Skip to content

Bump the pnpm-dependencies group across 1 directory with 2 updates#55

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn/helpers/pnpm-dependencies-0049972bac
Closed

Bump the pnpm-dependencies group across 1 directory with 2 updates#55
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn/helpers/pnpm-dependencies-0049972bac

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Jan 5, 2025
edited
Loading

Bumps the pnpm-dependencies group with 2 updates in the /npm_and_yarn/helpers directory: @pnpm/lockfile-file and @pnpm/dependency-path.

Updates @pnpm/lockfile-file from 9.0.5 to 9.1.3

Release notes

Sourced from @​pnpm/lockfile-file's releases.

v9.1.3

Patch Changes

  • Fix a bug in which a dependency that is both optional for one package but non-optional for another is omitted when optional=false #8066.
  • Clear resolution cache before starting peer dependencies resolution #8109.
  • Reduce memory usage by peer dependencies resolution #8072.

Platinum Sponsors

Gold Sponsors

... (truncated)

Commits
  • 1e209e0 chore(release): 9.1.3
  • 2988e25 chore(release): libs
  • 81d90c9 fix: reduce memory usage by using numbers for Node IDs (#8135)
  • 006f4c8 refactor: type checking perf (#8132)
  • ee70ccb docs: update the dynamic image of the download trend (#8134)
  • 27c33f0 fix: dependencies that are not only optional should be installed when optiona...
  • 04eb86a test: fix
  • 838b7f0 chore(release): libs
  • 0c08e1c fix: clear metadata cache after resolution is finished (#8109)
  • 355ccd1 chore(release): libs
  • Additional commits viewable in compare view

Updates @pnpm/dependency-path from 4.0.0 to 1000.0.1

Release notes

Sourced from @​pnpm/dependency-path's releases.

pnpm 10.0 RC 3

Major Changes

  • Lifecycle scripts of dependencies are not executed during installation by default! This is a breaking change aimed at increasing security. In order to allow lifecycle scripts of specific dependencies, they should be listed in the pnpm.onlyBuiltDependencies field of package.json #8897. For example:

    {
  "pnpm": {
    "onlyBuiltDependencies": ["fsevents"]
  }
}

  • pnpm link behavior updated:

    The pnpm link command now adds overrides to the root package.json.

    • In a workspace: The override is added to the root of the workspace, linking the dependency to all projects in the workspace.
    • Global linking: To link a package globally, run pnpm link from the package’s directory. Previously, you needed to use pnpm link -g. Related PR: #8653

  • Secure hashing with SHA256:

    Various hashing algorithms have been updated to SHA256 for enhanced security and consistency:

    • Long paths inside node_modules/.pnpm are now hashed with SHA256.
    • Long peer dependency hashes in the lockfile now use SHA256 instead of MD5. (This affects very few users since these are only used for long keys.)
    • The hash stored in the packageExtensionsChecksum field of pnpm-lock.yaml is now SHA256.
    • The side effects cache keys now use SHA256.
    • The pnpmfile checksum in the lockfile now uses SHA256 (#8530).

  • Configuration updates:

    • manage-package-manager-versions: enabled by default. pnpm now manages its own version based on the packageManager field in package.json by default.

    • public-hoist-pattern: nothing is hoisted by default. Packages containing eslint or prettier in their name are no longer hoisted to the root of node_modules. Related Issue: #8378

    • Upgraded @yarnpkg/extensions to v2.0.3. This may alter your lockfile.

    • virtual-store-dir-max-length: the default value on Windows has been reduced to 60 characters.

    • Reduced environment variables for scripts: During script execution, fewer npm_package_* environment variables are set. Only name, version, bin, engines, and config remain. Related Issue: #8552

    • All dependencies are now installed even if NODE_ENV=production. Related Issue: #8827

  • Changes to the global store:

    • Store version bumped to v10.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the pnpm-dependencies group across 1 directory with 2 updates
e50b37d 
Bumps the pnpm-dependencies group with 2 updates in the /npm_and_yarn/helpers directory: [@pnpm/lockfile-file](https://github.com/pnpm/pnpm) and [@pnpm/dependency-path](https://github.com/pnpm/pnpm).


Updates `@pnpm/lockfile-file` from 9.0.5 to 9.1.3
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Commits](pnpm/pnpm@v9.0.5...v9.1.3)

Updates `@pnpm/dependency-path` from 4.0.0 to 1000.0.1
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Commits](https://github.com/pnpm/pnpm/commits)

---
updated-dependencies:
- dependency-name: "@pnpm/lockfile-file"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pnpm-dependencies
- dependency-name: "@pnpm/dependency-path"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pnpm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 5, 2025
@dependabot dependabot Bot mentioned this pull request Jan 5, 2025
Closed
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Feb 2, 2025

Superseded by #79.

@dependabot dependabot Bot closed this Feb 2, 2025
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn/helpers/pnpm-dependencies-0049972bac branch February 2, 2025 16:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code L: javascript

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants