|
|
4322
|
+
from the registry.
|
|
4323
|
+
- cc8a3bd31: `updateLockfile` options property is removed. `updateDepth=Infinity` should be used instead. Which is set for each project separately.
|
|
4324
|
+
- 16d1ac0fd: `engineCache` is removed from `ResolvedPackage`. `sideEffectsCache` removed from input options.
|
|
4325
|
+
|
|
4326
|
+
### Minor Changes
|
|
4327
|
+
|
|
4328
|
+
- a5febb913: Package request response contains the path to the files index file.
|
|
4329
|
+
- b47f9737a: When direct dependencies are present, subdependencies are not reanalyzed on repeat install.
|
|
4330
|
+
|
|
4331
|
+
### Patch Changes
|
|
4332
|
+
|
|
4333
|
+
- a7d20d927: The peer suffix at the end of local tarball dependency paths is not encoded.
|
|
4334
|
+
- c25cccdad: The lockfile should be recreated correctly when an up-to-date `node_modules` is present.
|
|
4335
|
+
The recreated lockfile should contain all the skipped optional dependencies.
|
|
4336
|
+
- Updated dependencies [16d1ac0fd]
|
|
4337
|
+
- Updated dependencies [a5febb913]
|
|
4338
|
+
- Updated dependencies [6a8a97eee]
|
|
4339
|
+
- Updated dependencies [a5febb913]
|
|
4340
|
+
- Updated dependencies [a5febb913]
|
|
4341
|
+
- Updated dependencies [a5febb913]
|
|
4342
|
+
- @pnpm/store-controller-types@8.0.0-alpha.4
|
|
4343
|
+
- @pnpm/lockfile-types@2.0.1-alpha.0
|
|
4344
|
+
- @pnpm/lockfile-utils@2.0.12-alpha.1
|
|
4345
|
+
|
|
4346
|
+
## 15.0.0-alpha.5
|
|
4347
|
+
|
|
4348
|
+
### Major Changes
|
|
4349
|
+
|
|
4350
|
+
- 9fbb74ec: The structure of virtual store directory changed. No subdirectory created with the registry name.
|
|
4351
|
+
So instead of storing packages inside `node_modules/.pnpm/<registry>/<pkg>`, packages are stored
|
|
4352
|
+
inside `node_modules/.pnpm/<pkg>`.
|
|
4353
|
+
|
|
4354
|
+
### Patch Changes
|
|
4355
|
+
|
|
4356
|
+
- 4cc0ead2: Update replace-string to v3.1.0.
|
|
4357
|
+
- Updated dependencies [da091c71]
|
|
4358
|
+
- @pnpm/store-controller-types@8.0.0-alpha.3
|
|
4359
|
+
- @pnpm/types@6.0.0-alpha.0
|
|
4360
|
+
- @pnpm/core-loggers@4.0.2-alpha.0
|
|
4361
|
+
- dependency-path@4.0.7-alpha.0
|
|
4362
|
+
- @pnpm/lockfile-utils@2.0.12-alpha.0
|
|
4363
|
+
- @pnpm/npm-resolver@7.3.12-alpha.2
|
|
4364
|
+
- @pnpm/package-is-installable@4.0.8-alpha.0
|
|
4365
|
+
- @pnpm/pick-registry-for-package@1.0.1-alpha.0
|
|
4366
|
+
- @pnpm/resolver-base@7.0.1-alpha.0
|
|
4367
|
+
|
|
4368
|
+
## 14.4.5-alpha.4
|
|
4369
|
+
|
|
4370
|
+
### Patch Changes
|
|
4371
|
+
|
|
4372
|
+
- 0730bb938: Check the existence of a dependency in `node_modules` at the right location.
|
|
4373
|
+
|
|
4374
|
+
## 14.4.5-alpha.3
|
|
4375
|
+
|
|
4376
|
+
### Patch Changes
|
|
4377
|
+
|
|
4378
|
+
- Updated dependencies [5bc033c43]
|
|
4379
|
+
- @pnpm/npm-resolver@8.0.0-alpha.1
|
|
4380
|
+
|
|
4381
|
+
## 14.4.5-alpha.2
|
|
4382
|
+
|
|
4383
|
+
### Patch Changes
|
|
4384
|
+
|
|
4385
|
+
- Updated dependencies [42e6490d1]
|
|
4386
|
+
- Updated dependencies [f453a5f46]
|
|
4387
|
+
- @pnpm/store-controller-types@8.0.0-alpha.2
|
|
4388
|
+
- @pnpm/npm-resolver@7.3.12-alpha.0
|
|
4389
|
+
|
|
4390
|
+
## 14.4.5-alpha.1
|
|
4391
|
+
|
|
4392
|
+
### Patch Changes
|
|
4393
|
+
|
|
4394
|
+
- Updated dependencies [4f62d0383]
|
|
4395
|
+
- @pnpm/store-controller-types@8.0.0-alpha.1
|
|
4396
|
+
|
|
4397
|
+
## 14.4.5-alpha.0
|
|
4398
|
+
|
|
4399
|
+
### Patch Changes
|
|
4400
|
+
|
|
4401
|
+
- Updated dependencies [91c4b5954]
|
|
4402
|
+
- @pnpm/store-controller-types@8.0.0-alpha.0
|
|
4403
|
+
|
|
4404
|
+
## 14.4.4
|
|
4405
|
+
|
|
4406
|
+
### Patch Changes
|
|
4407
|
+
|
|
4408
|
+
- Updated dependencies [907c63a48]
|
|
4409
|
+
- @pnpm/lockfile-utils@2.0.11
|