chore(deps): update pnpm to v6.32.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	6.24.0 -> 6.32.1

---

Release Notes

pnpm/pnpm

v6.32.1

Compare Source

v6.32.0

Minor Changes

• A new setting is supported in the pnpm section of the package.json file #​4001. onlyBuiltDependencies is an array of package names that are allowed to be executed during installation. If this field exists, only mentioned packages will be able to run install scripts.

  {
    "pnpm": {
      "onlyBuiltDependencies": ["fsevents"]
    }
  }

• -F is a short alias of --filter #​3467.

• When adding a new dependency, use the version specifier from the overrides, when present #​4313.

  Normally, if the latest version of foo is 2.0.0, then pnpm add foo installs foo@^2.0.0. This behavior changes if foo is specified in an override:

  {
    "pnpm": {
      "overrides": {
        "foo": "1.0.0"
      }
    }
  }

  In this case, pnpm add foo will add foo@1.0.0 to the dependency. However, if a version is explicitly specifying, then the specified version will be used and the override will be ignored. So pnpm add foo@0 will install v0 and it doesn't matter what is in the overrides.

Patch Changes

• Ignore case, when verifying package name in the store #​4367.
• When a peer dependency range is extended with *, just replace any range with *.
• When some dependency types are skipped, let the user know via the installation summary.

Full Changelog: pnpm/pnpm@v6.31.0...v6.32.0

v6.31.0

Compare Source

Minor Changes

• Added --shell-mode/-c option support to pnpm exec #​4328

  • --shell-mode: shell interpreter. See: https://github.com/sindresorhus/execa/tree/484f28de7c35da5150155e7a523cbb20de161a4f#shell

  Usage example:

  pnpm -r --shell-mode exec -- echo \"\$PNPM_PACKAGE_NAME\"
  pnpm -r -c exec -- echo \"\$PNPM_PACKAGE_NAME\"

  {
    "scripts": {
      "check": " pnpm -r --shell-mode exec -- echo \"\\$PNPM_PACKAGE_NAME\""
    }
  }

Patch Changes

• Remove meaningless keys from publishConfig when the pack or publish commands are used #​4311
• The pnpx, pnpm dlx, pnpm create, and pnpm exec commands should set the npm_config_user_agent env variable #​3985.

What's Changed

• fix: the dlx and create commands should set npm_config_user_agent by @​zkochan in https://github.com/pnpm/pnpm/pull/4317
• refactor(publish): remove meaningless key in publishConfig by @​BlackHole1 in https://github.com/pnpm/pnpm/pull/4334
• feat(exec): support shell interpreter by @​BlackHole1 in https://github.com/pnpm/pnpm/pull/4328

New Contributors

• @​BlackHole1 made their first contribution in https://github.com/pnpm/pnpm/pull/4334

Full Changelog: pnpm/pnpm@v6.30.1...v6.31.0

v6.30.1

Compare Source

Patch Changes

• This fixes an issue introduced in pnpm v6.30.0.

  When a package is not linked to node_modules, no info message should be printed about it being "relinked" from the store #​4314.

v6.30.0

Compare Source

Minor Changes

• When checking that a package is linked from the store, check the existence of the package and read its stats with a single filesystem operation #​4304.

v6.29.2

Compare Source

Patch Changes

• node_modules directories inside injected dependencies should not be overwritten #​4299.

v6.29.1

Compare Source

Patch Changes

• Installation should not hang when there are broken symlinks in node_modules.

v6.29.0

Compare Source

Minor Changes

• Add support of the update-notifier configuration option #​4158.

Patch Changes

• A package should be able to be a dependency of itself.

v6.28.0

Compare Source

Minor Changes

• New option added: embed-readme. When false, pnpm publish doesn't save the readme file's content to package.json before publish #​4265.

Patch Changes

• pnpm exec should look for the executed command in the node_modules/.bin directory that is relative to the current working directory. Only after that should it look for the executable in the workspace root.
• Injected dependencies should work properly in projects that use the hoisted node linker #​4259.

v6.27.2

Compare Source

v6.27.1

Compare Source

Patch Changes

• peerDependencyRules should work when both overrides and packageExtensions are present as well #​4255.
• pnpm list should show information whether a package is private or not #​4246.

v6.27.0

Compare Source

Minor Changes

• Side effects cache is not an experimental feature anymore.

  Side effects cache is saved separately for packages with different dependencies. So if foo has bar in the dependencies, then a separate cache will be created each time foo is installed with a different version of bar #​4238.

Patch Changes

• Update command should work when there is a dependency with emty version in devDependencies #​4196.
• Side effects cache should work in a workspace.

v6.26.1

Compare Source

Patch Changes

• During installation, override any symlinks in node_modules. This was an issue only with node-linker=hoisted #​4229.
• Print warnings about deprecated subdependencies #​4227.

v6.26.0

Compare Source

Minor Changes

• In order to mute some types of peer dependency warnings, a new section in package.json may be used for declaring peer dependency warning rules. For example, the next configuration will turn off any warnings about missing babel-loader peer dependency and about @angular/common, when the wanted version of @angular/common is not v13.

  {
    "name": "foo",
    "version": "0.0.0",
    "pnpm": {
      "peerDependencyRules": {
        "ignoreMissing": ["babel-loader"],
        "allowedVersions": {
          "@​angular/common": "13"
        }
      }
    }
  }

• New setting supported: auto-install-peers. When it is set to true, pnpm add <pkg> automatically installs any missing peer dependencies as devDependencies #​4213.

v6.25.1

Compare Source

Patch Changes

• Run the install scripts of hoisted dependencies in a workspace with no root project #​4209.

v6.25.0

Compare Source

Minor Changes

• New installation mode added that creates a flat node_modules directory without the usage of symlinks. This is similar to the one created by npm and Yarn Classic.

  To use this new installation mode, set the node-linker setting to hoisted. These are the supported values of node-linker:

  • isolated - the default value.
  • hoisted - flat node_modules without symlinks.
  • pnp - no node_modules. Yarn's Plug'n'Play managed by pnpm.

  Related issue: #​4073

• Add support for token helper, a command line tool to obtain a token.

  A token helper is an executable, set in the user's .npmrc which outputs an auth token. This can be used in situations where the authToken is not a constant value, but is something that refreshes regularly, where a script or other tool can use an existing refresh token to obtain a new access token.

  The configuration for the path to the helper must be an absolute path, with no arguments. In order to be secure, it is only permitted to set this value in the user .npmrc, otherwise a project could place a value in a project local .npmrc and run arbitrary executables.

  Usage example:

  ; Setting a token helper for the default registry
  tokenHelper=/home/ivan/token-generator
  
  ; Setting a token helper for the specified registry
  //registry.corp.com:tokenHelper=/home/ivan/token-generator

  Related PRs:

  • pnpm/credentials-by-uri#​2
  • #​4163

• New CLI option: --ignore-workspace. When used, pnpm ignores any workspace configuration found in the current or parent directories.

• If use-beta-cli is true, then don't set npm_config_argv env variable for scripts #​4175.

v6.24.4

Compare Source

Patch Changes

• Don't throw an error during install when the bin of a dependency points to a path that doesn't exist #​3763.

• When reporting unmet peer dependency issues, if the peer dependency is resolved not from a dependency installed by the user, then print the name of the parent package that has the bad peer dependency installed as a dependency.

  

• Injected subdependencies should be hard linked as well. So if button is injected into card and card is injected into page, then both button and card should be injected into page #​4167.

v6.24.3

Compare Source

Patch Changes

• Install with --frozen-lockfile should not fail when the project has injected dependencies and a dedicated lockfile #​4098.

v6.24.2

Compare Source

Patch Changes

• If pnpm previously failed to install node when the use-node-version option is set, that download and install will now be re-attempted when pnpm is ran again #​4104.

• Don't warn about unmet peer dependency when the peer is resolved from a prerelease version #​4144.

  For instance, if a project has react@* as a peer dependency, then react 16.0.0-rc.0 should not cause a warning.

• pnpm update pkg should not fail if pkg not found as a direct dependency, unless --depth=0 is passed as a CLI option #​4122.

• When printing peer dependency issues, print the "*" range in double quotes. This will make it easier to copy the package resolutions and put them to the end of a pnpm add command for execution.

v6.24.1

Compare Source

Patch Changes

• If making an intersection of peer dependency ranges does not succeed, install should not crash #​4134.
• A new line should be between the summary about conflicting peers and non-conflicting ones.
• Always return an error message when the preparation of a package fails.
• pnpm publish should add the content of the README.md file to the readme field of the published package's package.json files #​4117.
• pnpm publish should work with the --otp option #​4115.

---

Configuration

📅 Schedule: "before 3am on the first day of the month" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.