Skip to content

chore(deps): bump pnpm from 7.32.5 to 8.6.0 #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): bump pnpm from 7.32.5 to 8.6.0 #17

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github May 30, 2023

Bumps pnpm from 7.32.5 to 8.6.0.

Release notes

Sourced from pnpm's releases.

v8.6.0

Minor Changes

  • Some settings influence the structure of the lockfile, so we cannot reuse the lockfile if those settings change. As a result, we need to store such settings in the lockfile. This way we will know with which settings the lockfile has been created.

    A new field will now be present in the lockfile: settings. It will store the values of two settings: autoInstallPeers and excludeLinksFromLockfile. If someone tries to perform a frozen-lockfile installation and their active settings don't match the ones in the lockfile, then an error message will be thrown.

    The lockfile format version is bumped from v6.0 to v6.1.

    Related PR: #6557 Related issue: #6312

  • A new setting, exclude-links-from-lockfile, is now supported. When enabled, specifiers of local linked dependencies won't be duplicated in the lockfile.

    This setting was primarily added for use by Bit CLI, which links core aspects to node_modules from external directories. As such, the locations may vary across different machines, resulting in the generation of lockfiles with differing locations.

Patch Changes

  • Don't print "Lockfile is up-to-date" message before finishing all the lockfile checks #6544.
  • When updating dependencies, preserve the range prefix in aliased dependencies. So npm:foo@1.0.0 becomes npm:foo@1.1.0.
  • Print a meaningful error when a project referenced by the workspace: protocol is not found in the workspace #4477.
  • pnpm rebuild should not fail when node-linker is set to hoisted and there are skipped optional dependencies #6553.
  • Peers resolution should not fail when a linked in dependency resolves a peer dependency.
  • Build projects in a workspace in correct order #6568.

Our Gold Sponsors

... (truncated)

Commits
  • f0817fa chore(release): 8.6.0
  • e605226 fix: error message when package is not found in workspace (#6598)
  • a9e0b7c fix: update should not add peer deps to deps
  • 4fc4978 fix(update): preserve the range prefix in aliased deps
  • 04a2798 fix: should respect ignore patterns in updateConfig.ignoreDependencies (#6590)
  • ce61f8d test: improvements
  • a53ef4d fix: don't print that lockfile is up to date when it is not (#6574)
  • 78e8392 fix: add --json option in pnpm config --help command (#6571)
  • 301b8e2 feat: excludeLinksFromLockfile (#6570)
  • 9c4ae87 feat: include some settings as fields in the lockfile (#6557)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump pnpm from 7.32.5 to 8.6.0
07ffe90 
Bumps [pnpm](https://github.com/pnpm/pnpm) from 7.32.5 to 8.6.0.
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Commits](pnpm/pnpm@v7.32.5...v8.6.0)

---
updated-dependencies:
- dependency-name: pnpm
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 30, 2023
@dependabot dependabot bot mentioned this pull request May 30, 2023
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jun 6, 2023

Superseded by #18.

@dependabot dependabot bot closed this Jun 6, 2023
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/pnpm-8.6.0 branch June 6, 2023 00:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants