@pnpm/releasing.commands 1100.2.9 → 1100.2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/publish/pack.js +21 -10
  2. package/lib/version/index.js +33 -1
  3. package/package.json +21 -21
package/lib/publish/pack.js CHANGED
@@ -171,6 +171,21 @@ export async function api(opts) {
171
171
  if (!manifest.version) {
172
172
  throw new PnpmError('PACKAGE_VERSION_NOT_FOUND', `Package version is not defined in the ${manifestFileName}.`);
173
173
  }
174
+ const publishManifest = await createPublishManifest({
175
+ projectDir: dir,
176
+ modulesDir: path.join(opts.dir, 'node_modules'),
177
+ manifest,
178
+ embedReadme: opts.embedReadme,
179
+ catalogs: opts.catalogs ?? {},
180
+ hooks: opts.hooks,
181
+ });
182
+ // Strip semver build metadata (the `+<build>` segment) from the published version so that
183
+ // the tarball, the manifest packed inside it, and the metadata sent to the registry all agree.
184
+ // libnpmpublish runs `semver.clean()` on `manifest.version` before computing the provenance
185
+ // subject, which removes build metadata. Leaving it in here would mismatch the version embedded
186
+ // in the tarball's package.json and cause the registry to reject the publish with a 422 when
187
+ // verifying the sigstore provenance bundle. See https://github.com/pnpm/pnpm/issues/11518.
188
+ publishManifest.version = stripBuildMetadata(publishManifest.version);
174
189
  let tarballName;
175
190
  let packDestination;
176
191
  const normalizedName = manifest.name.replace('@', '').replace('/', '-');
@@ -178,23 +193,15 @@ export async function api(opts) {
178
193
  if (opts.packDestination) {
179
194
  throw new PnpmError('INVALID_OPTION', 'Cannot use --pack-destination and --out together');
180
195
  }
181
- const preparedOut = opts.out.replaceAll('%s', normalizedName).replaceAll('%v', manifest.version);
196
+ const preparedOut = opts.out.replaceAll('%s', normalizedName).replaceAll('%v', publishManifest.version);
182
197
  const parsedOut = path.parse(preparedOut);
183
198
  packDestination = parsedOut.dir ? parsedOut.dir : opts.packDestination;
184
199
  tarballName = parsedOut.base;
185
200
  }
186
201
  else {
187
- tarballName = `${normalizedName}-${manifest.version}.tgz`;
202
+ tarballName = `${normalizedName}-${publishManifest.version}.tgz`;
188
203
  packDestination = opts.packDestination;
189
204
  }
190
- const publishManifest = await createPublishManifest({
191
- projectDir: dir,
192
- modulesDir: path.join(opts.dir, 'node_modules'),
193
- manifest,
194
- embedReadme: opts.embedReadme,
195
- catalogs: opts.catalogs ?? {},
196
- hooks: opts.hooks,
197
- });
198
205
  const files = await packlist(dir, {
199
206
  manifest: publishManifest,
200
207
  });
@@ -257,6 +264,10 @@ export async function api(opts) {
257
264
  unpackedSize,
258
265
  };
259
266
  }
267
+ function stripBuildMetadata(version) {
268
+ const plusIndex = version.indexOf('+');
269
+ return plusIndex === -1 ? version : version.slice(0, plusIndex);
270
+ }
260
271
  function preventBundledDependenciesWithoutHoistedNodeLinker(nodeLinker, manifest) {
261
272
  if (nodeLinker === 'hoisted')
262
273
  return;
package/lib/version/index.js CHANGED
@@ -2,6 +2,7 @@ import path from 'node:path';
2
2
  import { readProjectManifest } from '@pnpm/cli.utils';
3
3
  import { types as allTypes } from '@pnpm/config.reader';
4
4
  import { PnpmError } from '@pnpm/error';
5
+ import { runLifecycleHook } from '@pnpm/exec.lifecycle';
5
6
  import { isGitRepo, isWorkingTreeClean } from '@pnpm/network.git-utils';
6
7
  import { filterProjectsFromDir } from '@pnpm/workspace.projects-filter';
7
8
  import { safeExeca as execa } from 'execa';
@@ -146,6 +147,7 @@ export async function handler(opts, params) {
146
147
  if (!opts.recursive && opts.gitTagVersion !== false && await isGitRepo({ cwd: gitCwd })) {
147
148
  await commitAndTag(changes, { ...opts, cwd: gitCwd });
148
149
  }
150
+ await Promise.all(changes.map(change => runVersionLifecycleHook('postversion', change, opts)));
149
151
  if (opts.json) {
150
152
  return JSON.stringify(changes.map(({ manifestPath: _manifestPath, ...change }) => change), null, 2);
151
153
  }
@@ -164,6 +166,14 @@ async function bumpPackageVersion(pkgDir, rawBump, explicitVersion, opts) {
164
166
  if (!valid(currentVersion)) {
165
167
  throw new PnpmError('INVALID_VERSION', `Invalid version in ${pkgDir}: ${currentVersion}`);
166
168
  }
169
+ const preVersionChange = {
170
+ name: manifest.name,
171
+ currentVersion,
172
+ newVersion: currentVersion,
173
+ path: pkgDir,
174
+ manifestPath: path.join(pkgDir, fileName),
175
+ };
176
+ await runVersionLifecycleHook('preversion', preVersionChange, opts);
167
177
  const newVersion = explicitVersion ?? inc(currentVersion, rawBump, false, opts.preid);
168
178
  if (!newVersion) {
169
179
  throw new PnpmError('VERSION_BUMP_FAILED', `Failed to bump version from ${currentVersion} using ${rawBump}`);
@@ -173,13 +183,35 @@ async function bumpPackageVersion(pkgDir, rawBump, explicitVersion, opts) {
173
183
  }
174
184
  manifest.version = newVersion;
175
185
  await writeProjectManifest(manifest);
176
- return {
186
+ const change = {
177
187
  name: manifest.name,
178
188
  currentVersion,
179
189
  newVersion,
180
190
  path: pkgDir,
181
191
  manifestPath: path.join(pkgDir, fileName),
182
192
  };
193
+ await runVersionLifecycleHook('version', change, opts);
194
+ return change;
195
+ }
196
+ async function runVersionLifecycleHook(stage, change, opts) {
197
+ if (opts.ignoreScripts === true)
198
+ return;
199
+ const { manifest } = await readProjectManifest(change.path);
200
+ const lifecycleOpts = {
201
+ depPath: change.name,
202
+ extraBinPaths: opts.extraBinPaths,
203
+ extraEnv: opts.extraEnv,
204
+ initCwd: opts.dir,
205
+ pkgRoot: change.path,
206
+ rootModulesDir: path.join(change.path, opts.modulesDir ?? 'node_modules'),
207
+ scriptShell: opts.scriptShell,
208
+ scriptsPrependNodePath: opts.scriptsPrependNodePath,
209
+ shellEmulator: opts.shellEmulator,
210
+ stdio: 'inherit',
211
+ unsafePerm: opts.unsafePerm ?? false,
212
+ userAgent: opts.userAgent,
213
+ };
214
+ await runLifecycleHook(stage, manifest, lifecycleOpts);
183
215
  }
184
216
  async function commitAndTag(changes, opts) {
185
217
  const resolvedCwd = path.resolve(opts.cwd);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pnpm/releasing.commands",
3
- "version": "1100.2.9",
3
+ "version": "1100.2.11",
4
4
  "description": "Commands for deploy, pack, and publish",
5
5
  "keywords": [
6
6
  "pnpm",
@@ -48,34 +48,34 @@
48
48
  "write-json-file": "^7.0.0",
49
49
  "write-yaml-file": "^6.0.0",
50
50
  "@pnpm/catalogs.types": "1100.0.0",
51
- "@pnpm/bins.resolver": "1100.0.2",
52
- "@pnpm/cli.common-cli-options-help": "1100.0.1",
53
- "@pnpm/cli.utils": "1101.0.2",
54
51
  "@pnpm/config.pick-registry-for-package": "1100.0.2",
55
- "@pnpm/config.reader": "1101.2.1",
56
- "@pnpm/constants": "1100.0.0",
52
+ "@pnpm/cli.utils": "1101.0.2",
53
+ "@pnpm/config.reader": "1101.2.2",
57
54
  "@pnpm/deps.path": "1100.0.2",
58
- "@pnpm/engine.runtime.commands": "1100.0.11",
59
- "@pnpm/engine.runtime.node-resolver": "1101.0.5",
55
+ "@pnpm/constants": "1100.0.0",
56
+ "@pnpm/engine.runtime.commands": "1100.0.12",
57
+ "@pnpm/engine.runtime.node-resolver": "1101.0.6",
58
+ "@pnpm/exec.lifecycle": "1100.0.7",
60
59
  "@pnpm/error": "1100.0.0",
61
- "@pnpm/exec.lifecycle": "1100.0.6",
60
+ "@pnpm/fetching.directory-fetcher": "1100.0.7",
62
61
  "@pnpm/exec.pnpm-cli-runner": "1100.0.0",
63
- "@pnpm/fetching.directory-fetcher": "1100.0.6",
64
62
  "@pnpm/fs.indexed-pkg-importer": "1100.0.5",
63
+ "@pnpm/fs.packlist": "1100.0.1",
65
64
  "@pnpm/fs.is-empty-dir-or-nothing": "1100.0.0",
66
- "@pnpm/installing.client": "1100.0.10",
67
- "@pnpm/installing.commands": "1100.1.10",
68
- "@pnpm/lockfile.fs": "1100.0.5",
65
+ "@pnpm/installing.client": "1100.0.12",
66
+ "@pnpm/installing.commands": "1100.1.12",
67
+ "@pnpm/lockfile.fs": "1100.0.6",
69
68
  "@pnpm/lockfile.types": "1100.0.4",
70
69
  "@pnpm/network.fetch": "1100.0.2",
71
70
  "@pnpm/network.git-utils": "1100.0.1",
72
- "@pnpm/network.web-auth": "1101.0.0",
73
71
  "@pnpm/releasing.exportable-manifest": "1100.0.3",
74
- "@pnpm/fs.packlist": "1100.0.0",
72
+ "@pnpm/network.web-auth": "1101.0.0",
75
73
  "@pnpm/resolving.resolver-base": "1100.1.2",
74
+ "@pnpm/workspace.projects-filter": "1100.0.9",
75
+ "@pnpm/workspace.projects-sorter": "1100.0.1",
76
76
  "@pnpm/types": "1101.0.0",
77
- "@pnpm/workspace.projects-filter": "1100.0.8",
78
- "@pnpm/workspace.projects-sorter": "1100.0.1"
77
+ "@pnpm/cli.common-cli-options-help": "1100.0.1",
78
+ "@pnpm/bins.resolver": "1100.0.2"
79
79
  },
80
80
  "peerDependencies": {
81
81
  "@pnpm/logger": "^1001.0.1"
@@ -99,12 +99,12 @@
99
99
  "tar": "^7.5.13",
100
100
  "undici": "^7.25.0",
101
101
  "write-yaml-file": "^6.0.0",
102
- "@pnpm/catalogs.config": "1100.0.0",
103
- "@pnpm/assert-project": "1100.0.5",
102
+ "@pnpm/assert-project": "1100.0.6",
104
103
  "@pnpm/hooks.pnpmfile": "1100.0.6",
104
+ "@pnpm/catalogs.config": "1100.0.0",
105
105
  "@pnpm/logger": "1100.0.0",
106
- "@pnpm/prepare": "1100.0.5",
107
- "@pnpm/releasing.commands": "1100.2.9",
106
+ "@pnpm/releasing.commands": "1100.2.11",
107
+ "@pnpm/prepare": "1100.0.6",
108
108
  "@pnpm/test-fixtures": "1100.0.0",
109
109
  "@pnpm/test-ipc-server": "1100.0.0",
110
110
  "@pnpm/testing.command-defaults": "1100.0.1"