Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
7.28.0
->8.1.0
Release Notes
pnpm/pnpm
v8.1.0
Compare Source
Minor Changes
dedupe-direct-deps
, which is disabled by default. When set totrue
, dependencies that are already symlinked to the rootnode_modules
directory of the workspace will not be symlinked to subprojectnode_modules
directories. This feature was enabled by default in v8.0.0 but caused issues, so it's best to disable it by default #6299.ignore-workspace-cycles
to silence workspace cycle warning #6308.Patch Changes
Our Gold Sponsors
Our Silver Sponsors
v8.0.0
Compare Source
We are excited to announce the latest release of pnpm! To install it, check the installation page.
Major Changes
Node.js 14 Support Discontinued
If you still require Node.js 14, don't worry. We ship pnpm bundled with Node.js. This means that regardless of which Node.js version you've installed, pnpm will operate using the necessary Node.js runtime. For this to work you need to install pnpm either using the standalone script or install the
@pnpm/exe
package.Configuration Updates
auto-install-peers
: enabled by default.dedupe-peer-dependents
: enabled by default.resolve-peers-from-workspace-root
: enabled by default.save-workspace-protocol
: set torolling
by default.resolution-mode
: set tolowest-direct
by default.publishConfig.linkDirectory
: enabled by default.Most of the configuration changes are related to peer dependencies. Most of these settings were implemented long ago, and we recommended them to users encountering peer dependency issues. The recently added
dedupe-peer-dependents
resolved many such problems. With these new defaults, pnpm will face significantly fewer issues during migration from other package managers.Lockfile Modifications
importers
section. The newpnpm-lock.yaml
file is more resistant to git merge conflicts!resolution
object inpnpm-lock.yaml
.Other Changes
files
field in thepackage.json
, only the files that are listed in it will be deployed. The same logic is applied when injecting packages. This behaviour can be changed by setting thedeploy-all-files
setting totrue
(Related issue #5911).Migration Instructions
Before updating pnpm to v8 in your CI, regenerate your
pnpm-lock.yaml
. To upgrade your lockfile, runpnpm install
and commit the changes. Existing dependencies will not be updated; however, due to configuration changes in pnpm v8, some missing peer dependencies may be added to the lockfile and some packages may get deduplicated.You can commit the new lockfile even before upgrading Node.js in the CI, as pnpm v7 already supports the new lockfile format.
pnpm v7 Support
pnpm v7 will likely not receive any new features, but it will continue to get bug fixes for a few months and vulnerability fixes for at least a year.
Our Gold Sponsors
Our Silver Sponsors
v7.30.5
Compare Source
Patch Changes
pnpm audit
should work even if there are nopackage.json
file, just apnpm-lock.yaml
file.dedupe-peer-dependents
istrue
#6154.Our Gold Sponsors
Our Silver Sponsors
v7.30.4
Compare Source
v7.30.3
Compare Source
Patch Changes
Our Gold Sponsors
Our Silver Sponsors
v7.30.2
Compare Source
v7.30.1
Compare Source
Patch Changes
pnpm-lock.yaml
file if it has no changes andpnpm install --frozen-lockfile
was executed #6158.git+ssh
that use semver selectors #6239.pnpm audit
output #6203Our Gold Sponsors
Our Silver Sponsors
v7.30.0
Compare Source
Minor Changes
patches-dir
setting #6215Patch Changes
Our Gold Sponsors
Our Silver Sponsors
v7.29.3
Compare Source
Patch Changes
node_modules/.pnpm/node_modules
directory through theNODE_PATH
env variable, then the command's ownnode_modules
directory #5176.extend-node-path
is set back totrue
by default. It was set tofalse
in v7.29.2 in order to fix issues with multiple versions of Jest in one workspace. It has caused other issues, so now we keep extendingNODE_PATH
. We have fixed the Jest issue with a different solution #6213.Our Gold Sponsors
Our Silver Sponsors
v7.29.2
Compare Source
v7.29.1
Compare Source
Patch Changes
Our Gold Sponsors
Our Silver Sponsors
v7.29.0
Compare Source
Minor Changes
A new setting is now supported:
dedupe-peer-dependents
.When this setting is set to
true
, packages with peer dependencies will be deduplicated after peers resolution.For instance, let's say we have a workspace with two projects and both of them have
webpack
in their dependencies.webpack
hasesbuild
in its optional peer dependencies, and one of the projects hasesbuild
in its dependencies. In this case, pnpm will link two instances ofwebpack
to thenode_modules/.pnpm
directory: one withesbuild
and another one without it:This makes sense because
webpack
is used in two projects, and one of the projects doesn't haveesbuild
, so the two projects cannot share the same instance ofwebpack
. However, this is not what most developers expect, especially since in a hoistednode_modules
, there would only be one instance ofwebpack
. Therefore, you may now use thededupe-peer-dependents
setting to deduplicatewebpack
when it has no conflicting peer dependencies (explanation at the end). In this case, if we setdedupe-peer-dependents
totrue
, both projects will use the samewebpack
instance, which is the one that hasesbuild
resolved:What are conflicting peer dependencies? By conflicting peer dependencies we mean a scenario like the following one:
In this case, we cannot dedupe
webpack
aswebpack
hasreact
in its peer dependencies andreact
is resolved from two different versions in the context of the two projects.Patch Changes
The configuration added by
pnpm setup
should check if the pnpm home directory is already in the PATH before adding to the PATH.Before this change, this code was added to the shell:
Now this will be added:
Add
skipped
status in exec report summary when script is missing #6139.pnpm env -g
should fail with a meaningful error message if pnpm cannot find the pnpm home directory, which is the directory into which Node.js is installed.Should not throw an error when local dependency use file protocol #6115.
Fix the incorrect error block when subproject has been patched #6183
Our Gold Sponsors
Our Silver Sponsors
Configuration
📅 Schedule: Branch creation - "before 3am on the first day of the month" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.