chore(deps): update dependency pnpm to v6.35.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pnpm (source)	6.28.0 → 6.35.1

---

Release Notes

pnpm/pnpm (pnpm)

v6.35.1

Compare Source

Patch Changes

• Replace environment variable placeholders with their values, when reading .npmrc files in subdirectories inside a workspace #​2570.
• Don't fail if cannot override the name field of the error object #​5572.

v6.35.0

Compare Source

Patch Changes

• Installing a package with bin that points to an .exe file on Windows #​5159.

• Ignore the always-auth setting.

  pnpm will never reuse the registry auth token for requesting the package tarball, if the package tarball is hosted on a different domain.

  So, for example, if your registry is at https://company.registry.com/ but the tarballs are hosted at https://tarballs.com/, then you will have to configure the auth token for both domains in your .npmrc:

  @​my-company:registry=https://company.registry.com/
  //company.registry.com/=SOME_AUTH_TOKEN
  //tarballs.com/=SOME_AUTH_TOKEN
  

• When an error happens during installation of a subdependency, print some context information in order to be able to locate that subdependency. Print the exact chain of packages that led to the problematic dependency.

v6.34.0

Compare Source

Minor Changes

• When ignore-compatibility-db is set to true, the compatibility database will not be used to patch dependencies #​5132.

Full Changelog: pnpm/pnpm@v6.33.1...v6.34.0

v6.33.1

Compare Source

Patch Changes

• Don't print any info messages about .pnpmfile.cjs #​5027.
• Do not print a package with unchanged version in the installation summary #​5032.
• Remove file reporter logging. Logged file is not useful #​4949.

v6.33.0

Compare Source

v6.32.25

Compare Source

Patch Changes

• pnpm audit --fix should not add an override for a vulnerable package that has no fixes released.
• Resolve native workspace path for case-insensitive file systems #​4904.
• pnpm env use should throw an error on a system that use the MUSL libc.

v6.32.24

Compare Source

Patch Changes

• Don't crash when pnpm update --interactive is cancelled with Ctrl+c.

• The use-node-version setting should work with prerelease Node.js versions. For instance:

  use-node-version=18.0.0-rc.3
  

v6.32.23

Compare Source

Patch Changes

• Packages that should be built are always cloned or copied from the store. This is required to prevent the postinstall scripts from modifying the original source files of the package #​4898.

v6.32.22

Compare Source

Patch Changes

• Don't fail when the cafile setting is specified #​4877. This fixes a regression introduced in pnpm v6.32.21.
• Add better hints to the peer dependency issue errors.

v6.32.21

Compare Source

Patch Changes

• Report only the first occurence of a deprecated package.

v6.32.20

Compare Source

Patch Changes

• Suggest to update using Corepack when pnpm was installed via Corepack.
• It should be possible to install a git-hosted package that has no package.json file #​4822.
• When the same package is found several times in the dependency graph, correctly autoinstall its missing peer dependencies at all times #​4820.

v6.32.19

Compare Source

Patch Changes

• Improve the performance of the build sequence calculation step #​4815.
• Correctly detect repeated dependency sequence during resolution #​4813.

v6.32.18

Compare Source

Patch Changes

• Don't fail on projects with linked dependencies, when auto-install-peers is set to true #​4796.
• NODE_ENV=production pnpm install --dev should only install dev deps #​4745.

Full Changelog: pnpm/pnpm@v6.32.17...v6.32.18

v6.32.17

Compare Source

Patch Changes

• Correctly detect the active Node.js version, when the pnpm CLI is bundled to an executable #​4203.

v6.32.16

Compare Source

Patch Changes

• When auto-install-peers is set to true, automatically install missing peer dependencies without writing them to package.json as dependencies. This makes pnpm handle peer dependencies the same way as npm v7 #​4776.

v6.32.15

Compare Source

Patch Changes

• Don't fail to create the command shim files if the target directory doesn't exist.
• pnpm setup should not fail on Windows if PNPM_HOME is not yet in the system registry #​4757
• pnpm dlx shouldn't modify the lockfile in the current working directory #​4743.

v6.32.14

Compare Source

Patch Changes

• Sanitize the directory names created inside node_modules/.pnpm and inside the global store #​4716
• Resolve commits from GitHub via https #​4734.

Full Changelog: pnpm/pnpm@v6.32.13...v6.32.14

v6.32.13

Compare Source

Patch Changes

• pnpm setup should update the config of the current shell, not the preferred shell.
• pnpm dlx should work with git-hosted packages. For example: pnpm dlx gengjiawen/envinfo #​4714.
• pnpm setup should not override the PNPM_HOME env variable on Windows, unless --force is used.
• All arguments after pnpm create <pkg> should be passed to the executed create app package. So pnpm create next-app --typescript should work`.
• pnpm run --stream should prefix the output with directory #​4702

Full Changelog: pnpm/pnpm@v6.32.12...v6.32.13

v6.32.12

Compare Source

Patch Changes

• Use Yarn's compatibility database to patch broken packages in the ecosystem with package extensions.
• pnpm dlx should work when the bin name of the executed package isn't the same as the package name #​4672.
• pnpm prune works in a workspace #​4647.
• pnpm prune does not remove hoisted dependencies.
• pnpm dlx should print messages about installation to stderr #​1698.

v6.32.11

Compare Source

Patch Changes

• pnpm publish should work correctly in a workspace, when the latest npm CLI is installed #​4348.
• Installation shouldn't fail when a package from node_modules is moved to the node_modules/.ignored subfolder and a package with that name is already present in `node_modules/.ignored' #​4626.

v6.32.10

Compare Source

Patch Changes

• It should be possible to use a chain of local file dependencies #​4611.
• Filtering by directory should work with directories that have unicode chars in the name #​4595.

v6.32.9

Compare Source

Patch Changes

• Fix an error with peer resolutions, which was happening when there was a circular dependency and another dependency that had the name of the circular dependency as a substring.

• When pnpm exec is running a command in a workspace project, the commands that are in the dependencies of that workspace project should be in the PATH #​4481.

• Hide "WARN deprecated" messages on loglevel error #​4507

  Don't show the progress bar when loglevel is set to warn or error.

v6.32.8

Compare Source

Patch Changes

• Don't check the integrity of the store with the package version from the lockfile, when the package was updated #​4580.
• Don't update a direct dependency that has the same name as a dependency in the workspace, when adding a new dependency to a workspace project #​4575.

v6.32.7

Compare Source

Patch Changes

• Setting the auto-install-peers to true should work.

v6.32.6

Compare Source

Patch Changes

• Linked in dependencies should be considered when resolving peer dependencies #​4541.
• Peer dependency should be correctly resolved from the workspace, when it is declared using a workspace protocol #​4529.

v6.32.5

Compare Source

Patch Changes

• dependenciesMeta should be saved into the lockfile, when it is added to the package manifest by a hook.

v6.32.4

Compare Source

Patch Changes

• Show a friendly error message when it is impossible to get the current Git branch name during publish #​4488.
• When checking if the lockfile is up-to-date, an empty dependenciesMeta field in the manifest should be satisfied by a not set field in the lockfile #​4463.
• It should be possible to reference a workspace project that has no version specified in its package.json #​4487.

v6.32.3

Compare Source

Patch Changes

• 4941f31: The location of an injected directory dependency should be correctly located, when there is a chain of local dependencies (declared via the file: protocol`).

  The next scenario was not working prior to the fix. There are 3 projects in the same folder: foo, bar, qar.

  foo/package.json:

  {
    "name": "foo",
    "dependencies": {
      "bar": "file:../bar"
    },
    "dependenciesMeta": {
      "bar": {
        "injected": true
      }
    }
  }

  bar/package.json:

  {
    "name": "bar",
    "dependencies": {
      "qar": "file:../qar"
    },
    "dependenciesMeta": {
      "qar": {
        "injected": true
      }
    }
  }

  qar/package.json:

  {
    "name": "qar"
  }

  Related PR: #​4415.

v6.32.2

Compare Source

Patch Changes

• In order to guarantee that only correct data is written to the store, data from the lockfile should not be written to the store. Only data directly from the package tarball or package metadata #​4395.
• Throw a meaningful error message on pnpm install when the lockfile is broken and node-linker is set to hoisted #​4387.

v6.32.1

Compare Source

Patch Changes

• pnpm publish should work correctly in a workspace, when the latest npm CLI is installed #​4348.
• Installation shouldn't fail when a package from node_modules is moved to the node_modules/.ignored subfolder and a package with that name is already present in `node_modules/.ignored' #​4626.

v6.32.0

Compare Source

Minor Changes

• A new setting is supported in the pnpm section of the package.json file #​4001. onlyBuiltDependencies is an array of package names that are allowed to be executed during installation. If this field exists, only mentioned packages will be able to run install scripts.

  {
    "pnpm": {
      "onlyBuiltDependencies": ["fsevents"]
    }
  }

• -F is a short alias of --filter #​3467.

• When adding a new dependency, use the version specifier from the overrides, when present #​4313.

  Normally, if the latest version of foo is 2.0.0, then pnpm add foo installs foo@^2.0.0. This behavior changes if foo is specified in an override:

  {
    "pnpm": {
      "overrides": {
        "foo": "1.0.0"
      }
    }
  }

  In this case, pnpm add foo will add foo@1.0.0 to the dependency. However, if a version is explicitly specifying, then the specified version will be used and the override will be ignored. So pnpm add foo@0 will install v0 and it doesn't matter what is in the overrides.

Patch Changes

• Ignore case, when verifying package name in the store #​4367.
• When a peer dependency range is extended with *, just replace any range with *.
• When some dependency types are skipped, let the user know via the installation summary.

v6.31.0

Compare Source

Minor Changes

• Added --shell-mode/-c option support to pnpm exec #​4328

  • --shell-mode: shell interpreter. See: https://github.com/sindresorhus/execa/tree/484f28de7c35da5150155e7a523cbb20de161a4f#shell

  Usage example:

  pnpm -r --shell-mode exec -- echo \"\$PNPM_PACKAGE_NAME\"
  pnpm -r -c exec -- echo \"\$PNPM_PACKAGE_NAME\"

  {
    "scripts": {
      "check": " pnpm -r --shell-mode exec -- echo \"\\$PNPM_PACKAGE_NAME\""
    }
  }

Patch Changes

• Remove meaningless keys from publishConfig when the pack or publish commands are used #​4311
• The pnpx, pnpm dlx, pnpm create, and pnpm exec commands should set the npm_config_user_agent env variable #​3985.

v6.30.1

Compare Source

Patch Changes

• This fixes an issue introduced in pnpm v6.30.0.

  When a package is not linked to node_modules, no info message should be printed about it being "relinked" from the store #​4314.

v6.30.0

Compare Source

Minor Changes

• When checking that a package is linked from the store, check the existence of the package and read its stats with a single filesystem operation #​4304.

v6.29.2

Compare Source

Patch Changes

• node_modules directories inside injected dependencies should not be overwritten #​4299.

v6.29.1

Compare Source

Patch Changes

• Installation should not hang when there are broken symlinks in node_modules.

v6.29.0

Compare Source

Minor Changes

• Add support of the update-notifier configuration option #​4158.

Patch Changes

• A package should be able to be a dependency of itself.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.