diff --git a/.changeset-released/main.txt b/.changeset-released/main.txt index 1e130923ce..2e0a2c3458 100644 --- a/.changeset-released/main.txt +++ b/.changeset-released/main.txt @@ -1,19 +1,32 @@ +batch-publish-single-request catalog-range-spec-update-crash clean-package-manager-registries clever-rocks-listen clever-warnings-guide +contain-hoisted-dependency-aliases deps-status-no-manifest destroy-windows-dispatchers +deterministic-shared-children-resolution dollar-overrides-deprecation fast-repeat-install-restores-lockfile fix-concurrent-import-partial-pkg fix-config-globalconfig +fix-interactive-prompt-summary +fix-patch-remove-containment +fix-publish-strict-ssl +fix-windows-recursive-undefined-manifest +frozen-store fuzzy-color-flags +git-tarball-path-in-lockfile gvs-rebuild-native-deps gvs-toggle-detection +hot-schools-speak +locked-peer-pin-no-sibling-leak lockfile-verification-cached-message loose-meteors-travel pacquet-install-engine-identity +pacquet-resolving-install-delegation +parallel-lockfile-verification pnpr-client-ndjson-resolve pnpr-forward-credentials pnpr-forward-optional-deps @@ -21,17 +34,26 @@ pnpr-inline-only-access pnpr-lockfile-only pnpr-resolve-only prefer-locked-peer-contexts +preserve-user-npm-config-vars quick-registries-env-auth quiet-peers-settle raise-default-network-concurrency rename-agent-to-pnpr-server runtime-not-cataloged +scoped-registry-auth +setup-skip-exe-build-scripts sharp-registry-env-placeholders short-lamps-relax +slow-windows-lockfile-streams spicy-pots-wonder +spotty-citrus-fix stale-stage-tarballs store-discl strange-bin-segments +sweet-groups-float tarball-url-binding tough-allow-builds-identities +update-dependency-ranges +update-zkochan-cmd-shim verify-node-runtime-shasums +windows-error-exit-pidtree diff --git a/.changeset/batch-publish-single-request.md b/.changeset/batch-publish-single-request.md deleted file mode 100644 index 0fae31344c..0000000000 --- a/.changeset/batch-publish-single-request.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@pnpm/releasing.commands": minor -"pnpm": minor ---- - -Added a new opt-in `--batch` flag to `pnpm publish --recursive` that sends all selected packages to the registry in a single `PUT /-/pnpm/v1/publish` request instead of one request per package. The target registry has to implement the batch publish endpoint (pnpr does); registries that don't are reported with a clear `ERR_PNPM_BATCH_PUBLISH_UNSUPPORTED` error. The batch is processed all-or-nothing by pnpr: if any package in the batch fails validation, none of the packages are published. diff --git a/.changeset/contain-hoisted-dependency-aliases.md b/.changeset/contain-hoisted-dependency-aliases.md deleted file mode 100644 index 035e156d63..0000000000 --- a/.changeset/contain-hoisted-dependency-aliases.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -"@pnpm/fs.symlink-dependency": patch -"@pnpm/installing.deps-resolver": patch -"@pnpm/installing.deps-installer": patch -"@pnpm/installing.deps-restorer": patch -"pnpm": patch ---- - -Reject path-traversal and reserved dependency aliases (such as `../../../escape`, `.bin`, `.pnpm`, or `node_modules`) that come from a lockfile rather than a freshly resolved manifest. A crafted lockfile alias could otherwise be joined directly under a hoisted `node_modules` directory, letting package files be written outside the intended install root or overwrite pnpm-owned layout. - -The fix adds two layers: - -- The `nodeLinker: hoisted` graph builder now validates each alias at the directory sink (`safeJoinModulesDir`), matching the validation pnpm already performs when resolving aliases from manifests. -- The lockfile verification gate (`verifyLockfileResolutions`) now runs an always-on, policy-independent check that rejects any importer or snapshot dependency alias that is not a valid package name, failing the install early — before any fetch or filesystem work — for every node linker at once. diff --git a/.changeset/deterministic-shared-children-resolution.md b/.changeset/deterministic-shared-children-resolution.md deleted file mode 100644 index a4c026c96a..0000000000 --- a/.changeset/deterministic-shared-children-resolution.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@pnpm/installing.deps-resolver": patch -"pnpm": patch ---- - -Made shared package child resolution deterministic when the same package is reached through multiple contexts. pnpm now chooses the shallowest occurrence, then importer order, then parent path, instead of letting request timing decide the child context and missing-peer report [pnpm/pnpm#12358](https://github.com/pnpm/pnpm/issues/12358). diff --git a/.changeset/fix-interactive-prompt-summary.md b/.changeset/fix-interactive-prompt-summary.md deleted file mode 100644 index c0760084af..0000000000 --- a/.changeset/fix-interactive-prompt-summary.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -"@pnpm/installing.commands": patch -"@pnpm/deps.compliance.commands": patch -"pnpm": patch ---- - -Fix garbled summary line after submitting `pnpm update -i` and `pnpm audit --fix -i`. The interactive checkbox prompt previously printed every selected choice's full table row (label, current/target versions, workspace, URL) joined by commas, producing a wall of text after pressing Enter. The summary now lists only the selected package names (or vulnerability keys) by setting an explicit `short` per choice; the in-progress selection UI is unchanged. diff --git a/.changeset/fix-patch-remove-containment.md b/.changeset/fix-patch-remove-containment.md deleted file mode 100644 index e288b12ca6..0000000000 --- a/.changeset/fix-patch-remove-containment.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@pnpm/patching.commands": patch -"pnpm": patch ---- - -Prevent `pnpm patch-remove` from removing files outside the configured patches directory. diff --git a/.changeset/fix-publish-strict-ssl.md b/.changeset/fix-publish-strict-ssl.md deleted file mode 100644 index 7ea7a4047e..0000000000 --- a/.changeset/fix-publish-strict-ssl.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@pnpm/releasing.commands": patch -"pnpm": patch ---- - -Fixed `pnpm publish` ignoring `strictSsl: false` when publishing to registries with self-signed certificates. The `strictSSL` option is now forwarded to `libnpmpublish` / `npm-registry-fetch` so that `strict-ssl=false` in `.npmrc` or `strictSsl: false` in `pnpm-workspace.yaml` is respected during publish, the same way it is for `pnpm install` [pnpm/pnpm#12012](https://github.com/pnpm/pnpm/issues/12012). diff --git a/.changeset/fix-windows-recursive-undefined-manifest.md b/.changeset/fix-windows-recursive-undefined-manifest.md deleted file mode 100644 index f1bbb5b4b3..0000000000 --- a/.changeset/fix-windows-recursive-undefined-manifest.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@pnpm/installing.commands": patch -"pnpm": patch ---- - -Fixed `Cannot destructure property 'manifest' of 'manifestsByPath[rootDir]' as it is undefined` regression introduced in 11.6.0 when running `pnpm add ` outside a workspace on Windows. `selectProjectByDir` was keying the resulting `ProjectsGraph` by `opts.dir` instead of `project.rootDir`, so downstream `manifestsByPath` lookups missed when the two paths normalized differently (typically drive-letter casing). [pnpm/pnpm#12379](https://github.com/pnpm/pnpm/issues/12379) diff --git a/.changeset/frozen-store.md b/.changeset/frozen-store.md deleted file mode 100644 index dd85a9fe44..0000000000 --- a/.changeset/frozen-store.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -"@pnpm/config.reader": minor -"@pnpm/store.index": minor -"@pnpm/store.controller": minor -"@pnpm/store.connection-manager": minor -"@pnpm/building.after-install": patch -"@pnpm/building.during-install": patch -"@pnpm/bins.linker": patch -"@pnpm/resolving.npm-resolver": patch -"@pnpm/worker": minor -"@pnpm/installing.package-requester": minor -"@pnpm/installing.context": patch -"@pnpm/installing.deps-installer": minor -"@pnpm/installing.commands": minor -"pnpm": minor ---- - -Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. diff --git a/.changeset/git-tarball-path-in-lockfile.md b/.changeset/git-tarball-path-in-lockfile.md deleted file mode 100644 index fa20450747..0000000000 --- a/.changeset/git-tarball-path-in-lockfile.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@pnpm/lockfile.utils": patch -"pnpm": patch ---- - -Git dependencies that point to a subdirectory of a repository (`repo#commit&path:/sub/dir`) keep their `path` in the lockfile again. Since the integrity of git-hosted tarballs started being pinned in the lockfile, any install that actually downloaded the tarball rebuilt the lockfile resolution as `{ integrity, tarball, gitHosted }` and dropped the `path` field, while installs served from the store kept it — so the field disappeared seemingly at random. Without `path`, later installs from that lockfile silently unpacked the repository root instead of the subdirectory [#12304](https://github.com/pnpm/pnpm/issues/12304). diff --git a/.changeset/hot-schools-speak.md b/.changeset/hot-schools-speak.md deleted file mode 100644 index eb9457c2c9..0000000000 --- a/.changeset/hot-schools-speak.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@pnpm/installing.commands": patch ---- - -Added support for the `--trust-lockfile` flag on `pnpm link` diff --git a/.changeset/locked-peer-pin-no-sibling-leak.md b/.changeset/locked-peer-pin-no-sibling-leak.md deleted file mode 100644 index 37c6ab0af8..0000000000 --- a/.changeset/locked-peer-pin-no-sibling-leak.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@pnpm/installing.deps-resolver": patch -"pnpm": patch ---- - -Fixed nondeterministic lockfile output that made `pnpm dedupe --check` fail intermittently in CI. When a locked peer provider was pinned for a dependency that has no child dependencies of its own, the pinned provider leaked into the shared parent scope, so siblings resolved after it could pick up an optional peer they should not see. Which siblings were affected depended on resolution order, which varies with network timing. diff --git a/.changeset/pacquet-resolving-install-delegation.md b/.changeset/pacquet-resolving-install-delegation.md deleted file mode 100644 index deb42476a7..0000000000 --- a/.changeset/pacquet-resolving-install-delegation.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -"@pnpm/installing.commands": minor -"@pnpm/installing.deps-installer": minor -"pnpm": minor ---- - -When [`pacquet`](https://github.com/pnpm/pnpm/tree/main/pacquet) (the Rust port of pnpm) is declared in `configDependencies`, pnpm now delegates dependency **resolution** to it too — not just materialization — provided the installed pacquet is new enough to support full resolving installs (>= 0.11.7). - -Previously pacquet only ran in frozen-install mode: pnpm always resolved the dependency graph itself (writing `pnpm-lock.yaml`) and handed pacquet a finished lockfile to fetch / import / link. With pacquet >= 0.11.7, a non-frozen `pnpm install` (default isolated `nodeLinker`, plain install) is delegated to pacquet end-to-end in a single pass — pacquet resolves the manifests, writes the lockfile, and materializes `node_modules`. pnpm detects the capability from the installed pacquet's version; older pacquet releases keep the resolve-then-materialize split, and `add` / `update` / `remove` still resolve in pnpm (it has to mutate the manifests first). This remains an opt-in preview of the Rust install engine [#11723](https://github.com/pnpm/pnpm/issues/11723). diff --git a/.changeset/parallel-lockfile-verification.md b/.changeset/parallel-lockfile-verification.md deleted file mode 100644 index e2bb556d99..0000000000 --- a/.changeset/parallel-lockfile-verification.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -"@pnpm/installing.deps-installer": patch -"@pnpm/installing.deps-restorer": patch -"pnpm": patch ---- - -Sped up `pnpm install` with a frozen lockfile by running lockfile verification (the policy revalidation gate added for `minimumReleaseAge`/`trustPolicy` and the tarball-URL anti-tamper check) concurrently with fetching and linking instead of blocking the whole install on it. Dependency lifecycle scripts are still held back until verification succeeds, so no script runs on an unverified lockfile: if verification fails the install aborts before any dependency build, and if linking finishes first the install waits for the verification verdict before completing. diff --git a/.changeset/preserve-user-npm-config-vars.md b/.changeset/preserve-user-npm-config-vars.md deleted file mode 100644 index cd4f1a24a7..0000000000 --- a/.changeset/preserve-user-npm-config-vars.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@pnpm/exec.lifecycle": patch -"pnpm": patch ---- - -User-defined `npm_config_*` environment variables are now preserved during lifecycle script execution. Previously, all `npm_`-prefixed env vars were stripped, which caused user-set variables like `npm_config_platform_arch` to be lost [pnpm/pnpm#12399](https://github.com/pnpm/pnpm/issues/12399). diff --git a/.changeset/scoped-registry-auth.md b/.changeset/scoped-registry-auth.md deleted file mode 100644 index 48a0eb64b2..0000000000 --- a/.changeset/scoped-registry-auth.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -"@pnpm/auth.commands": patch -"@pnpm/config.reader": patch -"@pnpm/fetching.tarball-fetcher": patch -"@pnpm/fetching.types": patch -"@pnpm/installing.deps-installer": patch -"@pnpm/network.auth-header": patch -"@pnpm/pnpr.client": patch -"@pnpm/releasing.commands": patch -"@pnpm/resolving.default-resolver": patch -"@pnpm/resolving.npm-resolver": patch -"@pnpm/types": patch -"pnpm": patch ---- - -pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. - -Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. - -Configure a scope-specific token by adding the package scope after the registry URL in the auth key: - -```ini -@org-a:registry=https://npm.pkg.github.com/ -@org-b:registry=https://npm.pkg.github.com/ - -//npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} -//npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} - -//npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} -``` - -`pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. - -When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. diff --git a/.changeset/setup-skip-exe-build-scripts.md b/.changeset/setup-skip-exe-build-scripts.md deleted file mode 100644 index 24543f8d60..0000000000 --- a/.changeset/setup-skip-exe-build-scripts.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@pnpm/engine.pm.commands": patch -"pnpm": patch ---- - -`pnpm setup` no longer prompts to approve build scripts for `@pnpm/exe` when installing the standalone executable. pnpm links the platform-specific binary itself, so the package's install scripts are skipped during the global self-install [#12377](https://github.com/pnpm/pnpm/issues/12377). diff --git a/.changeset/slow-windows-lockfile-streams.md b/.changeset/slow-windows-lockfile-streams.md deleted file mode 100644 index 00c909c6dd..0000000000 --- a/.changeset/slow-windows-lockfile-streams.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -"@pnpm/lockfile.fs": patch -"@pnpm/installing.commands": patch -"pnpm": patch ---- - -Close lockfile reads deterministically before rewriting lockfiles and keep pacquet's virtual store directory length aligned with pnpm on Windows. diff --git a/.changeset/spotty-citrus-fix.md b/.changeset/spotty-citrus-fix.md deleted file mode 100644 index e0e7546af0..0000000000 --- a/.changeset/spotty-citrus-fix.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@pnpm/resolving.npm-resolver": patch -"pnpm": patch ---- - -A `304 Not Modified` answer from the registry now renews the cached metadata file's mtime, so the `minimumReleaseAge` freshness shortcut keeps serving resolutions from the cache. Previously, once a cached packument grew older than `minimumReleaseAge`, every subsequent install re-validated it against the registry forever, because a 304 never rewrites the file. diff --git a/.changeset/sweet-groups-float.md b/.changeset/sweet-groups-float.md deleted file mode 100644 index bc54386327..0000000000 --- a/.changeset/sweet-groups-float.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@pnpm/deps.inspection.commands": patch ---- - -Update value shown in the view command output for the `unpackedSize`. diff --git a/.changeset/update-dependency-ranges.md b/.changeset/update-dependency-ranges.md deleted file mode 100644 index 748ea21653..0000000000 --- a/.changeset/update-dependency-ranges.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -"@pnpm/auth.commands": patch -"@pnpm/bins.linker": patch -"@pnpm/bins.remover": patch -"@pnpm/building.after-install": patch -"@pnpm/building.commands": patch -"@pnpm/building.during-install": patch -"@pnpm/cache.api": patch -"@pnpm/cache.commands": patch -"@pnpm/cli.commands": patch -"@pnpm/cli.default-reporter": patch -"@pnpm/cli.utils": patch -"@pnpm/config.commands": patch -"@pnpm/config.package-is-installable": patch -"@pnpm/config.reader": patch -"@pnpm/config.version-policy": patch -"@pnpm/core-loggers": patch -"@pnpm/deps.compliance.audit": patch -"@pnpm/deps.compliance.commands": patch -"@pnpm/deps.compliance.license-scanner": patch -"@pnpm/deps.compliance.sbom": patch -"@pnpm/deps.graph-builder": patch -"@pnpm/deps.inspection.commands": patch -"@pnpm/deps.inspection.list": patch -"@pnpm/deps.inspection.outdated": patch -"@pnpm/deps.inspection.peers-checker": patch -"@pnpm/deps.inspection.tree-builder": patch -"@pnpm/deps.path": patch -"@pnpm/deps.peer-range": patch -"@pnpm/deps.security.signatures": patch -"@pnpm/deps.status": patch -"@pnpm/engine.pm.commands": patch -"@pnpm/engine.runtime.bun-resolver": patch -"@pnpm/engine.runtime.commands": patch -"@pnpm/engine.runtime.deno-resolver": patch -"@pnpm/engine.runtime.node-resolver": patch -"@pnpm/engine.runtime.system-version": patch -"@pnpm/exec.commands": patch -"@pnpm/exec.lifecycle": patch -"@pnpm/fetching.directory-fetcher": patch -"@pnpm/fetching.git-fetcher": patch -"@pnpm/fetching.tarball-fetcher": patch -"@pnpm/fs.hard-link-dir": patch -"@pnpm/fs.indexed-pkg-importer": patch -"@pnpm/fs.symlink-dependency": patch -"@pnpm/global.commands": patch -"@pnpm/global.packages": patch -"@pnpm/hooks.pnpmfile": patch -"@pnpm/hooks.read-package-hook": patch -"@pnpm/installing.commands": patch -"@pnpm/installing.context": patch -"@pnpm/installing.deps-installer": patch -"@pnpm/installing.deps-resolver": patch -"@pnpm/installing.deps-restorer": patch -"@pnpm/installing.env-installer": patch -"@pnpm/installing.linking.direct-dep-linker": patch -"@pnpm/installing.linking.hoist": patch -"@pnpm/installing.linking.modules-cleaner": patch -"@pnpm/installing.package-requester": patch -"@pnpm/installing.read-projects-context": patch -"@pnpm/lockfile.filtering": patch -"@pnpm/lockfile.fs": patch -"@pnpm/lockfile.merger": patch -"@pnpm/lockfile.to-pnp": patch -"@pnpm/lockfile.verification": patch -"@pnpm/modules-mounter.daemon": patch -"@pnpm/network.auth-header": patch -"@pnpm/network.fetch": patch -"@pnpm/network.web-auth": patch -"@pnpm/object.key-sorting": patch -"@pnpm/patching.apply-patch": patch -"@pnpm/patching.commands": patch -"@pnpm/patching.config": patch -"@pnpm/pkg-manifest.utils": patch -"@pnpm/registry-access.commands": patch -"@pnpm/releasing.commands": patch -"@pnpm/resolving.git-resolver": patch -"@pnpm/resolving.local-resolver": patch -"@pnpm/resolving.npm-resolver": patch -"@pnpm/resolving.registry.pkg-metadata-filter": patch -"@pnpm/store.cafs": patch -"@pnpm/store.commands": patch -"@pnpm/store.connection-manager": patch -"@pnpm/store.controller": patch -"@pnpm/store.create-cafs-store": patch -"@pnpm/store.index": patch -"@pnpm/worker": patch -"@pnpm/workspace.injected-deps-syncer": patch -"@pnpm/workspace.project-manifest-reader": patch -"@pnpm/workspace.projects-reader": patch -"@pnpm/workspace.range-resolver": patch -"@pnpm/workspace.state": patch -"@pnpm/workspace.workspace-manifest-writer": patch -"pnpm": patch ---- - -Updated dependency ranges. Notably: - -- `@pnpm/logger` peer dependency range moved to `^1100.0.0`. -- `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). -- `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. -- `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. diff --git a/.changeset/update-zkochan-cmd-shim.md b/.changeset/update-zkochan-cmd-shim.md deleted file mode 100644 index 7accead532..0000000000 --- a/.changeset/update-zkochan-cmd-shim.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -"@pnpm/bins.linker": patch -"@pnpm/exe": patch -"pnpm": patch ---- - -Updated `@zkochan/cmd-shim` to v9.0.6. diff --git a/.changeset/windows-error-exit-pidtree.md b/.changeset/windows-error-exit-pidtree.md deleted file mode 100644 index de163142e7..0000000000 --- a/.changeset/windows-error-exit-pidtree.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"pnpm": patch ---- - -Fixed a Windows-only hang where a failed command could take 20–46 seconds to exit. On error, pnpm enumerates descendant processes (via `pidtree`) to terminate them, which on Windows shells out to `wmic`/PowerShell `Get-CimInstance Win32_Process` — a lookup that is extremely slow on some machines. The lookup is now bounded by a short timeout so it can no longer stall the process exit. diff --git a/.meta-updater/CHANGELOG.md b/.meta-updater/CHANGELOG.md index 98ad0631b0..8c07b7cd9a 100644 --- a/.meta-updater/CHANGELOG.md +++ b/.meta-updater/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm-private/updater +## 1100.0.19 + +### Patch Changes + +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/object.key-sorting@1100.0.1 + - @pnpm/workspace.projects-reader@1101.0.12 + - @pnpm/workspace.workspace-manifest-reader@1100.0.8 + ## 1100.0.18 ### Patch Changes diff --git a/.meta-updater/package.json b/.meta-updater/package.json index c3bf189d21..f03ef36726 100644 --- a/.meta-updater/package.json +++ b/.meta-updater/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm-private/updater", - "version": "1100.0.18", + "version": "1100.0.19", "private": true, "type": "module", "scripts": { diff --git a/__utils__/assert-project/CHANGELOG.md b/__utils__/assert-project/CHANGELOG.md index 2d728f5b46..bc64cd9dd8 100644 --- a/__utils__/assert-project/CHANGELOG.md +++ b/__utils__/assert-project/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/assert-project +## 1100.0.16 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/assert-store@1100.0.16 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/testing.registry-mock@1100.0.6 + ## 1100.0.15 ### Patch Changes diff --git a/__utils__/assert-project/package.json b/__utils__/assert-project/package.json index 53b58fdd4e..a8f7cbba5c 100644 --- a/__utils__/assert-project/package.json +++ b/__utils__/assert-project/package.json @@ -1,7 +1,7 @@ { "name": "@pnpm/assert-project", "description": "Utils for testing projects that use pnpm", - "version": "1100.0.15", + "version": "1100.0.16", "author": { "name": "Zoltan Kochan", "email": "z@kochan.io", diff --git a/__utils__/assert-store/CHANGELOG.md b/__utils__/assert-store/CHANGELOG.md index 0fd8723164..17dac14eab 100644 --- a/__utils__/assert-store/CHANGELOG.md +++ b/__utils__/assert-store/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/assert-store +## 1100.0.16 + +### Patch Changes + +- Updated dependencies [61810aa] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/store.cafs@1100.1.10 + - @pnpm/testing.registry-mock@1100.0.6 + ## 1100.0.15 ### Patch Changes diff --git a/__utils__/assert-store/package.json b/__utils__/assert-store/package.json index fe67631b9e..a1738ecf11 100644 --- a/__utils__/assert-store/package.json +++ b/__utils__/assert-store/package.json @@ -1,7 +1,7 @@ { "name": "@pnpm/assert-store", "description": "Utils for testing pnpm store", - "version": "1100.0.15", + "version": "1100.0.16", "bugs": { "url": "https://github.com/pnpm/pnpm/issues" }, diff --git a/__utils__/jest-config/CHANGELOG.md b/__utils__/jest-config/CHANGELOG.md index 9bf1a67b90..4b68ca2d97 100644 --- a/__utils__/jest-config/CHANGELOG.md +++ b/__utils__/jest-config/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/jest-config +## 1100.0.16 + +### Patch Changes + +- Updated dependencies [61810aa] +- Updated dependencies [a31faa7] + - @pnpm/worker@1100.2.0 + - @pnpm/testing.registry-mock@1100.0.6 + ## 1100.0.15 ### Patch Changes diff --git a/__utils__/jest-config/package.json b/__utils__/jest-config/package.json index 251e80a519..fc0f6b76aa 100644 --- a/__utils__/jest-config/package.json +++ b/__utils__/jest-config/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/jest-config", - "version": "1100.0.15", + "version": "1100.0.16", "private": true, "main": "jest-preset.js", "type": "module", diff --git a/__utils__/prepare/CHANGELOG.md b/__utils__/prepare/CHANGELOG.md index ba388f800b..7dfcc90e4f 100644 --- a/__utils__/prepare/CHANGELOG.md +++ b/__utils__/prepare/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/prepare +## 1100.0.16 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/assert-project@1100.0.16 + ## 1100.0.15 ### Patch Changes diff --git a/__utils__/prepare/package.json b/__utils__/prepare/package.json index 7059afdf90..a153269dd6 100644 --- a/__utils__/prepare/package.json +++ b/__utils__/prepare/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/prepare", - "version": "1100.0.15", + "version": "1100.0.16", "main": "lib/index.js", "types": "lib/index.d.ts", "type": "module", diff --git a/__utils__/scripts/CHANGELOG.md b/__utils__/scripts/CHANGELOG.md index caeb559991..76e118664d 100644 --- a/__utils__/scripts/CHANGELOG.md +++ b/__utils__/scripts/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/scripts +## 1100.0.15 + +### Patch Changes + +- Updated dependencies [a31faa7] + - @pnpm/workspace.projects-reader@1101.0.12 + - @pnpm/workspace.workspace-manifest-reader@1100.0.8 + ## 1100.0.14 ### Patch Changes diff --git a/__utils__/scripts/package.json b/__utils__/scripts/package.json index d6206f7bb2..e042d6d7a1 100644 --- a/__utils__/scripts/package.json +++ b/__utils__/scripts/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/scripts", - "version": "1100.0.14", + "version": "1100.0.15", "private": true, "type": "module", "scripts": { diff --git a/auth/commands/CHANGELOG.md b/auth/commands/CHANGELOG.md index 123973975f..8678dbf690 100644 --- a/auth/commands/CHANGELOG.md +++ b/auth/commands/CHANGELOG.md @@ -1,5 +1,45 @@ # @pnpm/auth.commands +## 1100.2.4 + +### Patch Changes + +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/network.fetch@1100.1.3 + - @pnpm/network.web-auth@1101.1.1 + - @pnpm/registry-access.client@1100.1.4 + ## 1100.2.3 ### Patch Changes diff --git a/auth/commands/package.json b/auth/commands/package.json index 0fa388f54b..ba95353f5b 100644 --- a/auth/commands/package.json +++ b/auth/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/auth.commands", - "version": "1100.2.3", + "version": "1100.2.4", "description": "Commands for authentication with npm registries", "keywords": [ "pnpm", diff --git a/bins/linker/CHANGELOG.md b/bins/linker/CHANGELOG.md index af3ad959f6..b5d82477fd 100644 --- a/bins/linker/CHANGELOG.md +++ b/bins/linker/CHANGELOG.md @@ -1,5 +1,26 @@ # @pnpm/link-bins +## 1100.0.14 + +### Patch Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- cd8348c: Updated `@zkochan/cmd-shim` to v9.0.6. +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/pkg-manifest.utils@1100.2.5 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/bins.resolver@1100.0.8 + - @pnpm/pkg-manifest.reader@1100.0.8 + ## 1100.0.13 ### Patch Changes diff --git a/bins/linker/package.json b/bins/linker/package.json index 6621604ecf..55e2b459a4 100644 --- a/bins/linker/package.json +++ b/bins/linker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/bins.linker", - "version": "1100.0.13", + "version": "1100.0.14", "description": "Link bins to node_modules/.bin", "keywords": [ "pnpm", diff --git a/bins/remover/CHANGELOG.md b/bins/remover/CHANGELOG.md index 71e6c0d0e9..c765c6c57f 100644 --- a/bins/remover/CHANGELOG.md +++ b/bins/remover/CHANGELOG.md @@ -1,5 +1,23 @@ # @pnpm/remove-bins +## 1100.0.10 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/bins.resolver@1100.0.8 + - @pnpm/pkg-manifest.reader@1100.0.8 + ## 1100.0.9 ### Patch Changes diff --git a/bins/remover/package.json b/bins/remover/package.json index a9153dc99f..1b073ae767 100644 --- a/bins/remover/package.json +++ b/bins/remover/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/bins.remover", - "version": "1100.0.9", + "version": "1100.0.10", "description": "Remove bins from .bin", "keywords": [ "pnpm", diff --git a/bins/resolver/CHANGELOG.md b/bins/resolver/CHANGELOG.md index 702ad27cfe..81f3dca8ef 100644 --- a/bins/resolver/CHANGELOG.md +++ b/bins/resolver/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/package-bins +## 1100.0.8 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.7 ### Patch Changes diff --git a/bins/resolver/package.json b/bins/resolver/package.json index b5f3b6c8ec..1c6081c2ac 100644 --- a/bins/resolver/package.json +++ b/bins/resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/bins.resolver", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Returns bins of a package", "keywords": [ "pnpm", diff --git a/building/after-install/CHANGELOG.md b/building/after-install/CHANGELOG.md index 5dbad1134a..9f16b4a0c5 100644 --- a/building/after-install/CHANGELOG.md +++ b/building/after-install/CHANGELOG.md @@ -1,5 +1,45 @@ # @pnpm/building.after-install +## 1102.0.0 + +### Patch Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [23716ed] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] +- Updated dependencies [cd8348c] + - @pnpm/config.reader@1101.9.0 + - @pnpm/store.index@1100.2.0 + - @pnpm/store.connection-manager@1100.3.0 + - @pnpm/bins.linker@1100.0.14 + - @pnpm/worker@1100.2.0 + - @pnpm/installing.context@1100.0.18 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/exec.lifecycle@1100.0.18 + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.path@1100.0.8 + - @pnpm/store.cafs@1100.1.10 + - @pnpm/deps.graph-hasher@1100.2.5 + - @pnpm/building.pkg-requires-build@1100.0.8 + - @pnpm/building.policy@1100.0.10 + - @pnpm/config.normalize-registries@1100.0.8 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/lockfile.walker@1100.0.11 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/store.controller-types@1100.1.5 + ## 1101.0.21 ### Patch Changes diff --git a/building/after-install/package.json b/building/after-install/package.json index 926cec5882..3e40704469 100644 --- a/building/after-install/package.json +++ b/building/after-install/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/building.after-install", - "version": "1101.0.21", + "version": "1102.0.0", "description": "Rebuild packages that are already installed by running their lifecycle scripts", "keywords": [ "pnpm", diff --git a/building/commands/CHANGELOG.md b/building/commands/CHANGELOG.md index 36ff78e973..623f785612 100644 --- a/building/commands/CHANGELOG.md +++ b/building/commands/CHANGELOG.md @@ -1,5 +1,36 @@ # @pnpm/building.commands +## 1100.1.5 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [8dcd9a0] +- Updated dependencies [86e70d2] +- Updated dependencies [61810aa] +- Updated dependencies [ab0b7d1] +- Updated dependencies [74a2dc9] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/installing.commands@1100.9.0 + - @pnpm/config.reader@1101.9.0 + - @pnpm/store.connection-manager@1100.3.0 + - @pnpm/building.after-install@1102.0.0 + - @pnpm/types@1101.3.2 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/deps.path@1100.0.8 + - @pnpm/building.policy@1100.0.10 + - @pnpm/config.writer@1100.0.13 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/workspace.projects-sorter@1100.0.7 + ## 1100.1.4 ### Patch Changes diff --git a/building/commands/package.json b/building/commands/package.json index 6e98035eba..249f27b3ca 100644 --- a/building/commands/package.json +++ b/building/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/building.commands", - "version": "1100.1.4", + "version": "1100.1.5", "description": "Commands for rebuilding and managing dependency builds", "keywords": [ "pnpm", diff --git a/building/during-install/CHANGELOG.md b/building/during-install/CHANGELOG.md index 35c371b1a0..b9c270eafe 100644 --- a/building/during-install/CHANGELOG.md +++ b/building/during-install/CHANGELOG.md @@ -1,5 +1,35 @@ # @pnpm/building.during-install +## 1102.0.0 + +### Patch Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [23716ed] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] +- Updated dependencies [cd8348c] + - @pnpm/config.reader@1101.9.0 + - @pnpm/bins.linker@1100.0.14 + - @pnpm/worker@1100.2.0 + - @pnpm/exec.lifecycle@1100.0.18 + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.path@1100.0.8 + - @pnpm/fs.hard-link-dir@1100.0.2 + - @pnpm/patching.apply-patch@1100.0.2 + - @pnpm/deps.graph-hasher@1100.2.5 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/store.controller-types@1100.1.5 + ## 1101.0.18 ### Patch Changes diff --git a/building/during-install/package.json b/building/during-install/package.json index 4773d3f7fe..57c79a411e 100644 --- a/building/during-install/package.json +++ b/building/during-install/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/building.during-install", - "version": "1101.0.18", + "version": "1102.0.0", "description": "Build packages in node_modules", "keywords": [ "pnpm", diff --git a/building/pkg-requires-build/CHANGELOG.md b/building/pkg-requires-build/CHANGELOG.md index 92ba4e2c87..3651a0aeb3 100644 --- a/building/pkg-requires-build/CHANGELOG.md +++ b/building/pkg-requires-build/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/building.pkg-requires-build +## 1100.0.8 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.7 ### Patch Changes diff --git a/building/pkg-requires-build/package.json b/building/pkg-requires-build/package.json index 4e1b9d6a2e..a07334cc9c 100644 --- a/building/pkg-requires-build/package.json +++ b/building/pkg-requires-build/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/building.pkg-requires-build", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Checks if a package requires to be built", "keywords": [ "pnpm", diff --git a/building/policy/CHANGELOG.md b/building/policy/CHANGELOG.md index 800066c63a..dc30836723 100644 --- a/building/policy/CHANGELOG.md +++ b/building/policy/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/building.policy +## 1100.0.10 + +### Patch Changes + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/config.version-policy@1100.1.5 + - @pnpm/deps.path@1100.0.8 + ## 1100.0.9 ### Patch Changes diff --git a/building/policy/package.json b/building/policy/package.json index e1c6edc24b..6e4651ada1 100644 --- a/building/policy/package.json +++ b/building/policy/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/building.policy", - "version": "1100.0.9", + "version": "1100.0.10", "description": "Create a function for filtering out dependencies that are not allowed to be built", "keywords": [ "pnpm", diff --git a/cache/api/CHANGELOG.md b/cache/api/CHANGELOG.md index 9e9855e721..6fd5767f0f 100644 --- a/cache/api/CHANGELOG.md +++ b/cache/api/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/cache.api +## 1100.0.22 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/store.index@1100.2.0 + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/store.cafs@1100.1.10 + ## 1100.0.21 ### Patch Changes diff --git a/cache/api/package.json b/cache/api/package.json index 8681e85b73..d48afd8dcc 100644 --- a/cache/api/package.json +++ b/cache/api/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cache.api", - "version": "1100.0.21", + "version": "1100.0.22", "description": "API for controlling the cache", "keywords": [ "pnpm", diff --git a/cache/commands/CHANGELOG.md b/cache/commands/CHANGELOG.md index 4b49aed769..cc7a6f52c9 100644 --- a/cache/commands/CHANGELOG.md +++ b/cache/commands/CHANGELOG.md @@ -1,5 +1,23 @@ # @pnpm/cache.commands +## 1100.0.23 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/cache.api@1100.0.22 + - @pnpm/cli.utils@1101.0.12 + ## 1100.0.22 ### Patch Changes diff --git a/cache/commands/package.json b/cache/commands/package.json index 3dcbc202f8..27911479ea 100644 --- a/cache/commands/package.json +++ b/cache/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cache.commands", - "version": "1100.0.22", + "version": "1100.0.23", "description": "Commands for controlling the cache", "keywords": [ "pnpm", diff --git a/cli/commands/CHANGELOG.md b/cli/commands/CHANGELOG.md index 5b66c4287b..958173fe87 100644 --- a/cli/commands/CHANGELOG.md +++ b/cli/commands/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/cli.commands +## 1100.0.21 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/workspace.projects-reader@1101.0.12 + - @pnpm/workspace.workspace-manifest-reader@1100.0.8 + ## 1100.0.20 ### Patch Changes diff --git a/cli/commands/package.json b/cli/commands/package.json index 198540377d..056739fe1e 100644 --- a/cli/commands/package.json +++ b/cli/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cli.commands", - "version": "1100.0.20", + "version": "1100.0.21", "description": "Commands for pnpm CLI", "keywords": [ "pnpm", diff --git a/cli/default-reporter/CHANGELOG.md b/cli/default-reporter/CHANGELOG.md index c025e05ffd..08176fcdf6 100644 --- a/cli/default-reporter/CHANGELOG.md +++ b/cli/default-reporter/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/default-reporter +## 1100.3.1 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/cli.meta@1100.0.8 + - @pnpm/deps.inspection.peers-issues-renderer@1100.0.6 + ## 1100.3.0 ### Minor Changes diff --git a/cli/default-reporter/package.json b/cli/default-reporter/package.json index 6bed7dd426..f121997e8f 100644 --- a/cli/default-reporter/package.json +++ b/cli/default-reporter/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cli.default-reporter", - "version": "1100.3.0", + "version": "1100.3.1", "description": "The default reporter of pnpm", "keywords": [ "pnpm", diff --git a/cli/meta/CHANGELOG.md b/cli/meta/CHANGELOG.md index e479bc57cb..15405cad25 100644 --- a/cli/meta/CHANGELOG.md +++ b/cli/meta/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/cli-meta +## 1100.0.8 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.7 ### Patch Changes diff --git a/cli/meta/package.json b/cli/meta/package.json index 14f1065f72..ea52f27cde 100644 --- a/cli/meta/package.json +++ b/cli/meta/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cli.meta", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Reads the metainfo of the currently running pnpm instance", "keywords": [ "pnpm", diff --git a/cli/utils/CHANGELOG.md b/cli/utils/CHANGELOG.md index a74838a13a..4c990154b4 100644 --- a/cli/utils/CHANGELOG.md +++ b/cli/utils/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/cli-utils +## 1101.0.12 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/config.package-is-installable@1100.0.11 + - @pnpm/pkg-manifest.utils@1100.2.5 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/cli.meta@1100.0.8 + ## 1101.0.11 ### Patch Changes diff --git a/cli/utils/package.json b/cli/utils/package.json index 2d26dbcc36..96fd147ad8 100644 --- a/cli/utils/package.json +++ b/cli/utils/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cli.utils", - "version": "1101.0.11", + "version": "1101.0.12", "description": "Utils for pnpm commands", "keywords": [ "pnpm", diff --git a/config/commands/CHANGELOG.md b/config/commands/CHANGELOG.md index e45d43599f..da286fba2d 100644 --- a/config/commands/CHANGELOG.md +++ b/config/commands/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/plugin-commands-config +## 1100.0.22 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/object.key-sorting@1100.0.1 + - @pnpm/workspace.workspace-manifest-writer@1100.0.13 + ## 1100.0.21 ### Patch Changes diff --git a/config/commands/package.json b/config/commands/package.json index ac59119f5a..093b404ae2 100644 --- a/config/commands/package.json +++ b/config/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.commands", - "version": "1100.0.21", + "version": "1100.0.22", "description": "Commands for reading and writing settings to/from config files", "keywords": [ "pnpm", diff --git a/config/normalize-registries/CHANGELOG.md b/config/normalize-registries/CHANGELOG.md index f266cf8454..c3522ccbc2 100644 --- a/config/normalize-registries/CHANGELOG.md +++ b/config/normalize-registries/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/normalize-registries +## 1100.0.8 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.7 ### Patch Changes diff --git a/config/normalize-registries/package.json b/config/normalize-registries/package.json index 1d9b7d9af8..74b35fa5d1 100644 --- a/config/normalize-registries/package.json +++ b/config/normalize-registries/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.normalize-registries", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Accepts a mapping of registry URLs and returns a mapping with the same URLs but normalized", "keywords": [ "pnpm", diff --git a/config/package-is-installable/CHANGELOG.md b/config/package-is-installable/CHANGELOG.md index 312306b169..5344373800 100644 --- a/config/package-is-installable/CHANGELOG.md +++ b/config/package-is-installable/CHANGELOG.md @@ -1,5 +1,23 @@ # @pnpm/package-is-installable +## 1100.0.11 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/engine.runtime.system-version@1100.0.3 + - @pnpm/cli.meta@1100.0.8 + ## 1100.0.10 ### Patch Changes diff --git a/config/package-is-installable/package.json b/config/package-is-installable/package.json index 4aba558929..9614a6fc26 100644 --- a/config/package-is-installable/package.json +++ b/config/package-is-installable/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.package-is-installable", - "version": "1100.0.10", + "version": "1100.0.11", "description": "Checks if a package is installable on the current system", "keywords": [ "pnpm", diff --git a/config/pick-registry-for-package/CHANGELOG.md b/config/pick-registry-for-package/CHANGELOG.md index 55fe3bee53..1c625e3b8e 100644 --- a/config/pick-registry-for-package/CHANGELOG.md +++ b/config/pick-registry-for-package/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/pick-registry-for-package +## 1100.0.9 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.8 ### Patch Changes diff --git a/config/pick-registry-for-package/package.json b/config/pick-registry-for-package/package.json index 7ac5c5de6b..e97319e2cb 100644 --- a/config/pick-registry-for-package/package.json +++ b/config/pick-registry-for-package/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.pick-registry-for-package", - "version": "1100.0.8", + "version": "1100.0.9", "description": "Picks the right registry for the package from a registries config", "keywords": [ "pnpm", diff --git a/config/reader/CHANGELOG.md b/config/reader/CHANGELOG.md index e481d554ec..98b3f65991 100644 --- a/config/reader/CHANGELOG.md +++ b/config/reader/CHANGELOG.md @@ -1,5 +1,49 @@ # @pnpm/config +## 1101.9.0 + +### Minor Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. + +### Patch Changes + +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/hooks.pnpmfile@1100.0.15 + - @pnpm/pkg-manifest.utils@1100.2.5 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/workspace.workspace-manifest-reader@1100.0.8 + - @pnpm/catalogs.config@1100.0.0 + ## 1101.8.0 ### Minor Changes diff --git a/config/reader/package.json b/config/reader/package.json index 8bcb58cedf..5279339434 100644 --- a/config/reader/package.json +++ b/config/reader/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.reader", - "version": "1101.8.0", + "version": "1101.9.0", "description": "Gets configuration options for pnpm", "keywords": [ "pnpm", diff --git a/config/version-policy/CHANGELOG.md b/config/version-policy/CHANGELOG.md index b24ba26e93..adbcc1dc23 100644 --- a/config/version-policy/CHANGELOG.md +++ b/config/version-policy/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/config.version-policy +## 1100.1.5 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.1.4 ### Patch Changes diff --git a/config/version-policy/package.json b/config/version-policy/package.json index f8956013ae..520c36d7a0 100644 --- a/config/version-policy/package.json +++ b/config/version-policy/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.version-policy", - "version": "1100.1.4", + "version": "1100.1.5", "description": "Parses and evaluates package version policy specs and produces package-version matchers", "keywords": [ "pnpm", diff --git a/config/writer/CHANGELOG.md b/config/writer/CHANGELOG.md index 550fbd89b5..0d4800c755 100644 --- a/config/writer/CHANGELOG.md +++ b/config/writer/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/config.config-writer +## 1100.0.13 + +### Patch Changes + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/workspace.workspace-manifest-writer@1100.0.13 + ## 1100.0.12 ### Patch Changes diff --git a/config/writer/package.json b/config/writer/package.json index eb80442db6..3b3bc50251 100644 --- a/config/writer/package.json +++ b/config/writer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.writer", - "version": "1100.0.12", + "version": "1100.0.13", "description": "Functions for updating the configuration settings", "keywords": [ "pnpm", diff --git a/core/core-loggers/CHANGELOG.md b/core/core-loggers/CHANGELOG.md index 7c3dea09d9..9175613ac6 100644 --- a/core/core-loggers/CHANGELOG.md +++ b/core/core-loggers/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/core-loggers +## 1100.2.1 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.2.0 ### Minor Changes diff --git a/core/core-loggers/package.json b/core/core-loggers/package.json index a5ad3e4601..03a0a786c9 100644 --- a/core/core-loggers/package.json +++ b/core/core-loggers/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/core-loggers", - "version": "1100.2.0", + "version": "1100.2.1", "description": "Core loggers of pnpm", "keywords": [ "pnpm", diff --git a/core/types/CHANGELOG.md b/core/types/CHANGELOG.md index 6a0a7c6b57..3b84cefef8 100644 --- a/core/types/CHANGELOG.md +++ b/core/types/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/types +## 1101.3.2 + +### Patch Changes + +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + ## 1101.3.1 ### Patch Changes diff --git a/core/types/package.json b/core/types/package.json index ed1225355d..1ddf4414d3 100644 --- a/core/types/package.json +++ b/core/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/types", - "version": "1101.3.1", + "version": "1101.3.2", "description": "Basic types used by pnpm", "keywords": [ "pnpm", diff --git a/crypto/shasums-file/CHANGELOG.md b/crypto/shasums-file/CHANGELOG.md index 97f8816a65..d9ae26b2e5 100644 --- a/crypto/shasums-file/CHANGELOG.md +++ b/crypto/shasums-file/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/crypto.shasums-file +## 1100.1.1 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/fetching.types@1100.0.2 + - @pnpm/crypto.hash@1100.0.1 + ## 1100.1.0 ### Minor Changes diff --git a/crypto/shasums-file/package.json b/crypto/shasums-file/package.json index 6f945ffdf2..2af8ef68ab 100644 --- a/crypto/shasums-file/package.json +++ b/crypto/shasums-file/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/crypto.shasums-file", - "version": "1100.1.0", + "version": "1100.1.1", "description": "Utils for working with shasums files", "keywords": [ "pnpm", diff --git a/deps/compliance/audit/CHANGELOG.md b/deps/compliance/audit/CHANGELOG.md index 4efe5a0742..02b97da77e 100644 --- a/deps/compliance/audit/CHANGELOG.md +++ b/deps/compliance/audit/CHANGELOG.md @@ -1,5 +1,30 @@ # @pnpm/audit +## 1101.0.16 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/fetching.types@1100.0.2 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/deps.path@1100.0.8 + - @pnpm/network.fetch@1100.1.3 + - @pnpm/lockfile.detect-dep-types@1100.0.11 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/lockfile.walker@1100.0.11 + ## 1101.0.15 ### Patch Changes diff --git a/deps/compliance/audit/package.json b/deps/compliance/audit/package.json index 8d4b6e904e..3c87a23cf6 100644 --- a/deps/compliance/audit/package.json +++ b/deps/compliance/audit/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.compliance.audit", - "version": "1101.0.15", + "version": "1101.0.16", "description": "Audit a lockfile", "keywords": [ "pnpm", diff --git a/deps/compliance/commands/CHANGELOG.md b/deps/compliance/commands/CHANGELOG.md index a69664f02b..b88f86c332 100644 --- a/deps/compliance/commands/CHANGELOG.md +++ b/deps/compliance/commands/CHANGELOG.md @@ -1,5 +1,45 @@ # @pnpm/deps.compliance.commands +## 1101.3.5 + +### Patch Changes + +- 8dcd9a0: Fix garbled summary line after submitting `pnpm update -i` and `pnpm audit --fix -i`. The interactive checkbox prompt previously printed every selected choice's full table row (label, current/target versions, workspace, URL) joined by commas, producing a wall of text after pressing Enter. The summary now lists only the selected package names (or vulnerability keys) by setting an explicit `short` per choice; the in-progress selection UI is unchanged. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [8dcd9a0] +- Updated dependencies [86e70d2] +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [ab0b7d1] +- Updated dependencies [74a2dc9] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/installing.commands@1100.9.0 + - @pnpm/config.reader@1101.9.0 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/network.auth-header@1101.1.2 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/deps.compliance.audit@1101.0.16 + - @pnpm/deps.compliance.license-scanner@1100.0.19 + - @pnpm/deps.compliance.sbom@1100.1.9 + - @pnpm/deps.security.signatures@1101.2.2 + - @pnpm/object.key-sorting@1100.0.1 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/cli.meta@1100.0.8 + - @pnpm/config.pick-registry-for-package@1100.0.9 + - @pnpm/config.writer@1100.0.13 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/lockfile.walker@1100.0.11 + ## 1101.3.4 ### Patch Changes diff --git a/deps/compliance/commands/package.json b/deps/compliance/commands/package.json index b59bd88611..55f869f69c 100644 --- a/deps/compliance/commands/package.json +++ b/deps/compliance/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.compliance.commands", - "version": "1101.3.4", + "version": "1101.3.5", "description": "pnpm commands for audit, licenses, and sbom", "keywords": [ "pnpm", diff --git a/deps/compliance/license-scanner/CHANGELOG.md b/deps/compliance/license-scanner/CHANGELOG.md index c81ad945f2..fd460e169f 100644 --- a/deps/compliance/license-scanner/CHANGELOG.md +++ b/deps/compliance/license-scanner/CHANGELOG.md @@ -1,5 +1,33 @@ # @pnpm/license-scanner +## 1100.0.19 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/config.package-is-installable@1100.0.11 + - @pnpm/deps.path@1100.0.8 + - @pnpm/store.pkg-finder@1100.0.17 + - @pnpm/lockfile.detect-dep-types@1100.0.11 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/lockfile.walker@1100.0.11 + - @pnpm/pkg-manifest.reader@1100.0.8 + ## 1100.0.18 ### Patch Changes diff --git a/deps/compliance/license-scanner/package.json b/deps/compliance/license-scanner/package.json index 6ec4b36ad3..6909b8cfd8 100644 --- a/deps/compliance/license-scanner/package.json +++ b/deps/compliance/license-scanner/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.compliance.license-scanner", - "version": "1100.0.18", + "version": "1100.0.19", "description": "Check for licenses packages", "keywords": [ "pnpm", diff --git a/deps/compliance/sbom/CHANGELOG.md b/deps/compliance/sbom/CHANGELOG.md index 23f840b081..7ed70132ed 100644 --- a/deps/compliance/sbom/CHANGELOG.md +++ b/deps/compliance/sbom/CHANGELOG.md @@ -1,5 +1,30 @@ # @pnpm/deps.compliance.sbom +## 1100.1.9 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/store.pkg-finder@1100.0.17 + - @pnpm/lockfile.detect-dep-types@1100.0.11 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/lockfile.walker@1100.0.11 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.1.8 ### Patch Changes diff --git a/deps/compliance/sbom/package.json b/deps/compliance/sbom/package.json index 8b4adfa540..c3984e604d 100644 --- a/deps/compliance/sbom/package.json +++ b/deps/compliance/sbom/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.compliance.sbom", - "version": "1100.1.8", + "version": "1100.1.9", "description": "Generate SBOM from pnpm lockfile", "keywords": [ "pnpm", diff --git a/deps/graph-builder/CHANGELOG.md b/deps/graph-builder/CHANGELOG.md index ba7fda460c..642800bf2f 100644 --- a/deps/graph-builder/CHANGELOG.md +++ b/deps/graph-builder/CHANGELOG.md @@ -1,5 +1,32 @@ # @pnpm/deps.graph-builder +## 1100.0.16 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/config.package-is-installable@1100.0.11 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.path@1100.0.8 + - @pnpm/patching.config@1100.0.8 + - @pnpm/deps.graph-hasher@1100.2.5 + - @pnpm/hooks.types@1100.0.12 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/store.controller-types@1100.1.5 + ## 1100.0.15 ### Patch Changes diff --git a/deps/graph-builder/package.json b/deps/graph-builder/package.json index 37b4e9461d..a61719292f 100644 --- a/deps/graph-builder/package.json +++ b/deps/graph-builder/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.graph-builder", - "version": "1100.0.15", + "version": "1100.0.16", "description": "A package for building a dependency graph from a lockfile", "keywords": [ "pnpm", diff --git a/deps/graph-hasher/CHANGELOG.md b/deps/graph-hasher/CHANGELOG.md index ea89310a89..58e68ca697 100644 --- a/deps/graph-hasher/CHANGELOG.md +++ b/deps/graph-hasher/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/calc-dep-state +## 1100.2.5 + +### Patch Changes + +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/deps.path@1100.0.8 + - @pnpm/engine.runtime.system-version@1100.0.3 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.2.4 ### Patch Changes diff --git a/deps/graph-hasher/package.json b/deps/graph-hasher/package.json index 11281bb738..d18e7da473 100644 --- a/deps/graph-hasher/package.json +++ b/deps/graph-hasher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.graph-hasher", - "version": "1100.2.4", + "version": "1100.2.5", "description": "Calculates the state of a dependency", "keywords": [ "pnpm", diff --git a/deps/inspection/commands/CHANGELOG.md b/deps/inspection/commands/CHANGELOG.md index dfd910558b..1c03765e63 100644 --- a/deps/inspection/commands/CHANGELOG.md +++ b/deps/inspection/commands/CHANGELOG.md @@ -1,5 +1,40 @@ # @pnpm/deps.inspection.commands +## 1100.3.7 + +### Patch Changes + +- da248c3: Update value shown in the view command output for the `unpackedSize`. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/network.auth-header@1101.1.2 + - @pnpm/resolving.default-resolver@1100.3.8 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/deps.inspection.list@1100.0.18 + - @pnpm/deps.inspection.outdated@1100.1.8 + - @pnpm/deps.inspection.peers-checker@1100.0.14 + - @pnpm/global.commands@1100.0.28 + - @pnpm/global.packages@1100.0.8 + - @pnpm/network.fetch@1100.1.3 + - @pnpm/config.pick-registry-for-package@1100.0.9 + - @pnpm/deps.inspection.peers-issues-renderer@1100.0.6 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/resolving.registry.types@1100.1.3 + ## 1100.3.6 ### Patch Changes diff --git a/deps/inspection/commands/package.json b/deps/inspection/commands/package.json index c6b8de3d98..060c404de6 100644 --- a/deps/inspection/commands/package.json +++ b/deps/inspection/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.inspection.commands", - "version": "1100.3.6", + "version": "1100.3.7", "description": "The list, ll, why, and outdated commands of pnpm", "keywords": [ "pnpm", diff --git a/deps/inspection/list/CHANGELOG.md b/deps/inspection/list/CHANGELOG.md index 442afa0017..a3c93e32b8 100644 --- a/deps/inspection/list/CHANGELOG.md +++ b/deps/inspection/list/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/list +## 1100.0.18 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/deps.inspection.tree-builder@1100.0.15 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/pkg-manifest.reader@1100.0.8 + ## 1100.0.17 ### Patch Changes diff --git a/deps/inspection/list/package.json b/deps/inspection/list/package.json index ab91ef5e06..67265c4194 100644 --- a/deps/inspection/list/package.json +++ b/deps/inspection/list/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.inspection.list", - "version": "1100.0.17", + "version": "1100.0.18", "description": "List installed packages in a symlinked `node_modules`", "keywords": [ "pnpm", diff --git a/deps/inspection/outdated/CHANGELOG.md b/deps/inspection/outdated/CHANGELOG.md index d08d0a93fe..34180f7caa 100644 --- a/deps/inspection/outdated/CHANGELOG.md +++ b/deps/inspection/outdated/CHANGELOG.md @@ -1,5 +1,32 @@ # @pnpm/outdated +## 1100.1.8 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/config.version-policy@1100.1.5 + - @pnpm/deps.path@1100.0.8 + - @pnpm/hooks.read-package-hook@1100.0.8 + - @pnpm/pkg-manifest.utils@1100.2.5 + - @pnpm/installing.client@1100.2.8 + ## 1100.1.7 ### Patch Changes diff --git a/deps/inspection/outdated/package.json b/deps/inspection/outdated/package.json index 68fcf4afe0..62e07eba61 100644 --- a/deps/inspection/outdated/package.json +++ b/deps/inspection/outdated/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.inspection.outdated", - "version": "1100.1.7", + "version": "1100.1.8", "description": "Check for outdated packages", "keywords": [ "pnpm", diff --git a/deps/inspection/peers-checker/CHANGELOG.md b/deps/inspection/peers-checker/CHANGELOG.md index 9938320214..39d914df6f 100644 --- a/deps/inspection/peers-checker/CHANGELOG.md +++ b/deps/inspection/peers-checker/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/deps.inspection.peers-checker +## 1100.0.14 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/deps.path@1100.0.8 + - @pnpm/lockfile.walker@1100.0.11 + ## 1100.0.13 ### Patch Changes diff --git a/deps/inspection/peers-checker/package.json b/deps/inspection/peers-checker/package.json index f11ae10e39..d194fb15e5 100644 --- a/deps/inspection/peers-checker/package.json +++ b/deps/inspection/peers-checker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.inspection.peers-checker", - "version": "1100.0.13", + "version": "1100.0.14", "description": "Check for unmet and missing peer dependency issues from the lockfile", "keywords": [ "pnpm", diff --git a/deps/inspection/peers-issues-renderer/CHANGELOG.md b/deps/inspection/peers-issues-renderer/CHANGELOG.md index 13e318f2d3..7eed315bab 100644 --- a/deps/inspection/peers-issues-renderer/CHANGELOG.md +++ b/deps/inspection/peers-issues-renderer/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/deps.inspection.peers-issues-renderer +## 1100.0.6 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.5 ### Patch Changes diff --git a/deps/inspection/peers-issues-renderer/package.json b/deps/inspection/peers-issues-renderer/package.json index c952282766..32ae4cdf07 100644 --- a/deps/inspection/peers-issues-renderer/package.json +++ b/deps/inspection/peers-issues-renderer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.inspection.peers-issues-renderer", - "version": "1100.0.5", + "version": "1100.0.6", "description": "Visualizes peer dependency issues", "keywords": [ "pnpm", diff --git a/deps/inspection/tree-builder/CHANGELOG.md b/deps/inspection/tree-builder/CHANGELOG.md index a82d7b5654..25ff01b88b 100644 --- a/deps/inspection/tree-builder/CHANGELOG.md +++ b/deps/inspection/tree-builder/CHANGELOG.md @@ -1,5 +1,32 @@ # @pnpm/reviewing.dependencies-hierarchy +## 1100.0.15 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/deps.path@1100.0.8 + - @pnpm/store.cafs@1100.1.10 + - @pnpm/config.normalize-registries@1100.0.8 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/lockfile.detect-dep-types@1100.0.11 + - @pnpm/pkg-manifest.reader@1100.0.8 + ## 1100.0.14 ### Patch Changes diff --git a/deps/inspection/tree-builder/package.json b/deps/inspection/tree-builder/package.json index 17d7ffcf6f..8acba3b30d 100644 --- a/deps/inspection/tree-builder/package.json +++ b/deps/inspection/tree-builder/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.inspection.tree-builder", - "version": "1100.0.14", + "version": "1100.0.15", "description": "Creates a dependencies hierarchy for a symlinked `node_modules`", "keywords": [ "pnpm", diff --git a/deps/path/CHANGELOG.md b/deps/path/CHANGELOG.md index 72e17e8359..075d739841 100644 --- a/deps/path/CHANGELOG.md +++ b/deps/path/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/dependency-path +## 1100.0.8 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/crypto.hash@1100.0.1 + ## 1100.0.7 ### Patch Changes diff --git a/deps/path/package.json b/deps/path/package.json index e936e447b6..6b3746a8db 100644 --- a/deps/path/package.json +++ b/deps/path/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.path", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Utilities for working with symlinked node_modules", "keywords": [ "pnpm", diff --git a/deps/peer-range/CHANGELOG.md b/deps/peer-range/CHANGELOG.md index 859218f5df..e83e3eec9c 100644 --- a/deps/peer-range/CHANGELOG.md +++ b/deps/peer-range/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/semver.peer-range +## 1100.0.2 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + ## 1100.0.1 ### Patch Changes diff --git a/deps/peer-range/package.json b/deps/peer-range/package.json index 30a31fa42a..433a883906 100644 --- a/deps/peer-range/package.json +++ b/deps/peer-range/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.peer-range", - "version": "1100.0.1", + "version": "1100.0.2", "description": "Validates peer ranges", "keywords": [ "pnpm", diff --git a/deps/security/signatures/CHANGELOG.md b/deps/security/signatures/CHANGELOG.md index 25802c5077..2b46f7f192 100644 --- a/deps/security/signatures/CHANGELOG.md +++ b/deps/security/signatures/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/deps.security.signatures +## 1101.2.2 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/fetching.types@1100.0.2 + - @pnpm/network.fetch@1100.1.3 + ## 1101.2.1 ### Patch Changes diff --git a/deps/security/signatures/package.json b/deps/security/signatures/package.json index d783785e8b..1926d3a667 100644 --- a/deps/security/signatures/package.json +++ b/deps/security/signatures/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.security.signatures", - "version": "1101.2.1", + "version": "1101.2.2", "description": "Verify package signatures from npm registries", "keywords": [ "pnpm", diff --git a/deps/status/CHANGELOG.md b/deps/status/CHANGELOG.md index 5882106056..f9ac21fb5c 100644 --- a/deps/status/CHANGELOG.md +++ b/deps/status/CHANGELOG.md @@ -1,5 +1,31 @@ # @pnpm/deps.status +## 1100.1.1 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/installing.context@1100.0.18 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/lockfile.verification@1100.0.18 + - @pnpm/workspace.projects-reader@1101.0.12 + - @pnpm/workspace.state@1100.0.22 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/workspace.workspace-manifest-reader@1100.0.8 + - @pnpm/lockfile.settings-checker@1100.0.18 + ## 1100.1.0 ### Minor Changes diff --git a/deps/status/package.json b/deps/status/package.json index bc6f6d4c2a..bd01a36e2b 100644 --- a/deps/status/package.json +++ b/deps/status/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.status", - "version": "1100.1.0", + "version": "1100.1.1", "description": "Check dependencies status", "keywords": [ "pnpm", diff --git a/engine/pm/commands/CHANGELOG.md b/engine/pm/commands/CHANGELOG.md index 9752bc5d97..456463562e 100644 --- a/engine/pm/commands/CHANGELOG.md +++ b/engine/pm/commands/CHANGELOG.md @@ -1,5 +1,48 @@ # @pnpm/engine.pm.commands +## 1101.1.23 + +### Patch Changes + +- 0fe6ea9: `pnpm setup` no longer prompts to approve build scripts for `@pnpm/exe` when installing the standalone executable. pnpm links the platform-specific binary itself, so the package's install scripts are skipped during the global self-install [#12377](https://github.com/pnpm/pnpm/issues/12377). +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f648e9b] +- Updated dependencies [61810aa] +- Updated dependencies [c16eb0a] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] +- Updated dependencies [cd8348c] + - @pnpm/installing.deps-restorer@1102.0.0 + - @pnpm/config.reader@1101.9.0 + - @pnpm/store.controller@1102.0.0 + - @pnpm/store.connection-manager@1100.3.0 + - @pnpm/bins.linker@1100.0.14 + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/network.auth-header@1101.1.2 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/config.version-policy@1100.1.5 + - @pnpm/deps.security.signatures@1101.2.2 + - @pnpm/global.commands@1100.0.28 + - @pnpm/global.packages@1100.0.8 + - @pnpm/installing.env-installer@1102.0.0 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/installing.client@1100.2.8 + - @pnpm/deps.graph-hasher@1100.2.5 + - @pnpm/building.policy@1100.0.10 + - @pnpm/cli.meta@1100.0.8 + - @pnpm/config.pick-registry-for-package@1100.0.9 + - @pnpm/lockfile.types@1100.0.11 + ## 1101.1.22 ### Patch Changes diff --git a/engine/pm/commands/package.json b/engine/pm/commands/package.json index 770756fabf..422aeafbb3 100644 --- a/engine/pm/commands/package.json +++ b/engine/pm/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/engine.pm.commands", - "version": "1101.1.22", + "version": "1101.1.23", "description": "pnpm commands for self-updating and setting up pnpm", "keywords": [ "pnpm", diff --git a/engine/runtime/bun-resolver/CHANGELOG.md b/engine/runtime/bun-resolver/CHANGELOG.md index 9509e34cf6..a6a97ae5f6 100644 --- a/engine/runtime/bun-resolver/CHANGELOG.md +++ b/engine/runtime/bun-resolver/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/resolving.bun-resolver +## 1102.0.0 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/worker@1100.2.0 + - @pnpm/fetching.types@1100.0.2 + - @pnpm/types@1101.3.2 + - @pnpm/fetching.binary-fetcher@1102.0.0 + - @pnpm/crypto.shasums-file@1100.1.1 + - @pnpm/fetching.fetcher-base@1100.1.9 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1101.1.7 ### Patch Changes diff --git a/engine/runtime/bun-resolver/package.json b/engine/runtime/bun-resolver/package.json index 2629c9c3b9..ce345a4e1d 100644 --- a/engine/runtime/bun-resolver/package.json +++ b/engine/runtime/bun-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/engine.runtime.bun-resolver", - "version": "1101.1.7", + "version": "1102.0.0", "description": "Resolves the Bun runtime", "keywords": [ "pnpm", diff --git a/engine/runtime/commands/CHANGELOG.md b/engine/runtime/commands/CHANGELOG.md index 766317c3c9..e334afdc68 100644 --- a/engine/runtime/commands/CHANGELOG.md +++ b/engine/runtime/commands/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/engine.runtime.commands +## 1100.1.5 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/engine.runtime.node-resolver@1101.1.7 + - @pnpm/network.fetch@1100.1.3 + ## 1100.1.4 ### Patch Changes diff --git a/engine/runtime/commands/package.json b/engine/runtime/commands/package.json index fbf2f2e7b4..d4be68abcc 100644 --- a/engine/runtime/commands/package.json +++ b/engine/runtime/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/engine.runtime.commands", - "version": "1100.1.4", + "version": "1100.1.5", "description": "pnpm commands for managing runtimes", "keywords": [ "pnpm", diff --git a/engine/runtime/deno-resolver/CHANGELOG.md b/engine/runtime/deno-resolver/CHANGELOG.md index 2e00ba3144..ac6538c95c 100644 --- a/engine/runtime/deno-resolver/CHANGELOG.md +++ b/engine/runtime/deno-resolver/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/resolving.deno-resolver +## 1102.0.0 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/worker@1100.2.0 + - @pnpm/fetching.types@1100.0.2 + - @pnpm/types@1101.3.2 + - @pnpm/fetching.binary-fetcher@1102.0.0 + - @pnpm/crypto.shasums-file@1100.1.1 + - @pnpm/fetching.fetcher-base@1100.1.9 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1101.1.7 ### Patch Changes diff --git a/engine/runtime/deno-resolver/package.json b/engine/runtime/deno-resolver/package.json index fd560134e6..50906f5cb4 100644 --- a/engine/runtime/deno-resolver/package.json +++ b/engine/runtime/deno-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/engine.runtime.deno-resolver", - "version": "1101.1.7", + "version": "1102.0.0", "description": "Resolves the Deno runtime", "keywords": [ "pnpm", diff --git a/engine/runtime/node-resolver/CHANGELOG.md b/engine/runtime/node-resolver/CHANGELOG.md index 39cadc83d4..913b7f9b18 100644 --- a/engine/runtime/node-resolver/CHANGELOG.md +++ b/engine/runtime/node-resolver/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/node.resolver +## 1101.1.7 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/fetching.types@1100.0.2 + - @pnpm/types@1101.3.2 + - @pnpm/crypto.shasums-file@1100.1.1 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1101.1.6 ### Patch Changes diff --git a/engine/runtime/node-resolver/package.json b/engine/runtime/node-resolver/package.json index fad560597c..e7233ba403 100644 --- a/engine/runtime/node-resolver/package.json +++ b/engine/runtime/node-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/engine.runtime.node-resolver", - "version": "1101.1.6", + "version": "1101.1.7", "description": "Resolves a Node.js version specifier to an exact Node.js version", "keywords": [ "pnpm", diff --git a/engine/runtime/system-version/CHANGELOG.md b/engine/runtime/system-version/CHANGELOG.md index 2b616fc4b0..57f38e7f0f 100644 --- a/engine/runtime/system-version/CHANGELOG.md +++ b/engine/runtime/system-version/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/engine.runtime.system-version +## 1100.0.3 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/cli.meta@1100.0.8 + ## 1100.0.2 ### Patch Changes diff --git a/engine/runtime/system-version/package.json b/engine/runtime/system-version/package.json index 828acaf716..abf2541e90 100644 --- a/engine/runtime/system-version/package.json +++ b/engine/runtime/system-version/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/engine.runtime.system-version", - "version": "1100.0.2", + "version": "1100.0.3", "description": "Detects the current system version of supported runtimes (Node.js, Deno, Bun)", "keywords": [ "pnpm", diff --git a/exec/commands/CHANGELOG.md b/exec/commands/CHANGELOG.md index 078e78b486..55372bd234 100644 --- a/exec/commands/CHANGELOG.md +++ b/exec/commands/CHANGELOG.md @@ -1,5 +1,43 @@ # @pnpm/plugin-commands-script-runners +## 1100.2.5 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [8dcd9a0] +- Updated dependencies [86e70d2] +- Updated dependencies [61810aa] +- Updated dependencies [ab0b7d1] +- Updated dependencies [74a2dc9] +- Updated dependencies [23716ed] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/installing.commands@1100.9.0 + - @pnpm/config.reader@1101.9.0 + - @pnpm/exec.lifecycle@1100.0.18 + - @pnpm/types@1101.3.2 + - @pnpm/building.commands@1100.1.5 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/config.version-policy@1100.1.5 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.status@1100.1.1 + - @pnpm/engine.runtime.commands@1100.1.5 + - @pnpm/workspace.injected-deps-syncer@1100.0.19 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/installing.client@1100.2.8 + - @pnpm/bins.resolver@1100.0.8 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/workspace.projects-sorter@1100.0.7 + - @pnpm/crypto.hash@1100.0.1 + ## 1100.2.4 ### Patch Changes diff --git a/exec/commands/package.json b/exec/commands/package.json index dd617aaf58..7c2979014f 100644 --- a/exec/commands/package.json +++ b/exec/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exec.commands", - "version": "1100.2.4", + "version": "1100.2.5", "description": "Commands for running scripts", "keywords": [ "pnpm", diff --git a/exec/lifecycle/CHANGELOG.md b/exec/lifecycle/CHANGELOG.md index 40e0d291b1..68b663c427 100644 --- a/exec/lifecycle/CHANGELOG.md +++ b/exec/lifecycle/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/lifecycle +## 1100.0.18 + +### Patch Changes + +- 23716ed: User-defined `npm_config_*` environment variables are now preserved during lifecycle script execution. Previously, all `npm_`-prefixed env vars were stripped, which caused user-set variables like `npm_config_platform_arch` to be lost [pnpm/pnpm#12399](https://github.com/pnpm/pnpm/issues/12399). +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] +- Updated dependencies [cd8348c] + - @pnpm/bins.linker@1100.0.14 + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/fetching.directory-fetcher@1100.0.17 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/store.cafs-types@1100.0.1 + - @pnpm/store.controller-types@1100.1.5 + ## 1100.0.17 ### Patch Changes diff --git a/exec/lifecycle/package.json b/exec/lifecycle/package.json index d4409b7619..cf95a6065f 100644 --- a/exec/lifecycle/package.json +++ b/exec/lifecycle/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exec.lifecycle", - "version": "1100.0.17", + "version": "1100.0.18", "description": "Package lifecycle hook runner", "keywords": [ "pnpm", diff --git a/exec/prepare-package/CHANGELOG.md b/exec/prepare-package/CHANGELOG.md index cbe1566879..0b2e3edc11 100644 --- a/exec/prepare-package/CHANGELOG.md +++ b/exec/prepare-package/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/prepare-package +## 1100.0.18 + +### Patch Changes + +- Updated dependencies [23716ed] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/exec.lifecycle@1100.0.18 + - @pnpm/types@1101.3.2 + - @pnpm/pkg-manifest.reader@1100.0.8 + ## 1100.0.17 ### Patch Changes diff --git a/exec/prepare-package/package.json b/exec/prepare-package/package.json index cf60f9fcf7..23f4ef52fc 100644 --- a/exec/prepare-package/package.json +++ b/exec/prepare-package/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exec.prepare-package", - "version": "1100.0.17", + "version": "1100.0.18", "description": "Prepares a Git-hosted package", "keywords": [ "pnpm", diff --git a/fetching/binary-fetcher/CHANGELOG.md b/fetching/binary-fetcher/CHANGELOG.md index dba2d805d9..c253de180c 100644 --- a/fetching/binary-fetcher/CHANGELOG.md +++ b/fetching/binary-fetcher/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/fetching.binary-fetcher +## 1102.0.0 + +### Patch Changes + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/worker@1100.2.0 + - @pnpm/fetching.types@1100.0.2 + - @pnpm/fetching.fetcher-base@1100.1.9 + ## 1101.0.10 ### Patch Changes diff --git a/fetching/binary-fetcher/package.json b/fetching/binary-fetcher/package.json index 303b754a13..574d0f85f7 100644 --- a/fetching/binary-fetcher/package.json +++ b/fetching/binary-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetching.binary-fetcher", - "version": "1101.0.10", + "version": "1102.0.0", "description": "A fetcher for binary archives", "keywords": [ "pnpm", diff --git a/fetching/directory-fetcher/CHANGELOG.md b/fetching/directory-fetcher/CHANGELOG.md index ed49eb3e0f..d0c3fa1f7b 100644 --- a/fetching/directory-fetcher/CHANGELOG.md +++ b/fetching/directory-fetcher/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/directory-fetcher +## 1100.0.17 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/building.pkg-requires-build@1100.0.8 + - @pnpm/fetching.fetcher-base@1100.1.9 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/store.cafs-types@1100.0.1 + ## 1100.0.16 ### Patch Changes diff --git a/fetching/directory-fetcher/package.json b/fetching/directory-fetcher/package.json index 521e662386..6b29d4971d 100644 --- a/fetching/directory-fetcher/package.json +++ b/fetching/directory-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetching.directory-fetcher", - "version": "1100.0.16", + "version": "1100.0.17", "description": "A fetcher for local directory packages", "keywords": [ "pnpm", diff --git a/fetching/fetcher-base/CHANGELOG.md b/fetching/fetcher-base/CHANGELOG.md index babf22144b..eff8501300 100644 --- a/fetching/fetcher-base/CHANGELOG.md +++ b/fetching/fetcher-base/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/fetcher-base +## 1100.1.9 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.1.8 ### Patch Changes diff --git a/fetching/fetcher-base/package.json b/fetching/fetcher-base/package.json index 7e1fa49d11..7edfed16e7 100644 --- a/fetching/fetcher-base/package.json +++ b/fetching/fetcher-base/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetching.fetcher-base", - "version": "1100.1.8", + "version": "1100.1.9", "description": "Types for pnpm-compatible fetchers", "keywords": [ "pnpm", diff --git a/fetching/git-fetcher/CHANGELOG.md b/fetching/git-fetcher/CHANGELOG.md index 074daed2ce..f3e65b7432 100644 --- a/fetching/git-fetcher/CHANGELOG.md +++ b/fetching/git-fetcher/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/git-fetcher +## 1102.0.0 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/worker@1100.2.0 + - @pnpm/resolving.git-resolver@1100.1.6 + - @pnpm/exec.prepare-package@1100.0.18 + - @pnpm/fetching.fetcher-base@1100.1.9 + ## 1101.0.13 ### Patch Changes diff --git a/fetching/git-fetcher/package.json b/fetching/git-fetcher/package.json index 4fc53d1fbd..6477a60b2d 100644 --- a/fetching/git-fetcher/package.json +++ b/fetching/git-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetching.git-fetcher", - "version": "1101.0.13", + "version": "1102.0.0", "description": "A fetcher for git-hosted packages", "keywords": [ "pnpm", diff --git a/fetching/pick-fetcher/CHANGELOG.md b/fetching/pick-fetcher/CHANGELOG.md index c708167832..454975c90c 100644 --- a/fetching/pick-fetcher/CHANGELOG.md +++ b/fetching/pick-fetcher/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/pick-fetcher +## 1100.0.12 + +### Patch Changes + +- @pnpm/fetching.fetcher-base@1100.1.9 +- @pnpm/hooks.types@1100.0.12 +- @pnpm/resolving.resolver-base@1100.4.2 +- @pnpm/store.cafs-types@1100.0.1 + ## 1100.0.11 ### Patch Changes diff --git a/fetching/pick-fetcher/package.json b/fetching/pick-fetcher/package.json index 77444062d3..12e4d982ea 100644 --- a/fetching/pick-fetcher/package.json +++ b/fetching/pick-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetching.pick-fetcher", - "version": "1100.0.11", + "version": "1100.0.12", "description": "Pick a package fetcher by type", "keywords": [ "pnpm", diff --git a/fetching/tarball-fetcher/CHANGELOG.md b/fetching/tarball-fetcher/CHANGELOG.md index 11e77ae2a6..dc75ba3e37 100644 --- a/fetching/tarball-fetcher/CHANGELOG.md +++ b/fetching/tarball-fetcher/CHANGELOG.md @@ -1,5 +1,47 @@ # @pnpm/tarball-fetcher +## 1102.0.0 + +### Patch Changes + +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/worker@1100.2.0 + - @pnpm/fetching.types@1100.0.2 + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/exec.prepare-package@1100.0.18 + - @pnpm/fetching.fetcher-base@1100.1.9 + ## 1101.0.14 ### Patch Changes diff --git a/fetching/tarball-fetcher/package.json b/fetching/tarball-fetcher/package.json index 41e910d9fd..3a55107ef8 100644 --- a/fetching/tarball-fetcher/package.json +++ b/fetching/tarball-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetching.tarball-fetcher", - "version": "1101.0.14", + "version": "1102.0.0", "description": "Fetcher for packages hosted as tarballs", "keywords": [ "pnpm", diff --git a/fetching/types/CHANGELOG.md b/fetching/types/CHANGELOG.md index 0c6e299138..66e272ed61 100644 --- a/fetching/types/CHANGELOG.md +++ b/fetching/types/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/fetching-types +## 1100.0.2 + +### Patch Changes + +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + ## 1100.0.1 ### Patch Changes diff --git a/fetching/types/package.json b/fetching/types/package.json index d20bf30118..5d993bb715 100644 --- a/fetching/types/package.json +++ b/fetching/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetching.types", - "version": "1100.0.1", + "version": "1100.0.2", "description": "Types for fetching", "keywords": [ "pnpm", diff --git a/fs/hard-link-dir/CHANGELOG.md b/fs/hard-link-dir/CHANGELOG.md index 2da6cd5753..617a28f867 100644 --- a/fs/hard-link-dir/CHANGELOG.md +++ b/fs/hard-link-dir/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/fs.hard-link-dir +## 1100.0.2 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + ## 1100.0.1 ### Patch Changes diff --git a/fs/hard-link-dir/package.json b/fs/hard-link-dir/package.json index 19df9fc520..1eed5e064b 100644 --- a/fs/hard-link-dir/package.json +++ b/fs/hard-link-dir/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fs.hard-link-dir", - "version": "1100.0.1", + "version": "1100.0.2", "description": "Hard link (or copy if linking fails) all files from a directory to several target directories.", "keywords": [ "pnpm", diff --git a/fs/indexed-pkg-importer/CHANGELOG.md b/fs/indexed-pkg-importer/CHANGELOG.md index b6d67428c8..a6a3857438 100644 --- a/fs/indexed-pkg-importer/CHANGELOG.md +++ b/fs/indexed-pkg-importer/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/fs.indexed-pkg-importer +## 1100.0.14 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [a31faa7] + - @pnpm/core-loggers@1100.2.1 + - @pnpm/store.controller-types@1100.1.5 + ## 1100.0.13 ### Patch Changes diff --git a/fs/indexed-pkg-importer/package.json b/fs/indexed-pkg-importer/package.json index 1191322ed1..a28b05d1cd 100644 --- a/fs/indexed-pkg-importer/package.json +++ b/fs/indexed-pkg-importer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fs.indexed-pkg-importer", - "version": "1100.0.13", + "version": "1100.0.14", "description": "Replicates indexed directories using hard links, copies, or cloning", "keywords": [ "pnpm", diff --git a/fs/symlink-dependency/CHANGELOG.md b/fs/symlink-dependency/CHANGELOG.md index f2908b7407..f60407cb7e 100644 --- a/fs/symlink-dependency/CHANGELOG.md +++ b/fs/symlink-dependency/CHANGELOG.md @@ -1,5 +1,28 @@ # @pnpm/symlink-dependency +## 1100.0.10 + +### Patch Changes + +- f648e9b: Reject path-traversal and reserved dependency aliases (such as `../../../escape`, `.bin`, `.pnpm`, or `node_modules`) that come from a lockfile rather than a freshly resolved manifest. A crafted lockfile alias could otherwise be joined directly under a hoisted `node_modules` directory, letting package files be written outside the intended install root or overwrite pnpm-owned layout. + + The fix adds two layers: + + - The `nodeLinker: hoisted` graph builder now validates each alias at the directory sink (`safeJoinModulesDir`), matching the validation pnpm already performs when resolving aliases from manifests. + - The lockfile verification gate (`verifyLockfileResolutions`) now runs an always-on, policy-independent check that rejects any importer or snapshot dependency alias that is not a valid package name, failing the install early — before any fetch or filesystem work — for every node linker at once. + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + ## 1100.0.9 ### Patch Changes diff --git a/fs/symlink-dependency/package.json b/fs/symlink-dependency/package.json index a37c0bd971..0db46e097a 100644 --- a/fs/symlink-dependency/package.json +++ b/fs/symlink-dependency/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fs.symlink-dependency", - "version": "1100.0.9", + "version": "1100.0.10", "description": "Symlink a dependency to node_modules", "keywords": [ "pnpm", diff --git a/global/commands/CHANGELOG.md b/global/commands/CHANGELOG.md index 8f0c4abe09..247a05d2ad 100644 --- a/global/commands/CHANGELOG.md +++ b/global/commands/CHANGELOG.md @@ -1,5 +1,36 @@ # @pnpm/global.commands +## 1100.0.28 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f648e9b] +- Updated dependencies [61810aa] +- Updated dependencies [74a2dc9] +- Updated dependencies [c16eb0a] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] +- Updated dependencies [cd8348c] + - @pnpm/installing.deps-installer@1102.0.0 + - @pnpm/config.reader@1101.9.0 + - @pnpm/store.connection-manager@1100.3.0 + - @pnpm/bins.linker@1100.0.14 + - @pnpm/types@1101.3.2 + - @pnpm/bins.remover@1100.0.10 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.inspection.list@1100.0.18 + - @pnpm/global.packages@1100.0.8 + - @pnpm/bins.resolver@1100.0.8 + - @pnpm/pkg-manifest.reader@1100.0.8 + ## 1100.0.27 ### Patch Changes diff --git a/global/commands/package.json b/global/commands/package.json index 1deb87607d..41b9865d95 100644 --- a/global/commands/package.json +++ b/global/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/global.commands", - "version": "1100.0.27", + "version": "1100.0.28", "description": "Global package command handlers for pnpm", "keywords": [ "pnpm", diff --git a/global/packages/CHANGELOG.md b/global/packages/CHANGELOG.md index 7f69e9179c..de5f30ec35 100644 --- a/global/packages/CHANGELOG.md +++ b/global/packages/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/global.packages +## 1100.0.8 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/bins.resolver@1100.0.8 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/crypto.hash@1100.0.1 + ## 1100.0.7 ### Patch Changes diff --git a/global/packages/package.json b/global/packages/package.json index 31cb74d517..107c73f0a8 100644 --- a/global/packages/package.json +++ b/global/packages/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/global.packages", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Utilities for managing isolated global packages", "keywords": [ "pnpm", diff --git a/hooks/pnpmfile/CHANGELOG.md b/hooks/pnpmfile/CHANGELOG.md index 1c1debee49..35e2c37d3d 100644 --- a/hooks/pnpmfile/CHANGELOG.md +++ b/hooks/pnpmfile/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/pnpmfile +## 1100.0.15 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/hooks.types@1100.0.12 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/store.controller-types@1100.1.5 + - @pnpm/crypto.hash@1100.0.1 + ## 1100.0.14 ### Patch Changes diff --git a/hooks/pnpmfile/package.json b/hooks/pnpmfile/package.json index 4c1eeda2b1..9ee5f5bc05 100644 --- a/hooks/pnpmfile/package.json +++ b/hooks/pnpmfile/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/hooks.pnpmfile", - "version": "1100.0.14", + "version": "1100.0.15", "description": "Reading a .pnpmfile.cjs", "keywords": [ "pnpm", diff --git a/hooks/read-package-hook/CHANGELOG.md b/hooks/read-package-hook/CHANGELOG.md index 093e0f1387..d99d8d5546 100644 --- a/hooks/read-package-hook/CHANGELOG.md +++ b/hooks/read-package-hook/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/hooks.read-package-hook +## 1100.0.8 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/deps.peer-range@1100.0.2 + ## 1100.0.7 ### Patch Changes diff --git a/hooks/read-package-hook/package.json b/hooks/read-package-hook/package.json index 6452008330..d1286725db 100644 --- a/hooks/read-package-hook/package.json +++ b/hooks/read-package-hook/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/hooks.read-package-hook", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Creates the default package reader hook used by pnpm", "keywords": [ "pnpm", diff --git a/hooks/types/CHANGELOG.md b/hooks/types/CHANGELOG.md index f05a4f306e..25d21bc928 100644 --- a/hooks/types/CHANGELOG.md +++ b/hooks/types/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/hooks.types +## 1100.0.12 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/fetching.fetcher-base@1100.1.9 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/store.cafs-types@1100.0.1 + ## 1100.0.11 ### Patch Changes diff --git a/hooks/types/package.json b/hooks/types/package.json index 5ba578f199..c4cc648790 100644 --- a/hooks/types/package.json +++ b/hooks/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/hooks.types", - "version": "1100.0.11", + "version": "1100.0.12", "description": "Types for hooks", "keywords": [ "pnpm", diff --git a/installing/client/CHANGELOG.md b/installing/client/CHANGELOG.md index 8602b703ba..be95f97677 100644 --- a/installing/client/CHANGELOG.md +++ b/installing/client/CHANGELOG.md @@ -1,5 +1,28 @@ # @pnpm/client +## 1100.2.8 + +### Patch Changes + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/fetching.tarball-fetcher@1102.0.0 + - @pnpm/fetching.types@1100.0.2 + - @pnpm/network.auth-header@1101.1.2 + - @pnpm/resolving.default-resolver@1100.3.8 + - @pnpm/types@1101.3.2 + - @pnpm/engine.runtime.node-resolver@1101.1.7 + - @pnpm/fetching.directory-fetcher@1100.0.17 + - @pnpm/fetching.git-fetcher@1102.0.0 + - @pnpm/network.fetch@1100.1.3 + - @pnpm/fetching.binary-fetcher@1102.0.0 + - @pnpm/hooks.types@1100.0.12 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.2.7 ### Patch Changes diff --git a/installing/client/package.json b/installing/client/package.json index e94106391c..ec9408d7d9 100644 --- a/installing/client/package.json +++ b/installing/client/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.client", - "version": "1100.2.7", + "version": "1100.2.8", "description": "Creates the package resolve and fetch functions", "keywords": [ "pnpm", diff --git a/installing/commands/CHANGELOG.md b/installing/commands/CHANGELOG.md index 7320be90a5..5814775869 100644 --- a/installing/commands/CHANGELOG.md +++ b/installing/commands/CHANGELOG.md @@ -1,5 +1,71 @@ # @pnpm/plugin-commands-installation +## 1100.9.0 + +### Minor Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. +- 74a2dc9: When [`pacquet`](https://github.com/pnpm/pnpm/tree/main/pacquet) (the Rust port of pnpm) is declared in `configDependencies`, pnpm now delegates dependency **resolution** to it too — not just materialization — provided the installed pacquet is new enough to support full resolving installs (>= 0.11.7). + + Previously pacquet only ran in frozen-install mode: pnpm always resolved the dependency graph itself (writing `pnpm-lock.yaml`) and handed pacquet a finished lockfile to fetch / import / link. With pacquet >= 0.11.7, a non-frozen `pnpm install` (default isolated `nodeLinker`, plain install) is delegated to pacquet end-to-end in a single pass — pacquet resolves the manifests, writes the lockfile, and materializes `node_modules`. pnpm detects the capability from the installed pacquet's version; older pacquet releases keep the resolve-then-materialize split, and `add` / `update` / `remove` still resolve in pnpm (it has to mutate the manifests first). This remains an opt-in preview of the Rust install engine [#11723](https://github.com/pnpm/pnpm/issues/11723). + +### Patch Changes + +- 8dcd9a0: Fix garbled summary line after submitting `pnpm update -i` and `pnpm audit --fix -i`. The interactive checkbox prompt previously printed every selected choice's full table row (label, current/target versions, workspace, URL) joined by commas, producing a wall of text after pressing Enter. The summary now lists only the selected package names (or vulnerability keys) by setting an explicit `short` per choice; the in-progress selection UI is unchanged. +- 86e70d2: Fixed `Cannot destructure property 'manifest' of 'manifestsByPath[rootDir]' as it is undefined` regression introduced in 11.6.0 when running `pnpm add ` outside a workspace on Windows. `selectProjectByDir` was keying the resulting `ProjectsGraph` by `opts.dir` instead of `project.rootDir`, so downstream `manifestsByPath` lookups missed when the two paths normalized differently (typically drive-letter casing). [pnpm/pnpm#12379](https://github.com/pnpm/pnpm/issues/12379) +- ab0b7d1: Added support for the `--trust-lockfile` flag on `pnpm link` +- d50d691: Close lockfile reads deterministically before rewriting lockfiles and keep pacquet's virtual store directory length aligned with pnpm on Windows. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f648e9b] +- Updated dependencies [61810aa] +- Updated dependencies [74a2dc9] +- Updated dependencies [c16eb0a] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/installing.deps-installer@1102.0.0 + - @pnpm/config.reader@1101.9.0 + - @pnpm/store.controller@1102.0.0 + - @pnpm/store.connection-manager@1100.3.0 + - @pnpm/building.after-install@1102.0.0 + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/installing.context@1100.0.18 + - @pnpm/network.auth-header@1101.1.2 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/deps.inspection.outdated@1100.1.8 + - @pnpm/deps.path@1100.0.8 + - @pnpm/deps.security.signatures@1101.2.2 + - @pnpm/deps.status@1100.1.1 + - @pnpm/global.commands@1100.0.28 + - @pnpm/hooks.pnpmfile@1100.0.15 + - @pnpm/installing.env-installer@1102.0.0 + - @pnpm/network.fetch@1100.1.3 + - @pnpm/pkg-manifest.utils@1100.2.5 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/workspace.projects-reader@1101.0.12 + - @pnpm/workspace.state@1100.0.22 + - @pnpm/workspace.workspace-manifest-writer@1100.0.13 + - @pnpm/workspace.projects-graph@1100.0.18 + - @pnpm/building.policy@1100.0.10 + - @pnpm/config.pick-registry-for-package@1100.0.9 + - @pnpm/config.writer@1100.0.13 + - @pnpm/installing.dedupe.check@1100.0.11 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/workspace.project-manifest-writer@1100.0.8 + - @pnpm/workspace.projects-filter@1100.0.21 + - @pnpm/workspace.projects-sorter@1100.0.7 + ## 1100.8.0 ### Minor Changes diff --git a/installing/commands/package.json b/installing/commands/package.json index 4e067093c5..b5248094d3 100644 --- a/installing/commands/package.json +++ b/installing/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.commands", - "version": "1100.8.0", + "version": "1100.9.0", "description": "Commands for installation", "keywords": [ "pnpm", diff --git a/installing/context/CHANGELOG.md b/installing/context/CHANGELOG.md index 7aa0b81eae..ff363f365a 100644 --- a/installing/context/CHANGELOG.md +++ b/installing/context/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/get-context +## 1100.0.18 + +### Patch Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/store.controller@1102.0.0 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/installing.read-projects-context@1100.0.15 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.0.17 ### Patch Changes diff --git a/installing/context/package.json b/installing/context/package.json index cff013a8a9..64fc0b55ec 100644 --- a/installing/context/package.json +++ b/installing/context/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.context", - "version": "1100.0.17", + "version": "1100.0.18", "description": "Gets context information about a project", "keywords": [ "pnpm", diff --git a/installing/dedupe/check/CHANGELOG.md b/installing/dedupe/check/CHANGELOG.md index acdca037e3..89848b13d1 100644 --- a/installing/dedupe/check/CHANGELOG.md +++ b/installing/dedupe/check/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/dedupe.check +## 1100.0.11 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.types@1100.0.11 + ## 1100.0.10 ### Patch Changes diff --git a/installing/dedupe/check/package.json b/installing/dedupe/check/package.json index e498528fe6..54fefd62c7 100644 --- a/installing/dedupe/check/package.json +++ b/installing/dedupe/check/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.dedupe.check", - "version": "1100.0.10", + "version": "1100.0.11", "description": "Visualize pnpm dedupe --check issues.", "keywords": [ "pnpm", diff --git a/installing/deps-installer/CHANGELOG.md b/installing/deps-installer/CHANGELOG.md index 3c595ae3c6..c3fb4c75da 100644 --- a/installing/deps-installer/CHANGELOG.md +++ b/installing/deps-installer/CHANGELOG.md @@ -1,5 +1,104 @@ # @pnpm/core +## 1102.0.0 + +### Minor Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. +- 74a2dc9: When [`pacquet`](https://github.com/pnpm/pnpm/tree/main/pacquet) (the Rust port of pnpm) is declared in `configDependencies`, pnpm now delegates dependency **resolution** to it too — not just materialization — provided the installed pacquet is new enough to support full resolving installs (>= 0.11.7). + + Previously pacquet only ran in frozen-install mode: pnpm always resolved the dependency graph itself (writing `pnpm-lock.yaml`) and handed pacquet a finished lockfile to fetch / import / link. With pacquet >= 0.11.7, a non-frozen `pnpm install` (default isolated `nodeLinker`, plain install) is delegated to pacquet end-to-end in a single pass — pacquet resolves the manifests, writes the lockfile, and materializes `node_modules`. pnpm detects the capability from the installed pacquet's version; older pacquet releases keep the resolve-then-materialize split, and `add` / `update` / `remove` still resolve in pnpm (it has to mutate the manifests first). This remains an opt-in preview of the Rust install engine [#11723](https://github.com/pnpm/pnpm/issues/11723). + +### Patch Changes + +- f648e9b: Reject path-traversal and reserved dependency aliases (such as `../../../escape`, `.bin`, `.pnpm`, or `node_modules`) that come from a lockfile rather than a freshly resolved manifest. A crafted lockfile alias could otherwise be joined directly under a hoisted `node_modules` directory, letting package files be written outside the intended install root or overwrite pnpm-owned layout. + + The fix adds two layers: + + - The `nodeLinker: hoisted` graph builder now validates each alias at the directory sink (`safeJoinModulesDir`), matching the validation pnpm already performs when resolving aliases from manifests. + - The lockfile verification gate (`verifyLockfileResolutions`) now runs an always-on, policy-independent check that rejects any importer or snapshot dependency alias that is not a valid package name, failing the install early — before any fetch or filesystem work — for every node linker at once. + +- c16eb0a: Sped up `pnpm install` with a frozen lockfile by running lockfile verification (the policy revalidation gate added for `minimumReleaseAge`/`trustPolicy` and the tarball-URL anti-tamper check) concurrently with fetching and linking instead of blocking the whole install on it. Dependency lifecycle scripts are still held back until verification succeeds, so no script runs on an unverified lockfile: if verification fails the install aborts before any dependency build, and if linking finishes first the install waits for the verification verdict before completing. +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f648e9b] +- Updated dependencies [9b35a60] +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [3a27141] +- Updated dependencies [c16eb0a] +- Updated dependencies [23716ed] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] +- Updated dependencies [cd8348c] + - @pnpm/fs.symlink-dependency@1100.0.10 + - @pnpm/installing.deps-resolver@1100.2.3 + - @pnpm/installing.deps-restorer@1102.0.0 + - @pnpm/store.index@1100.2.0 + - @pnpm/building.after-install@1102.0.0 + - @pnpm/building.during-install@1102.0.0 + - @pnpm/bins.linker@1100.0.14 + - @pnpm/worker@1100.2.0 + - @pnpm/installing.package-requester@1102.0.0 + - @pnpm/installing.context@1100.0.18 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/exec.lifecycle@1100.0.18 + - @pnpm/network.auth-header@1101.1.2 + - @pnpm/pnpr.client@1.2.1 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/bins.remover@1100.0.10 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.path@1100.0.8 + - @pnpm/hooks.read-package-hook@1100.0.8 + - @pnpm/installing.linking.direct-dep-linker@1100.0.10 + - @pnpm/installing.linking.hoist@1100.0.14 + - @pnpm/installing.linking.modules-cleaner@1100.1.8 + - @pnpm/lockfile.filtering@1100.1.7 + - @pnpm/lockfile.to-pnp@1100.0.14 + - @pnpm/lockfile.verification@1100.0.18 + - @pnpm/patching.config@1100.0.8 + - @pnpm/pkg-manifest.utils@1100.2.5 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/deps.graph-hasher@1100.2.5 + - @pnpm/lockfile.preferred-versions@1100.0.16 + - @pnpm/building.policy@1100.0.10 + - @pnpm/config.normalize-registries@1100.0.8 + - @pnpm/hooks.types@1100.0.12 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/lockfile.pruner@1100.0.11 + - @pnpm/lockfile.walker@1100.0.11 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/store.controller-types@1100.1.5 + - @pnpm/lockfile.settings-checker@1100.0.18 + - @pnpm/crypto.hash@1100.0.1 + ## 1101.9.0 ### Minor Changes diff --git a/installing/deps-installer/package.json b/installing/deps-installer/package.json index 33fcf81d7c..d79ce79c94 100644 --- a/installing/deps-installer/package.json +++ b/installing/deps-installer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.deps-installer", - "version": "1101.9.0", + "version": "1102.0.0", "description": "Fast, disk space efficient installation engine", "keywords": [ "pnpm", diff --git a/installing/deps-resolver/CHANGELOG.md b/installing/deps-resolver/CHANGELOG.md index 9a6a3546a1..4f4e85c08d 100644 --- a/installing/deps-resolver/CHANGELOG.md +++ b/installing/deps-resolver/CHANGELOG.md @@ -1,5 +1,49 @@ # @pnpm/resolve-dependencies +## 1100.2.3 + +### Patch Changes + +- f648e9b: Reject path-traversal and reserved dependency aliases (such as `../../../escape`, `.bin`, `.pnpm`, or `node_modules`) that come from a lockfile rather than a freshly resolved manifest. A crafted lockfile alias could otherwise be joined directly under a hoisted `node_modules` directory, letting package files be written outside the intended install root or overwrite pnpm-owned layout. + + The fix adds two layers: + + - The `nodeLinker: hoisted` graph builder now validates each alias at the directory sink (`safeJoinModulesDir`), matching the validation pnpm already performs when resolving aliases from manifests. + - The lockfile verification gate (`verifyLockfileResolutions`) now runs an always-on, policy-independent check that rejects any importer or snapshot dependency alias that is not a valid package name, failing the install early — before any fetch or filesystem work — for every node linker at once. + +- 9b35a60: Made shared package child resolution deterministic when the same package is reached through multiple contexts. pnpm now chooses the shallowest occurrence, then importer order, then parent path, instead of letting request timing decide the child context and missing-peer report [pnpm/pnpm#12358](https://github.com/pnpm/pnpm/issues/12358). +- 3a27141: Fixed nondeterministic lockfile output that made `pnpm dedupe --check` fail intermittently in CI. When a locked peer provider was pinned for a dependency that has no child dependencies of its own, the pinned provider leaked into the shared parent scope, so siblings resolved after it could pick up an optional peer they should not see. Which siblings were affected depended on resolution order, which varies with network timing. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/config.version-policy@1100.1.5 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.path@1100.0.8 + - @pnpm/deps.peer-range@1100.0.2 + - @pnpm/patching.config@1100.0.8 + - @pnpm/pkg-manifest.utils@1100.2.5 + - @pnpm/fetching.pick-fetcher@1100.0.12 + - @pnpm/deps.graph-hasher@1100.2.5 + - @pnpm/lockfile.preferred-versions@1100.0.16 + - @pnpm/hooks.types@1100.0.12 + - @pnpm/lockfile.pruner@1100.0.11 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/store.controller-types@1100.1.5 + ## 1100.2.2 ### Patch Changes diff --git a/installing/deps-resolver/package.json b/installing/deps-resolver/package.json index ad841faca0..c07336a98f 100644 --- a/installing/deps-resolver/package.json +++ b/installing/deps-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.deps-resolver", - "version": "1100.2.2", + "version": "1100.2.3", "description": "Resolves dependency graph of a package", "keywords": [ "pnpm", diff --git a/installing/deps-restorer/CHANGELOG.md b/installing/deps-restorer/CHANGELOG.md index cf353ab861..5700bba732 100644 --- a/installing/deps-restorer/CHANGELOG.md +++ b/installing/deps-restorer/CHANGELOG.md @@ -1,5 +1,59 @@ # @pnpm/headless +## 1102.0.0 + +### Patch Changes + +- f648e9b: Reject path-traversal and reserved dependency aliases (such as `../../../escape`, `.bin`, `.pnpm`, or `node_modules`) that come from a lockfile rather than a freshly resolved manifest. A crafted lockfile alias could otherwise be joined directly under a hoisted `node_modules` directory, letting package files be written outside the intended install root or overwrite pnpm-owned layout. + + The fix adds two layers: + + - The `nodeLinker: hoisted` graph builder now validates each alias at the directory sink (`safeJoinModulesDir`), matching the validation pnpm already performs when resolving aliases from manifests. + - The lockfile verification gate (`verifyLockfileResolutions`) now runs an always-on, policy-independent check that rejects any importer or snapshot dependency alias that is not a valid package name, failing the install early — before any fetch or filesystem work — for every node linker at once. + +- c16eb0a: Sped up `pnpm install` with a frozen lockfile by running lockfile verification (the policy revalidation gate added for `minimumReleaseAge`/`trustPolicy` and the tarball-URL anti-tamper check) concurrently with fetching and linking instead of blocking the whole install on it. Dependency lifecycle scripts are still held back until verification succeeds, so no script runs on an unverified lockfile: if verification fails the install aborts before any dependency build, and if linking finishes first the install waits for the verification verdict before completing. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f648e9b] +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [23716ed] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] +- Updated dependencies [cd8348c] + - @pnpm/fs.symlink-dependency@1100.0.10 + - @pnpm/building.during-install@1102.0.0 + - @pnpm/bins.linker@1100.0.14 + - @pnpm/worker@1100.2.0 + - @pnpm/installing.package-requester@1102.0.0 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/exec.lifecycle@1100.0.18 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/config.package-is-installable@1100.0.11 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.graph-builder@1100.0.16 + - @pnpm/deps.path@1100.0.8 + - @pnpm/installing.linking.direct-dep-linker@1100.0.10 + - @pnpm/installing.linking.hoist@1100.0.14 + - @pnpm/installing.linking.modules-cleaner@1100.1.8 + - @pnpm/lockfile.filtering@1100.1.7 + - @pnpm/lockfile.to-pnp@1100.0.14 + - @pnpm/patching.config@1100.0.8 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/deps.graph-hasher@1100.2.5 + - @pnpm/installing.linking.real-hoist@1100.1.3 + - @pnpm/building.policy@1100.0.10 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/store.controller-types@1100.1.5 + ## 1101.1.11 ### Patch Changes diff --git a/installing/deps-restorer/package.json b/installing/deps-restorer/package.json index 24a30410b0..070125a2d8 100644 --- a/installing/deps-restorer/package.json +++ b/installing/deps-restorer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.deps-restorer", - "version": "1101.1.11", + "version": "1102.0.0", "description": "Fast installation using only pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/installing/env-installer/CHANGELOG.md b/installing/env-installer/CHANGELOG.md index d8dc45cfbf..9c46dbc86a 100644 --- a/installing/env-installer/CHANGELOG.md +++ b/installing/env-installer/CHANGELOG.md @@ -1,5 +1,44 @@ # @pnpm/config.deps-installer +## 1102.0.0 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f648e9b] +- Updated dependencies [9b35a60] +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [3a27141] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/installing.deps-resolver@1100.2.3 + - @pnpm/store.controller@1102.0.0 + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/worker@1100.2.0 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/network.auth-header@1101.1.2 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/config.package-is-installable@1100.0.11 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/network.fetch@1100.1.3 + - @pnpm/deps.graph-hasher@1100.2.5 + - @pnpm/config.pick-registry-for-package@1100.0.9 + - @pnpm/config.writer@1100.0.13 + - @pnpm/lockfile.pruner@1100.0.11 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/store.controller-types@1100.1.5 + ## 1101.1.8 ### Patch Changes diff --git a/installing/env-installer/package.json b/installing/env-installer/package.json index b3dfc2406d..bb5867c051 100644 --- a/installing/env-installer/package.json +++ b/installing/env-installer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.env-installer", - "version": "1101.1.8", + "version": "1102.0.0", "description": "Installer for configurational dependencies", "keywords": [ "pnpm", diff --git a/installing/linking/direct-dep-linker/CHANGELOG.md b/installing/linking/direct-dep-linker/CHANGELOG.md index b0a6d293e5..61f978ae4b 100644 --- a/installing/linking/direct-dep-linker/CHANGELOG.md +++ b/installing/linking/direct-dep-linker/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/pkg-manager.direct-dep-linker +## 1100.0.10 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f648e9b] +- Updated dependencies [a31faa7] + - @pnpm/fs.symlink-dependency@1100.0.10 + - @pnpm/core-loggers@1100.2.1 + ## 1100.0.9 ### Patch Changes diff --git a/installing/linking/direct-dep-linker/package.json b/installing/linking/direct-dep-linker/package.json index 7419a90c23..2b4edb8842 100644 --- a/installing/linking/direct-dep-linker/package.json +++ b/installing/linking/direct-dep-linker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.linking.direct-dep-linker", - "version": "1100.0.9", + "version": "1100.0.10", "description": "Fast installation using only pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/installing/linking/hoist/CHANGELOG.md b/installing/linking/hoist/CHANGELOG.md index d3fb1c1aae..e5ef945aab 100644 --- a/installing/linking/hoist/CHANGELOG.md +++ b/installing/linking/hoist/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/hoist +## 1100.0.14 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] +- Updated dependencies [cd8348c] + - @pnpm/bins.linker@1100.0.14 + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + ## 1100.0.13 ### Patch Changes diff --git a/installing/linking/hoist/package.json b/installing/linking/hoist/package.json index 3cdb64d805..16e1692ce3 100644 --- a/installing/linking/hoist/package.json +++ b/installing/linking/hoist/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.linking.hoist", - "version": "1100.0.13", + "version": "1100.0.14", "description": "Hoists dependencies in a node_modules created by pnpm", "keywords": [ "pnpm", diff --git a/installing/linking/modules-cleaner/CHANGELOG.md b/installing/linking/modules-cleaner/CHANGELOG.md index 96a353053e..4237d443f5 100644 --- a/installing/linking/modules-cleaner/CHANGELOG.md +++ b/installing/linking/modules-cleaner/CHANGELOG.md @@ -1,5 +1,28 @@ # @pnpm/modules-cleaner +## 1100.1.8 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/bins.remover@1100.0.10 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.path@1100.0.8 + - @pnpm/lockfile.filtering@1100.1.7 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/store.controller-types@1100.1.5 + ## 1100.1.7 ### Patch Changes diff --git a/installing/linking/modules-cleaner/package.json b/installing/linking/modules-cleaner/package.json index 2f76d19fef..252082c5f8 100644 --- a/installing/linking/modules-cleaner/package.json +++ b/installing/linking/modules-cleaner/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.linking.modules-cleaner", - "version": "1100.1.7", + "version": "1100.1.8", "description": "Exports util functions to clean up node_modules", "keywords": [ "pnpm", diff --git a/installing/linking/real-hoist/CHANGELOG.md b/installing/linking/real-hoist/CHANGELOG.md index 75a859319c..bf4ff86e30 100644 --- a/installing/linking/real-hoist/CHANGELOG.md +++ b/installing/linking/real-hoist/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/real-hoist +## 1100.1.3 + +### Patch Changes + +- Updated dependencies [f20ad8f] +- Updated dependencies [a31faa7] + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/deps.path@1100.0.8 + ## 1100.1.2 ### Patch Changes diff --git a/installing/linking/real-hoist/package.json b/installing/linking/real-hoist/package.json index bd6359518b..e7bb4035b9 100644 --- a/installing/linking/real-hoist/package.json +++ b/installing/linking/real-hoist/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.linking.real-hoist", - "version": "1100.1.2", + "version": "1100.1.3", "description": "Hoists dependencies in a node_modules created by pnpm", "keywords": [ "pnpm", diff --git a/installing/modules-yaml/CHANGELOG.md b/installing/modules-yaml/CHANGELOG.md index 3ceb5ef2e4..b8a38ada5c 100644 --- a/installing/modules-yaml/CHANGELOG.md +++ b/installing/modules-yaml/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/modules-yaml +## 1100.0.9 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.8 ### Patch Changes diff --git a/installing/modules-yaml/package.json b/installing/modules-yaml/package.json index 8b0a67e392..9e4d8ec314 100644 --- a/installing/modules-yaml/package.json +++ b/installing/modules-yaml/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.modules-yaml", - "version": "1100.0.8", + "version": "1100.0.9", "description": "Reads/writes `node_modules/.modules.yaml`", "keywords": [ "pnpm", diff --git a/installing/package-requester/CHANGELOG.md b/installing/package-requester/CHANGELOG.md index 61daca3cac..358c56120c 100644 --- a/installing/package-requester/CHANGELOG.md +++ b/installing/package-requester/CHANGELOG.md @@ -1,5 +1,36 @@ # @pnpm/package-requester +## 1102.0.0 + +### Minor Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/worker@1100.2.0 + - @pnpm/types@1101.3.2 + - @pnpm/config.package-is-installable@1100.0.11 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.path@1100.0.8 + - @pnpm/store.cafs@1100.1.10 + - @pnpm/fetching.pick-fetcher@1100.0.12 + - @pnpm/fetching.fetcher-base@1100.1.9 + - @pnpm/hooks.types@1100.0.12 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/store.controller-types@1100.1.5 + ## 1101.1.0 ### Minor Changes diff --git a/installing/package-requester/package.json b/installing/package-requester/package.json index c70bdfc523..85ab20f227 100644 --- a/installing/package-requester/package.json +++ b/installing/package-requester/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.package-requester", - "version": "1101.1.0", + "version": "1102.0.0", "description": "Concurrent downloader of npm-compatible packages", "keywords": [ "pnpm", diff --git a/installing/read-projects-context/CHANGELOG.md b/installing/read-projects-context/CHANGELOG.md index ce28fd139f..42b4d3006a 100644 --- a/installing/read-projects-context/CHANGELOG.md +++ b/installing/read-projects-context/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/read-projects-context +## 1100.0.15 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/config.normalize-registries@1100.0.8 + - @pnpm/installing.modules-yaml@1100.0.9 + ## 1100.0.14 ### Patch Changes diff --git a/installing/read-projects-context/package.json b/installing/read-projects-context/package.json index 73285fad7e..b03264e667 100644 --- a/installing/read-projects-context/package.json +++ b/installing/read-projects-context/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/installing.read-projects-context", - "version": "1100.0.14", + "version": "1100.0.15", "description": "Reads the current state of projects from modules manifest", "keywords": [ "pnpm", diff --git a/lockfile/detect-dep-types/CHANGELOG.md b/lockfile/detect-dep-types/CHANGELOG.md index 268f7e3642..56864c2961 100644 --- a/lockfile/detect-dep-types/CHANGELOG.md +++ b/lockfile/detect-dep-types/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/lockfile.detect-dep-types +## 1100.0.11 + +### Patch Changes + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/deps.path@1100.0.8 + - @pnpm/lockfile.types@1100.0.11 + ## 1100.0.10 ### Patch Changes diff --git a/lockfile/detect-dep-types/package.json b/lockfile/detect-dep-types/package.json index 4936d041a6..a39477b40b 100644 --- a/lockfile/detect-dep-types/package.json +++ b/lockfile/detect-dep-types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.detect-dep-types", - "version": "1100.0.10", + "version": "1100.0.11", "description": "Detect the types of dependencies", "keywords": [ "pnpm", diff --git a/lockfile/filtering/CHANGELOG.md b/lockfile/filtering/CHANGELOG.md index ece123694a..024efb06b7 100644 --- a/lockfile/filtering/CHANGELOG.md +++ b/lockfile/filtering/CHANGELOG.md @@ -1,5 +1,26 @@ # @pnpm/filter-lockfile +## 1100.1.7 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/config.package-is-installable@1100.0.11 + - @pnpm/deps.path@1100.0.8 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/lockfile.walker@1100.0.11 + ## 1100.1.6 ### Patch Changes diff --git a/lockfile/filtering/package.json b/lockfile/filtering/package.json index a23a2c14e6..7b08ca69be 100644 --- a/lockfile/filtering/package.json +++ b/lockfile/filtering/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.filtering", - "version": "1100.1.6", + "version": "1100.1.7", "description": "Filters a lockfile", "keywords": [ "pnpm", diff --git a/lockfile/fs/CHANGELOG.md b/lockfile/fs/CHANGELOG.md index 43496ed2c9..7aa09c27bd 100644 --- a/lockfile/fs/CHANGELOG.md +++ b/lockfile/fs/CHANGELOG.md @@ -1,5 +1,27 @@ # @pnpm/lockfile-file +## 1100.1.5 + +### Patch Changes + +- d50d691: Close lockfile reads deterministically before rewriting lockfiles and keep pacquet's virtual store directory length aligned with pnpm on Windows. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/deps.path@1100.0.8 + - @pnpm/lockfile.merger@1100.0.11 + - @pnpm/object.key-sorting@1100.0.1 + - @pnpm/lockfile.types@1100.0.11 + ## 1100.1.4 ### Patch Changes diff --git a/lockfile/fs/package.json b/lockfile/fs/package.json index 2e7889db1e..21faa6e796 100644 --- a/lockfile/fs/package.json +++ b/lockfile/fs/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.fs", - "version": "1100.1.4", + "version": "1100.1.5", "description": "Read/write pnpm-lock.yaml files", "keywords": [ "pnpm", diff --git a/lockfile/make-dedicated-lockfile/CHANGELOG.md b/lockfile/make-dedicated-lockfile/CHANGELOG.md index 7e1cbb8f2f..81f35e976b 100644 --- a/lockfile/make-dedicated-lockfile/CHANGELOG.md +++ b/lockfile/make-dedicated-lockfile/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/make-dedicated-lockfile +## 1100.0.19 + +### Patch Changes + +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/lockfile.pruner@1100.0.11 + - @pnpm/releasing.exportable-manifest@1100.1.6 + ## 1100.0.18 ### Patch Changes diff --git a/lockfile/make-dedicated-lockfile/package.json b/lockfile/make-dedicated-lockfile/package.json index 5150aff3a7..d4a28a8a4e 100644 --- a/lockfile/make-dedicated-lockfile/package.json +++ b/lockfile/make-dedicated-lockfile/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.make-dedicated-lockfile", - "version": "1100.0.18", + "version": "1100.0.19", "description": "Creates a dedicated lockfile for a subset of workspace projects", "keywords": [ "pnpm", diff --git a/lockfile/merger/CHANGELOG.md b/lockfile/merger/CHANGELOG.md index 3ed4811737..ec676ff059 100644 --- a/lockfile/merger/CHANGELOG.md +++ b/lockfile/merger/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/merge-lockfile-changes +## 1100.0.11 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.types@1100.0.11 + ## 1100.0.10 ### Patch Changes diff --git a/lockfile/merger/package.json b/lockfile/merger/package.json index b04523dbc7..763308b7a3 100644 --- a/lockfile/merger/package.json +++ b/lockfile/merger/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.merger", - "version": "1100.0.10", + "version": "1100.0.11", "description": "Merges lockfiles. Can automatically fix merge conflicts", "keywords": [ "pnpm", diff --git a/lockfile/preferred-versions/CHANGELOG.md b/lockfile/preferred-versions/CHANGELOG.md index 29e01089a7..7709ae7596 100644 --- a/lockfile/preferred-versions/CHANGELOG.md +++ b/lockfile/preferred-versions/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/lockfile.preferred-versions +## 1100.0.16 + +### Patch Changes + +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/pkg-manifest.utils@1100.2.5 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.0.15 ### Patch Changes diff --git a/lockfile/preferred-versions/package.json b/lockfile/preferred-versions/package.json index 70585c733f..6f4fbe66ad 100644 --- a/lockfile/preferred-versions/package.json +++ b/lockfile/preferred-versions/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.preferred-versions", - "version": "1100.0.15", + "version": "1100.0.16", "description": "Get preferred version from lockfile", "keywords": [ "pnpm", diff --git a/lockfile/pruner/CHANGELOG.md b/lockfile/pruner/CHANGELOG.md index 549c46b469..873c64efae 100644 --- a/lockfile/pruner/CHANGELOG.md +++ b/lockfile/pruner/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/prune-lockfile +## 1100.0.11 + +### Patch Changes + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/deps.path@1100.0.8 + - @pnpm/lockfile.types@1100.0.11 + ## 1100.0.10 ### Patch Changes diff --git a/lockfile/pruner/package.json b/lockfile/pruner/package.json index b814f2f02a..790d87db0a 100644 --- a/lockfile/pruner/package.json +++ b/lockfile/pruner/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.pruner", - "version": "1100.0.10", + "version": "1100.0.11", "description": "Prune a pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/lockfile/settings-checker/CHANGELOG.md b/lockfile/settings-checker/CHANGELOG.md index 914857d4ed..53061feb3f 100644 --- a/lockfile/settings-checker/CHANGELOG.md +++ b/lockfile/settings-checker/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/lockfile.settings-checker +## 1100.0.18 + +### Patch Changes + +- Updated dependencies [a31faa7] + - @pnpm/lockfile.verification@1100.0.18 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/crypto.hash@1100.0.1 + ## 1100.0.17 ### Patch Changes diff --git a/lockfile/settings-checker/package.json b/lockfile/settings-checker/package.json index 2e8602d6a2..74be061045 100644 --- a/lockfile/settings-checker/package.json +++ b/lockfile/settings-checker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.settings-checker", - "version": "1100.0.17", + "version": "1100.0.18", "description": "Utilities to check if lockfile settings are out-of-date", "keywords": [ "pnpm", diff --git a/lockfile/to-pnp/CHANGELOG.md b/lockfile/to-pnp/CHANGELOG.md index 20cd07d235..24a983e7c1 100644 --- a/lockfile/to-pnp/CHANGELOG.md +++ b/lockfile/to-pnp/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/lockfile-to-pnp +## 1100.0.14 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/deps.path@1100.0.8 + ## 1100.0.13 ### Patch Changes diff --git a/lockfile/to-pnp/package.json b/lockfile/to-pnp/package.json index 5943a29b31..24a64e6088 100644 --- a/lockfile/to-pnp/package.json +++ b/lockfile/to-pnp/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.to-pnp", - "version": "1100.0.13", + "version": "1100.0.14", "description": "Creates a Plug'n'Play file from a pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/lockfile/types/CHANGELOG.md b/lockfile/types/CHANGELOG.md index 078dbf3f04..5db180f683 100644 --- a/lockfile/types/CHANGELOG.md +++ b/lockfile/types/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/lockfile-types +## 1100.0.11 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.0.10 ### Patch Changes diff --git a/lockfile/types/package.json b/lockfile/types/package.json index 63f62b19aa..2f501aaf63 100644 --- a/lockfile/types/package.json +++ b/lockfile/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.types", - "version": "1100.0.10", + "version": "1100.0.11", "description": "Types for the pnpm-lock.yaml lockfile", "keywords": [ "pnpm", diff --git a/lockfile/utils/CHANGELOG.md b/lockfile/utils/CHANGELOG.md index 714a2da059..18b9731c1c 100644 --- a/lockfile/utils/CHANGELOG.md +++ b/lockfile/utils/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/lockfile-utils +## 1100.0.13 + +### Patch Changes + +- f20ad8f: Git dependencies that point to a subdirectory of a repository (`repo#commit&path:/sub/dir`) keep their `path` in the lockfile again. Since the integrity of git-hosted tarballs started being pinned in the lockfile, any install that actually downloaded the tarball rebuilt the lockfile resolution as `{ integrity, tarball, gitHosted }` and dropped the `path` field, while installs served from the store kept it — so the field disappeared seemingly at random. Without `path`, later installs from that lockfile silently unpacked the repository root instead of the subdirectory [#12304](https://github.com/pnpm/pnpm/issues/12304). +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/deps.path@1100.0.8 + - @pnpm/hooks.types@1100.0.12 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.0.12 ### Patch Changes diff --git a/lockfile/utils/package.json b/lockfile/utils/package.json index 8d04a12a5c..ec069bb32f 100644 --- a/lockfile/utils/package.json +++ b/lockfile/utils/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.utils", - "version": "1100.0.12", + "version": "1100.0.13", "description": "Utils for dealing with pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/lockfile/verification/CHANGELOG.md b/lockfile/verification/CHANGELOG.md index ddee8c6bfd..26aa1c1574 100644 --- a/lockfile/verification/CHANGELOG.md +++ b/lockfile/verification/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/lockfile.verification +## 1100.0.18 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/installing.context@1100.0.18 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/deps.path@1100.0.8 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/crypto.hash@1100.0.1 + ## 1100.0.17 ### Patch Changes diff --git a/lockfile/verification/package.json b/lockfile/verification/package.json index 535f54c4a7..e6990aae80 100644 --- a/lockfile/verification/package.json +++ b/lockfile/verification/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.verification", - "version": "1100.0.17", + "version": "1100.0.18", "description": "Checks a lockfile", "keywords": [ "pnpm", diff --git a/lockfile/walker/CHANGELOG.md b/lockfile/walker/CHANGELOG.md index d4f59b5e21..517a9d3f72 100644 --- a/lockfile/walker/CHANGELOG.md +++ b/lockfile/walker/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/lockfile-walker +## 1100.0.11 + +### Patch Changes + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/deps.path@1100.0.8 + - @pnpm/lockfile.types@1100.0.11 + ## 1100.0.10 ### Patch Changes diff --git a/lockfile/walker/package.json b/lockfile/walker/package.json index b471424ce9..f0e0ffea52 100644 --- a/lockfile/walker/package.json +++ b/lockfile/walker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.walker", - "version": "1100.0.10", + "version": "1100.0.11", "description": "Walk over all the dependencies in a lockfile", "keywords": [ "pnpm", diff --git a/modules-mounter/daemon/CHANGELOG.md b/modules-mounter/daemon/CHANGELOG.md index bf85e16d79..aa9317837c 100644 --- a/modules-mounter/daemon/CHANGELOG.md +++ b/modules-mounter/daemon/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/mount-modules +## 1100.0.22 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/store.index@1100.2.0 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/deps.path@1100.0.8 + - @pnpm/store.cafs@1100.1.10 + ## 1100.0.21 ### Patch Changes diff --git a/modules-mounter/daemon/package.json b/modules-mounter/daemon/package.json index 3e58a534f0..c4dcfd05aa 100644 --- a/modules-mounter/daemon/package.json +++ b/modules-mounter/daemon/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/modules-mounter.daemon", - "version": "1100.0.21", + "version": "1100.0.22", "description": "Mounts a node_modules directory with FUSE", "keywords": [ "pnpm", diff --git a/network/auth-header/CHANGELOG.md b/network/auth-header/CHANGELOG.md index 082010c224..b8b1614658 100644 --- a/network/auth-header/CHANGELOG.md +++ b/network/auth-header/CHANGELOG.md @@ -1,5 +1,39 @@ # @pnpm/network.auth-header +## 1101.1.2 + +### Patch Changes + +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1101.1.1 ### Patch Changes diff --git a/network/auth-header/package.json b/network/auth-header/package.json index e1cdf652ed..79cc9daacd 100644 --- a/network/auth-header/package.json +++ b/network/auth-header/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/network.auth-header", - "version": "1101.1.1", + "version": "1101.1.2", "description": "Gets the authorization header for the given URI", "keywords": [ "pnpm", diff --git a/network/fetch/CHANGELOG.md b/network/fetch/CHANGELOG.md index 1f5067ed0e..0b62101652 100644 --- a/network/fetch/CHANGELOG.md +++ b/network/fetch/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/fetch +## 1100.1.3 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/fetching.types@1100.0.2 + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + ## 1100.1.2 ### Patch Changes diff --git a/network/fetch/package.json b/network/fetch/package.json index 73b5fb93fa..364e496644 100644 --- a/network/fetch/package.json +++ b/network/fetch/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/network.fetch", - "version": "1100.1.2", + "version": "1100.1.3", "description": "Native fetch with retries", "keywords": [ "pnpm", diff --git a/network/web-auth/CHANGELOG.md b/network/web-auth/CHANGELOG.md index f3f0fe1138..9e48a30041 100644 --- a/network/web-auth/CHANGELOG.md +++ b/network/web-auth/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/network.web-auth +## 1101.1.1 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + ## 1101.1.0 ### Minor Changes diff --git a/network/web-auth/package.json b/network/web-auth/package.json index 4ede8cee43..19962ca6a1 100644 --- a/network/web-auth/package.json +++ b/network/web-auth/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/network.web-auth", - "version": "1101.1.0", + "version": "1101.1.1", "description": "Web-based authentication flow with QR code display and token polling", "keywords": [ "pnpm", diff --git a/object/key-sorting/CHANGELOG.md b/object/key-sorting/CHANGELOG.md index e2612c6070..a8fc8037df 100644 --- a/object/key-sorting/CHANGELOG.md +++ b/object/key-sorting/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/object.key-sorting +## 1100.0.1 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + ## 1001.0.0 ### Major Changes diff --git a/object/key-sorting/package.json b/object/key-sorting/package.json index 259b547dab..5be193dc94 100644 --- a/object/key-sorting/package.json +++ b/object/key-sorting/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/object.key-sorting", - "version": "1100.0.0", + "version": "1100.0.1", "description": "Sorting the keys of an object", "keywords": [ "pnpm", diff --git a/patching/apply-patch/CHANGELOG.md b/patching/apply-patch/CHANGELOG.md index c130b617c2..659a9797f3 100644 --- a/patching/apply-patch/CHANGELOG.md +++ b/patching/apply-patch/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/patching.apply-patch +## 1100.0.2 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + ## 1100.0.1 ### Patch Changes diff --git a/patching/apply-patch/package.json b/patching/apply-patch/package.json index d19c9ea1e4..a1363222ae 100644 --- a/patching/apply-patch/package.json +++ b/patching/apply-patch/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/patching.apply-patch", - "version": "1100.0.1", + "version": "1100.0.2", "description": "Apply a patch to a directory", "keywords": [ "pnpm", diff --git a/patching/commands/CHANGELOG.md b/patching/commands/CHANGELOG.md index b0a0673723..c0f231d401 100644 --- a/patching/commands/CHANGELOG.md +++ b/patching/commands/CHANGELOG.md @@ -1,5 +1,42 @@ # @pnpm/plugin-commands-patching +## 1100.1.5 + +### Patch Changes + +- 612a2e6: Prevent `pnpm patch-remove` from removing files outside the configured patches directory. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [8dcd9a0] +- Updated dependencies [86e70d2] +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [ab0b7d1] +- Updated dependencies [74a2dc9] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/installing.commands@1100.9.0 + - @pnpm/config.reader@1101.9.0 + - @pnpm/store.connection-manager@1100.3.0 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/patching.apply-patch@1100.0.2 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/fetching.pick-fetcher@1100.0.12 + - @pnpm/config.writer@1100.0.13 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/pkg-manifest.reader@1100.0.8 + - @pnpm/workspace.workspace-manifest-reader@1100.0.8 + - @pnpm/crypto.hash@1100.0.1 + ## 1100.1.4 ### Patch Changes diff --git a/patching/commands/package.json b/patching/commands/package.json index 13218b05a5..d1d40386dc 100644 --- a/patching/commands/package.json +++ b/patching/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/patching.commands", - "version": "1100.1.4", + "version": "1100.1.5", "description": "Commands for creating patches", "keywords": [ "pnpm", diff --git a/patching/config/CHANGELOG.md b/patching/config/CHANGELOG.md index d7f51b84aa..37024ca925 100644 --- a/patching/config/CHANGELOG.md +++ b/patching/config/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/patching.config +## 1100.0.8 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [a31faa7] + - @pnpm/deps.path@1100.0.8 + ## 1100.0.7 ### Patch Changes diff --git a/patching/config/package.json b/patching/config/package.json index 0728f24ed7..5f60a030a9 100644 --- a/patching/config/package.json +++ b/patching/config/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/patching.config", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Functions related to patching configurations", "keywords": [ "pnpm", diff --git a/pkg-manifest/commands/CHANGELOG.md b/pkg-manifest/commands/CHANGELOG.md index 151bcdd1df..f30f0c1dde 100644 --- a/pkg-manifest/commands/CHANGELOG.md +++ b/pkg-manifest/commands/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/pkg-manifest.commands +## 1100.1.6 + +### Patch Changes + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/types@1101.3.2 + - @pnpm/cli.utils@1101.0.12 + ## 1100.1.5 ### Patch Changes diff --git a/pkg-manifest/commands/package.json b/pkg-manifest/commands/package.json index fe9725e85d..a0b4f3e136 100644 --- a/pkg-manifest/commands/package.json +++ b/pkg-manifest/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/pkg-manifest.commands", - "version": "1100.1.5", + "version": "1100.1.6", "description": "Commands for managing package.json", "keywords": [ "pnpm", diff --git a/pkg-manifest/reader/CHANGELOG.md b/pkg-manifest/reader/CHANGELOG.md index d0c845d771..02caae80d2 100644 --- a/pkg-manifest/reader/CHANGELOG.md +++ b/pkg-manifest/reader/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/read-package-json +## 1100.0.8 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.7 ### Patch Changes diff --git a/pkg-manifest/reader/package.json b/pkg-manifest/reader/package.json index 9654a2e0d9..cf03666108 100644 --- a/pkg-manifest/reader/package.json +++ b/pkg-manifest/reader/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/pkg-manifest.reader", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Read a package.json", "keywords": [ "pnpm", diff --git a/pkg-manifest/utils/CHANGELOG.md b/pkg-manifest/utils/CHANGELOG.md index 0433dde59b..6b2c2db863 100644 --- a/pkg-manifest/utils/CHANGELOG.md +++ b/pkg-manifest/utils/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/manifest-utils +## 1100.2.5 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/deps.peer-range@1100.0.2 + ## 1100.2.4 ### Patch Changes diff --git a/pkg-manifest/utils/package.json b/pkg-manifest/utils/package.json index 4a4e859a6c..7f82fafc50 100644 --- a/pkg-manifest/utils/package.json +++ b/pkg-manifest/utils/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/pkg-manifest.utils", - "version": "1100.2.4", + "version": "1100.2.5", "description": "Utils for dealing with package manifest", "keywords": [ "pnpm", diff --git a/pnpm/CHANGELOG.md b/pnpm/CHANGELOG.md index 57b2891c17..4740f4f11a 100644 --- a/pnpm/CHANGELOG.md +++ b/pnpm/CHANGELOG.md @@ -1,5 +1,66 @@ # pnpm +## 11.7.0 + +### Minor Changes + +- Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. +- When [`pacquet`](https://github.com/pnpm/pnpm/tree/main/pacquet) (the Rust port of pnpm) is declared in `configDependencies`, pnpm now delegates dependency **resolution** to it too — not just materialization — provided the installed pacquet is new enough to support full resolving installs (>= 0.11.7). + + Previously pacquet only ran in frozen-install mode: pnpm always resolved the dependency graph itself (writing `pnpm-lock.yaml`) and handed pacquet a finished lockfile to fetch / import / link. With pacquet >= 0.11.7, a non-frozen `pnpm install` (default isolated `nodeLinker`, plain install) is delegated to pacquet end-to-end in a single pass — pacquet resolves the manifests, writes the lockfile, and materializes `node_modules`. pnpm detects the capability from the installed pacquet's version; older pacquet releases keep the resolve-then-materialize split, and `add` / `update` / `remove` still resolve in pnpm (it has to mutate the manifests first). This remains an opt-in preview of the Rust install engine [#11723](https://github.com/pnpm/pnpm/issues/11723). +- Added a new opt-in `--batch` flag to `pnpm publish --recursive` that sends all selected packages to the registry in a single `PUT /-/pnpm/v1/publish` request instead of one request per package. The target registry has to implement the batch publish endpoint (pnpr does); registries that don't are reported with a clear `ERR_PNPM_BATCH_PUBLISH_UNSUPPORTED` error. The batch is processed all-or-nothing by pnpr: if any package in the batch fails validation, none of the packages are published. + +### Patch Changes + +- Reject path-traversal and reserved dependency aliases (such as `../../../escape`, `.bin`, `.pnpm`, or `node_modules`) that come from a lockfile rather than a freshly resolved manifest. A crafted lockfile alias could otherwise be joined directly under a hoisted `node_modules` directory, letting package files be written outside the intended install root or overwrite pnpm-owned layout. + + The fix adds two layers: + + - The `nodeLinker: hoisted` graph builder now validates each alias at the directory sink (`safeJoinModulesDir`), matching the validation pnpm already performs when resolving aliases from manifests. + - The lockfile verification gate (`verifyLockfileResolutions`) now runs an always-on, policy-independent check that rejects any importer or snapshot dependency alias that is not a valid package name, failing the install early — before any fetch or filesystem work — for every node linker at once. + +- Made shared package child resolution deterministic when the same package is reached through multiple contexts. pnpm now chooses the shallowest occurrence, then importer order, then parent path, instead of letting request timing decide the child context and missing-peer report [pnpm/pnpm#12358](https://github.com/pnpm/pnpm/issues/12358). +- Fix garbled summary line after submitting `pnpm update -i` and `pnpm audit --fix -i`. The interactive checkbox prompt previously printed every selected choice's full table row (label, current/target versions, workspace, URL) joined by commas, producing a wall of text after pressing Enter. The summary now lists only the selected package names (or vulnerability keys) by setting an explicit `short` per choice; the in-progress selection UI is unchanged. +- Prevent `pnpm patch-remove` from removing files outside the configured patches directory. +- Fixed `pnpm publish` ignoring `strictSsl: false` when publishing to registries with self-signed certificates. The `strictSSL` option is now forwarded to `libnpmpublish` / `npm-registry-fetch` so that `strict-ssl=false` in `.npmrc` or `strictSsl: false` in `pnpm-workspace.yaml` is respected during publish, the same way it is for `pnpm install` [pnpm/pnpm#12012](https://github.com/pnpm/pnpm/issues/12012). +- Fixed `Cannot destructure property 'manifest' of 'manifestsByPath[rootDir]' as it is undefined` regression introduced in 11.6.0 when running `pnpm add ` outside a workspace on Windows. `selectProjectByDir` was keying the resulting `ProjectsGraph` by `opts.dir` instead of `project.rootDir`, so downstream `manifestsByPath` lookups missed when the two paths normalized differently (typically drive-letter casing). [pnpm/pnpm#12379](https://github.com/pnpm/pnpm/issues/12379) +- Git dependencies that point to a subdirectory of a repository (`repo#commit&path:/sub/dir`) keep their `path` in the lockfile again. Since the integrity of git-hosted tarballs started being pinned in the lockfile, any install that actually downloaded the tarball rebuilt the lockfile resolution as `{ integrity, tarball, gitHosted }` and dropped the `path` field, while installs served from the store kept it — so the field disappeared seemingly at random. Without `path`, later installs from that lockfile silently unpacked the repository root instead of the subdirectory [#12304](https://github.com/pnpm/pnpm/issues/12304). +- Fixed nondeterministic lockfile output that made `pnpm dedupe --check` fail intermittently in CI. When a locked peer provider was pinned for a dependency that has no child dependencies of its own, the pinned provider leaked into the shared parent scope, so siblings resolved after it could pick up an optional peer they should not see. Which siblings were affected depended on resolution order, which varies with network timing. +- Sped up `pnpm install` with a frozen lockfile by running lockfile verification (the policy revalidation gate added for `minimumReleaseAge`/`trustPolicy` and the tarball-URL anti-tamper check) concurrently with fetching and linking instead of blocking the whole install on it. Dependency lifecycle scripts are still held back until verification succeeds, so no script runs on an unverified lockfile: if verification fails the install aborts before any dependency build, and if linking finishes first the install waits for the verification verdict before completing. +- User-defined `npm_config_*` environment variables are now preserved during lifecycle script execution. Previously, all `npm_`-prefixed env vars were stripped, which caused user-set variables like `npm_config_platform_arch` to be lost [pnpm/pnpm#12399](https://github.com/pnpm/pnpm/issues/12399). +- pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + +- `pnpm setup` no longer prompts to approve build scripts for `@pnpm/exe` when installing the standalone executable. pnpm links the platform-specific binary itself, so the package's install scripts are skipped during the global self-install [#12377](https://github.com/pnpm/pnpm/issues/12377). +- Close lockfile reads deterministically before rewriting lockfiles and keep pacquet's virtual store directory length aligned with pnpm on Windows. +- A `304 Not Modified` answer from the registry now renews the cached metadata file's mtime, so the `minimumReleaseAge` freshness shortcut keeps serving resolutions from the cache. Previously, once a cached packument grew older than `minimumReleaseAge`, every subsequent install re-validated it against the registry forever, because a 304 never rewrites the file. +- Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated `@zkochan/cmd-shim` to v9.0.6. +- Fixed a Windows-only hang where a failed command could take 20–46 seconds to exit. On error, pnpm enumerates descendant processes (via `pidtree`) to terminate them, which on Windows shells out to `wmic`/PowerShell `Get-CimInstance Win32_Process` — a lookup that is extremely slow on some machines. The lookup is now bounded by a short timeout so it can no longer stall the process exit. + ## 11.6.0 ### Minor Changes diff --git a/pnpm/artifacts/darwin-arm64/package.json b/pnpm/artifacts/darwin-arm64/package.json index 450de63683..4f70cb517b 100644 --- a/pnpm/artifacts/darwin-arm64/package.json +++ b/pnpm/artifacts/darwin-arm64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/macos-arm64", - "version": "11.6.0", + "version": "11.7.0", "keywords": [ "pnpm", "pnpm11", diff --git a/pnpm/artifacts/exe/CHANGELOG.md b/pnpm/artifacts/exe/CHANGELOG.md index 79f6707fee..00120fb3af 100644 --- a/pnpm/artifacts/exe/CHANGELOG.md +++ b/pnpm/artifacts/exe/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/exe +## 11.6.1 + +### Patch Changes + +- cd8348c: Updated `@zkochan/cmd-shim` to v9.0.6. + ## 11.0.7 ### Patch Changes diff --git a/pnpm/artifacts/exe/package.json b/pnpm/artifacts/exe/package.json index b922fa941e..8ed94af9f5 100644 --- a/pnpm/artifacts/exe/package.json +++ b/pnpm/artifacts/exe/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exe", - "version": "11.6.0", + "version": "11.7.0", "description": "Fast, disk space efficient package manager", "keywords": [ "pnpm", diff --git a/pnpm/artifacts/linux-arm64-musl/package.json b/pnpm/artifacts/linux-arm64-musl/package.json index db937b435b..ceabe04527 100644 --- a/pnpm/artifacts/linux-arm64-musl/package.json +++ b/pnpm/artifacts/linux-arm64-musl/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/linuxstatic-arm64", - "version": "11.6.0", + "version": "11.7.0", "keywords": [ "pnpm", "pnpm11", diff --git a/pnpm/artifacts/linux-arm64/package.json b/pnpm/artifacts/linux-arm64/package.json index 69c66b2e98..4f5d11540e 100644 --- a/pnpm/artifacts/linux-arm64/package.json +++ b/pnpm/artifacts/linux-arm64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/linux-arm64", - "version": "11.6.0", + "version": "11.7.0", "keywords": [ "pnpm", "pnpm11", diff --git a/pnpm/artifacts/linux-x64-musl/package.json b/pnpm/artifacts/linux-x64-musl/package.json index 6d47a6836e..db62944080 100644 --- a/pnpm/artifacts/linux-x64-musl/package.json +++ b/pnpm/artifacts/linux-x64-musl/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/linuxstatic-x64", - "version": "11.6.0", + "version": "11.7.0", "keywords": [ "pnpm", "pnpm11", diff --git a/pnpm/artifacts/linux-x64/package.json b/pnpm/artifacts/linux-x64/package.json index fbcb6cbf4e..0bd94976bd 100644 --- a/pnpm/artifacts/linux-x64/package.json +++ b/pnpm/artifacts/linux-x64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/linux-x64", - "version": "11.6.0", + "version": "11.7.0", "keywords": [ "pnpm", "pnpm11", diff --git a/pnpm/artifacts/win32-arm64/package.json b/pnpm/artifacts/win32-arm64/package.json index 7bb1614950..4f275b1496 100644 --- a/pnpm/artifacts/win32-arm64/package.json +++ b/pnpm/artifacts/win32-arm64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/win-arm64", - "version": "11.6.0", + "version": "11.7.0", "keywords": [ "pnpm", "pnpm11", diff --git a/pnpm/artifacts/win32-x64/package.json b/pnpm/artifacts/win32-x64/package.json index c8b1842f16..2f80fb2e92 100644 --- a/pnpm/artifacts/win32-x64/package.json +++ b/pnpm/artifacts/win32-x64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/win-x64", - "version": "11.6.0", + "version": "11.7.0", "keywords": [ "pnpm", "pnpm11", diff --git a/pnpm/dev/CHANGELOG.md b/pnpm/dev/CHANGELOG.md index bc16192e8f..c650225976 100644 --- a/pnpm/dev/CHANGELOG.md +++ b/pnpm/dev/CHANGELOG.md @@ -1,5 +1,13 @@ # pd +## 1100.0.15 + +### Patch Changes + +- Updated dependencies [a31faa7] + - @pnpm/workspace.projects-reader@1101.0.12 + - @pnpm/workspace.workspace-manifest-reader@1100.0.8 + ## 1100.0.14 ### Patch Changes diff --git a/pnpm/dev/package.json b/pnpm/dev/package.json index cf92db3c84..a7eafe1f82 100644 --- a/pnpm/dev/package.json +++ b/pnpm/dev/package.json @@ -1,6 +1,6 @@ { "name": "pd", - "version": "1100.0.14", + "version": "1100.0.15", "bin": "pd.js", "private": true, "type": "module", diff --git a/pnpm/package.json b/pnpm/package.json index 221e4fa60a..62cfdcda31 100644 --- a/pnpm/package.json +++ b/pnpm/package.json @@ -1,6 +1,6 @@ { "name": "pnpm", - "version": "11.6.0", + "version": "11.7.0", "description": "Fast, disk space efficient package manager", "keywords": [ "pnpm", diff --git a/pnpr/client/CHANGELOG.md b/pnpr/client/CHANGELOG.md index 73a026d8a0..8ba30d8f36 100644 --- a/pnpr/client/CHANGELOG.md +++ b/pnpr/client/CHANGELOG.md @@ -1,5 +1,34 @@ # @pnpm/agent.client +## 1.2.1 + +### Patch Changes + +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/lockfile.types@1100.0.11 + ## 1.2.0 ### Minor Changes diff --git a/pnpr/client/package.json b/pnpr/client/package.json index b9fa7d427c..1f3a640340 100644 --- a/pnpr/client/package.json +++ b/pnpr/client/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/pnpr.client", - "version": "1.2.0", + "version": "1.2.1", "description": "Client for the pnpr server — resolves a project server-side and receives the resolved lockfile", "keywords": [ "pnpm", diff --git a/registry-access/client/CHANGELOG.md b/registry-access/client/CHANGELOG.md index a3dc69d5c1..de6a4859ba 100644 --- a/registry-access/client/CHANGELOG.md +++ b/registry-access/client/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/registry-access.client +## 1100.1.4 + +### Patch Changes + +- Updated dependencies [a31faa7] + - @pnpm/network.fetch@1100.1.3 + - @pnpm/network.web-auth@1101.1.1 + ## 1100.1.3 ### Patch Changes diff --git a/registry-access/client/package.json b/registry-access/client/package.json index 213ef35953..d928b9423f 100644 --- a/registry-access/client/package.json +++ b/registry-access/client/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/registry-access.client", - "version": "1100.1.3", + "version": "1100.1.4", "description": "Low-level helpers for npm-registry HTTP endpoints (PUT dist-tag, PUT user, etc.)", "keywords": [ "pnpm", diff --git a/registry-access/commands/CHANGELOG.md b/registry-access/commands/CHANGELOG.md index 65c3392161..aeb27830a1 100644 --- a/registry-access/commands/CHANGELOG.md +++ b/registry-access/commands/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/registry-access.commands +## 1100.3.4 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/network.auth-header@1101.1.2 + - @pnpm/types@1101.3.2 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/network.fetch@1100.1.3 + - @pnpm/network.web-auth@1101.1.1 + - @pnpm/config.pick-registry-for-package@1100.0.9 + - @pnpm/resolving.registry.types@1100.1.3 + - @pnpm/registry-access.client@1100.1.4 + ## 1100.3.3 ### Patch Changes diff --git a/registry-access/commands/package.json b/registry-access/commands/package.json index a41995f106..1ade45254b 100644 --- a/registry-access/commands/package.json +++ b/registry-access/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/registry-access.commands", - "version": "1100.3.3", + "version": "1100.3.4", "description": "Commands for managing packages on the registry", "keywords": [ "pnpm", diff --git a/releasing/commands/CHANGELOG.md b/releasing/commands/CHANGELOG.md index e86cb8b5e3..e7e96d9199 100644 --- a/releasing/commands/CHANGELOG.md +++ b/releasing/commands/CHANGELOG.md @@ -1,5 +1,73 @@ # @pnpm/releasing.commands +## 1100.5.0 + +### Minor Changes + +- f1521cf: Added a new opt-in `--batch` flag to `pnpm publish --recursive` that sends all selected packages to the registry in a single `PUT /-/pnpm/v1/publish` request instead of one request per package. The target registry has to implement the batch publish endpoint (pnpr does); registries that don't are reported with a clear `ERR_PNPM_BATCH_PUBLISH_UNSUPPORTED` error. The batch is processed all-or-nothing by pnpr: if any package in the batch fails validation, none of the packages are published. + +### Patch Changes + +- 7cdf9f8: Fixed `pnpm publish` ignoring `strictSsl: false` when publishing to registries with self-signed certificates. The `strictSSL` option is now forwarded to `libnpmpublish` / `npm-registry-fetch` so that `strict-ssl=false` in `.npmrc` or `strictSsl: false` in `pnpm-workspace.yaml` is respected during publish, the same way it is for `pnpm install` [pnpm/pnpm#12012](https://github.com/pnpm/pnpm/issues/12012). +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [8dcd9a0] +- Updated dependencies [86e70d2] +- Updated dependencies [61810aa] +- Updated dependencies [ab0b7d1] +- Updated dependencies [74a2dc9] +- Updated dependencies [23716ed] +- Updated dependencies [681b593] +- Updated dependencies [d50d691] +- Updated dependencies [a31faa7] + - @pnpm/installing.commands@1100.9.0 + - @pnpm/config.reader@1101.9.0 + - @pnpm/exec.lifecycle@1100.0.18 + - @pnpm/network.auth-header@1101.1.2 + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.fs@1100.1.5 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/deps.path@1100.0.8 + - @pnpm/engine.runtime.commands@1100.1.5 + - @pnpm/engine.runtime.node-resolver@1101.1.7 + - @pnpm/fetching.directory-fetcher@1100.0.17 + - @pnpm/fs.indexed-pkg-importer@1100.0.14 + - @pnpm/network.fetch@1100.1.3 + - @pnpm/network.web-auth@1101.1.1 + - @pnpm/installing.client@1100.2.8 + - @pnpm/bins.resolver@1100.0.8 + - @pnpm/config.pick-registry-for-package@1100.0.9 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/releasing.exportable-manifest@1100.1.6 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/workspace.projects-filter@1100.0.21 + - @pnpm/workspace.projects-sorter@1100.0.7 + ## 1100.4.4 ### Patch Changes diff --git a/releasing/commands/package.json b/releasing/commands/package.json index 23271804a2..99e10fe63f 100644 --- a/releasing/commands/package.json +++ b/releasing/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/releasing.commands", - "version": "1100.4.4", + "version": "1100.5.0", "description": "Commands for deploy, pack, and publish", "keywords": [ "pnpm", diff --git a/releasing/exportable-manifest/CHANGELOG.md b/releasing/exportable-manifest/CHANGELOG.md index 6ed77eaddc..a460e8478c 100644 --- a/releasing/exportable-manifest/CHANGELOG.md +++ b/releasing/exportable-manifest/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/exportable-manifest +## 1100.1.6 + +### Patch Changes + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/bins.resolver@1100.0.8 + ## 1100.1.5 ### Patch Changes diff --git a/releasing/exportable-manifest/package.json b/releasing/exportable-manifest/package.json index 5562d79f66..71aed50f23 100644 --- a/releasing/exportable-manifest/package.json +++ b/releasing/exportable-manifest/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/releasing.exportable-manifest", - "version": "1100.1.5", + "version": "1100.1.6", "description": "Creates an exportable manifest", "keywords": [ "pnpm", diff --git a/resolving/default-resolver/CHANGELOG.md b/resolving/default-resolver/CHANGELOG.md index 59d4cf83c4..e5276e163a 100644 --- a/resolving/default-resolver/CHANGELOG.md +++ b/resolving/default-resolver/CHANGELOG.md @@ -1,5 +1,46 @@ # @pnpm/default-resolver +## 1100.3.8 + +### Patch Changes + +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/fetching.types@1100.0.2 + - @pnpm/network.auth-header@1101.1.2 + - @pnpm/types@1101.3.2 + - @pnpm/engine.runtime.bun-resolver@1102.0.0 + - @pnpm/engine.runtime.deno-resolver@1102.0.0 + - @pnpm/engine.runtime.node-resolver@1101.1.7 + - @pnpm/resolving.git-resolver@1100.1.6 + - @pnpm/resolving.local-resolver@1101.1.6 + - @pnpm/resolving.tarball-resolver@1100.1.4 + - @pnpm/hooks.types@1100.0.12 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.3.7 ### Patch Changes diff --git a/resolving/default-resolver/package.json b/resolving/default-resolver/package.json index 92053ef4f1..c0d86a8cf3 100644 --- a/resolving/default-resolver/package.json +++ b/resolving/default-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.default-resolver", - "version": "1100.3.7", + "version": "1100.3.8", "description": "pnpm's default package resolver", "keywords": [ "pnpm", diff --git a/resolving/git-resolver/CHANGELOG.md b/resolving/git-resolver/CHANGELOG.md index 4c4e70ec31..730f537d2f 100644 --- a/resolving/git-resolver/CHANGELOG.md +++ b/resolving/git-resolver/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/git-resolver +## 1100.1.6 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [a31faa7] + - @pnpm/network.fetch@1100.1.3 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.1.5 ### Patch Changes diff --git a/resolving/git-resolver/package.json b/resolving/git-resolver/package.json index 18360d7cac..bbe3586cc6 100644 --- a/resolving/git-resolver/package.json +++ b/resolving/git-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.git-resolver", - "version": "1100.1.5", + "version": "1100.1.6", "description": "Resolver for git-hosted packages", "keywords": [ "pnpm", diff --git a/resolving/local-resolver/CHANGELOG.md b/resolving/local-resolver/CHANGELOG.md index cc9547721f..686193f9e2 100644 --- a/resolving/local-resolver/CHANGELOG.md +++ b/resolving/local-resolver/CHANGELOG.md @@ -1,5 +1,23 @@ # @pnpm/local-resolver +## 1101.1.6 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/crypto.hash@1100.0.1 + ## 1101.1.5 ### Patch Changes diff --git a/resolving/local-resolver/package.json b/resolving/local-resolver/package.json index 9a040df844..0e3197327e 100644 --- a/resolving/local-resolver/package.json +++ b/resolving/local-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.local-resolver", - "version": "1101.1.5", + "version": "1101.1.6", "description": "Resolver for local packages", "keywords": [ "pnpm", diff --git a/resolving/npm-resolver/CHANGELOG.md b/resolving/npm-resolver/CHANGELOG.md index efcbb6f021..b71a889b97 100644 --- a/resolving/npm-resolver/CHANGELOG.md +++ b/resolving/npm-resolver/CHANGELOG.md @@ -1,5 +1,55 @@ # @pnpm/npm-resolver +## 1102.0.0 + +### Patch Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. +- 681b593: pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL. + + Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope. + + Configure a scope-specific token by adding the package scope after the registry URL in the auth key: + + ```ini + @org-a:registry=https://npm.pkg.github.com/ + @org-b:registry=https://npm.pkg.github.com/ + + //npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN} + //npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN} + + //npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN} + ``` + + `pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key. + + When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token. + +- 1310ab5: A `304 Not Modified` answer from the registry now renews the cached metadata file's mtime, so the `minimumReleaseAge` freshness shortcut keeps serving resolutions from the cache. Previously, once a cached packument grew older than `minimumReleaseAge`, every subsequent install re-validated it against the registry forever, because a 304 never rewrites the file. +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/worker@1100.2.0 + - @pnpm/fetching.types@1100.0.2 + - @pnpm/types@1101.3.2 + - @pnpm/config.version-policy@1100.1.5 + - @pnpm/core-loggers@1100.2.1 + - @pnpm/resolving.registry.pkg-metadata-filter@1100.0.9 + - @pnpm/store.cafs@1100.1.10 + - @pnpm/workspace.range-resolver@1100.0.2 + - @pnpm/config.pick-registry-for-package@1100.0.9 + - @pnpm/resolving.registry.types@1100.1.3 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/crypto.hash@1100.0.1 + ## 1101.5.2 ### Patch Changes diff --git a/resolving/npm-resolver/package.json b/resolving/npm-resolver/package.json index aca41cca5c..28ac7bf97f 100644 --- a/resolving/npm-resolver/package.json +++ b/resolving/npm-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.npm-resolver", - "version": "1101.5.2", + "version": "1102.0.0", "description": "Resolver for npm-hosted packages", "keywords": [ "pnpm", diff --git a/resolving/registry/pkg-metadata-filter/CHANGELOG.md b/resolving/registry/pkg-metadata-filter/CHANGELOG.md index f1b6ec76ec..a169ab3ab0 100644 --- a/resolving/registry/pkg-metadata-filter/CHANGELOG.md +++ b/resolving/registry/pkg-metadata-filter/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/registry.pkg-metadata-filter +## 1100.0.9 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + - @pnpm/resolving.registry.types@1100.1.3 + ## 1100.0.8 ### Patch Changes diff --git a/resolving/registry/pkg-metadata-filter/package.json b/resolving/registry/pkg-metadata-filter/package.json index 9fa0d8d6ae..932c66d992 100644 --- a/resolving/registry/pkg-metadata-filter/package.json +++ b/resolving/registry/pkg-metadata-filter/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.registry.pkg-metadata-filter", - "version": "1100.0.8", + "version": "1100.0.9", "description": "Filters the package metadata from the registry", "keywords": [ "pnpm", diff --git a/resolving/registry/types/CHANGELOG.md b/resolving/registry/types/CHANGELOG.md index 0f9fb85369..7dc2dee83a 100644 --- a/resolving/registry/types/CHANGELOG.md +++ b/resolving/registry/types/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/registry.types +## 1100.1.3 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.1.2 ### Patch Changes diff --git a/resolving/registry/types/package.json b/resolving/registry/types/package.json index 55fa1c4c43..9ee67da976 100644 --- a/resolving/registry/types/package.json +++ b/resolving/registry/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.registry.types", - "version": "1100.1.2", + "version": "1100.1.3", "description": "Types related to the npm registry", "keywords": [ "pnpm", diff --git a/resolving/resolver-base/CHANGELOG.md b/resolving/resolver-base/CHANGELOG.md index 33ad74ca43..26e2033411 100644 --- a/resolving/resolver-base/CHANGELOG.md +++ b/resolving/resolver-base/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/resolver-base +## 1100.4.2 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.4.1 ### Patch Changes diff --git a/resolving/resolver-base/package.json b/resolving/resolver-base/package.json index 71b9df8ee5..17fcb7c2f2 100644 --- a/resolving/resolver-base/package.json +++ b/resolving/resolver-base/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.resolver-base", - "version": "1100.4.1", + "version": "1100.4.2", "description": "Types for pnpm-compatible resolvers", "keywords": [ "pnpm", diff --git a/resolving/tarball-resolver/CHANGELOG.md b/resolving/tarball-resolver/CHANGELOG.md index c12e1ddd9d..7bfd0bfed3 100644 --- a/resolving/tarball-resolver/CHANGELOG.md +++ b/resolving/tarball-resolver/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/tarball-resolver +## 1100.1.4 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/fetching.types@1100.0.2 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.1.3 ### Patch Changes diff --git a/resolving/tarball-resolver/package.json b/resolving/tarball-resolver/package.json index 0a7a7a0952..0645f84f5a 100644 --- a/resolving/tarball-resolver/package.json +++ b/resolving/tarball-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.tarball-resolver", - "version": "1100.1.3", + "version": "1100.1.4", "description": "Resolver for tarball dependencies", "keywords": [ "pnpm", diff --git a/store/cafs/CHANGELOG.md b/store/cafs/CHANGELOG.md index ae40035c07..a79ee85c6c 100644 --- a/store/cafs/CHANGELOG.md +++ b/store/cafs/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/store.cafs +## 1100.1.10 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/fetching.fetcher-base@1100.1.9 + - @pnpm/store.controller-types@1100.1.5 + ## 1100.1.9 ### Patch Changes diff --git a/store/cafs/package.json b/store/cafs/package.json index c5278f2d21..58beee9319 100644 --- a/store/cafs/package.json +++ b/store/cafs/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store.cafs", - "version": "1100.1.9", + "version": "1100.1.10", "description": "A content-addressable filesystem for the packages storage", "keywords": [ "pnpm", diff --git a/store/commands/CHANGELOG.md b/store/commands/CHANGELOG.md index f71679c8a0..fbbb07b270 100644 --- a/store/commands/CHANGELOG.md +++ b/store/commands/CHANGELOG.md @@ -1,5 +1,36 @@ # @pnpm/store.commands +## 1100.0.26 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [f20ad8f] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/store.index@1100.2.0 + - @pnpm/store.connection-manager@1100.3.0 + - @pnpm/installing.context@1100.0.18 + - @pnpm/lockfile.utils@1100.0.13 + - @pnpm/types@1101.3.2 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/deps.path@1100.0.8 + - @pnpm/global.packages@1100.0.8 + - @pnpm/object.key-sorting@1100.0.1 + - @pnpm/store.cafs@1100.1.10 + - @pnpm/installing.client@1100.2.8 + - @pnpm/config.normalize-registries@1100.0.8 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/store.controller-types@1100.1.5 + ## 1100.0.25 ### Patch Changes diff --git a/store/commands/package.json b/store/commands/package.json index 9be976e203..42a9e9ffba 100644 --- a/store/commands/package.json +++ b/store/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store.commands", - "version": "1100.0.25", + "version": "1100.0.26", "description": "Commands for controlling and inspecting the store", "keywords": [ "pnpm", diff --git a/store/connection-manager/CHANGELOG.md b/store/connection-manager/CHANGELOG.md index f7b5088c7a..9dd1a3a04d 100644 --- a/store/connection-manager/CHANGELOG.md +++ b/store/connection-manager/CHANGELOG.md @@ -1,5 +1,30 @@ # @pnpm/store-connection-manager +## 1100.3.0 + +### Minor Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/store.index@1100.2.0 + - @pnpm/store.controller@1102.0.0 + - @pnpm/installing.client@1100.2.8 + - @pnpm/cli.meta@1100.0.8 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.2.8 ### Patch Changes diff --git a/store/connection-manager/package.json b/store/connection-manager/package.json index bce27e827e..6c8602ce10 100644 --- a/store/connection-manager/package.json +++ b/store/connection-manager/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store.connection-manager", - "version": "1100.2.8", + "version": "1100.3.0", "description": "Create a pnpm store controller", "keywords": [ "pnpm", diff --git a/store/controller-types/CHANGELOG.md b/store/controller-types/CHANGELOG.md index a6c1da727c..a57d801d57 100644 --- a/store/controller-types/CHANGELOG.md +++ b/store/controller-types/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/store-controller-types +## 1100.1.5 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/fetching.fetcher-base@1100.1.9 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.1.4 ### Patch Changes diff --git a/store/controller-types/package.json b/store/controller-types/package.json index 8e6a7f512b..91bf722a0a 100644 --- a/store/controller-types/package.json +++ b/store/controller-types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store.controller-types", - "version": "1100.1.4", + "version": "1100.1.5", "description": "Types for the store controller", "keywords": [ "pnpm", diff --git a/store/controller/CHANGELOG.md b/store/controller/CHANGELOG.md index 131e51b4fd..bbe68c1da6 100644 --- a/store/controller/CHANGELOG.md +++ b/store/controller/CHANGELOG.md @@ -1,5 +1,35 @@ # @pnpm/package-store +## 1102.0.0 + +### Minor Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/worker@1100.2.0 + - @pnpm/installing.package-requester@1102.0.0 + - @pnpm/types@1101.3.2 + - @pnpm/store.cafs@1100.1.10 + - @pnpm/store.create-cafs-store@1100.0.14 + - @pnpm/fetching.fetcher-base@1100.1.9 + - @pnpm/hooks.types@1100.0.12 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/store.controller-types@1100.1.5 + - @pnpm/crypto.hash@1100.0.1 + ## 1101.0.13 ### Patch Changes diff --git a/store/controller/package.json b/store/controller/package.json index 9265a4ddb5..43f648e540 100644 --- a/store/controller/package.json +++ b/store/controller/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store.controller", - "version": "1101.0.13", + "version": "1102.0.0", "description": "A storage for packages", "keywords": [ "pnpm", diff --git a/store/create-cafs-store/CHANGELOG.md b/store/create-cafs-store/CHANGELOG.md index ecc187e92a..9df3ed7679 100644 --- a/store/create-cafs-store/CHANGELOG.md +++ b/store/create-cafs-store/CHANGELOG.md @@ -1,5 +1,23 @@ # @pnpm/create-cafs-store +## 1100.0.14 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [a31faa7] + - @pnpm/fs.indexed-pkg-importer@1100.0.14 + - @pnpm/store.cafs@1100.1.10 + - @pnpm/building.pkg-requires-build@1100.0.8 + - @pnpm/fetching.fetcher-base@1100.1.9 + - @pnpm/store.controller-types@1100.1.5 + ## 1100.0.13 ### Patch Changes diff --git a/store/create-cafs-store/package.json b/store/create-cafs-store/package.json index 47e3e896cc..c28ebc4fdf 100644 --- a/store/create-cafs-store/package.json +++ b/store/create-cafs-store/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store.create-cafs-store", - "version": "1100.0.13", + "version": "1100.0.14", "description": "Create a CAFS store controller", "keywords": [ "pnpm", diff --git a/store/index/CHANGELOG.md b/store/index/CHANGELOG.md index 8eb32ffa51..c0ec85ff47 100644 --- a/store/index/CHANGELOG.md +++ b/store/index/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/store.index +## 1100.2.0 + +### Minor Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + ## 1100.1.0 ### Minor Changes diff --git a/store/index/package.json b/store/index/package.json index b5f47a0ec3..07f6bf15df 100644 --- a/store/index/package.json +++ b/store/index/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store.index", - "version": "1100.1.0", + "version": "1100.2.0", "description": "SQLite-backed index for the pnpm content-addressable store", "keywords": [ "pnpm", diff --git a/store/pkg-finder/CHANGELOG.md b/store/pkg-finder/CHANGELOG.md index 05adf9067b..52e27de9c1 100644 --- a/store/pkg-finder/CHANGELOG.md +++ b/store/pkg-finder/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/store.pkg-finder +## 1100.0.17 + +### Patch Changes + +- Updated dependencies [61810aa] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/fetching.directory-fetcher@1100.0.17 + - @pnpm/store.cafs@1100.1.10 + - @pnpm/resolving.resolver-base@1100.4.2 + ## 1100.0.16 ### Patch Changes diff --git a/store/pkg-finder/package.json b/store/pkg-finder/package.json index b6e4516931..265f9d481f 100644 --- a/store/pkg-finder/package.json +++ b/store/pkg-finder/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store.pkg-finder", - "version": "1100.0.16", + "version": "1100.0.17", "description": "Read a package's file map from the content-addressable store", "keywords": [ "pnpm", diff --git a/testing/command-defaults/CHANGELOG.md b/testing/command-defaults/CHANGELOG.md index 90ded26512..e40be71d14 100644 --- a/testing/command-defaults/CHANGELOG.md +++ b/testing/command-defaults/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/testing.command-defaults +## 1100.0.6 + +### Patch Changes + +- @pnpm/testing.registry-mock@1100.0.6 + ## 1100.0.5 ### Patch Changes diff --git a/testing/command-defaults/package.json b/testing/command-defaults/package.json index ec459c38d9..e8d123de76 100644 --- a/testing/command-defaults/package.json +++ b/testing/command-defaults/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/testing.command-defaults", - "version": "1100.0.5", + "version": "1100.0.6", "private": true, "description": "Shared DEFAULT_OPTS for pnpm command handler tests", "keywords": [ diff --git a/testing/mock-agent/CHANGELOG.md b/testing/mock-agent/CHANGELOG.md index f16e25000d..20d27fa555 100644 --- a/testing/mock-agent/CHANGELOG.md +++ b/testing/mock-agent/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/testing.mock-agent +## 1101.0.3 + +### Patch Changes + +- Updated dependencies [a31faa7] + - @pnpm/network.fetch@1100.1.3 + ## 1101.0.2 ### Patch Changes diff --git a/testing/mock-agent/package.json b/testing/mock-agent/package.json index 1675d81134..37e99b77ec 100644 --- a/testing/mock-agent/package.json +++ b/testing/mock-agent/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/testing.mock-agent", - "version": "1101.0.2", + "version": "1101.0.3", "private": true, "description": "Shared undici MockAgent helpers for pnpm tests", "keywords": [ diff --git a/testing/registry-mock/CHANGELOG.md b/testing/registry-mock/CHANGELOG.md index 62708a0863..60a789186f 100644 --- a/testing/registry-mock/CHANGELOG.md +++ b/testing/registry-mock/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/testing.registry-mock +## 1100.0.6 + +### Patch Changes + +- Updated dependencies [a31faa7] + - @pnpm/network.fetch@1100.1.3 + - @pnpm/registry-access.client@1100.1.4 + ## 1100.0.5 ### Patch Changes diff --git a/testing/registry-mock/package.json b/testing/registry-mock/package.json index f0f4fedf83..143357ab7d 100644 --- a/testing/registry-mock/package.json +++ b/testing/registry-mock/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/testing.registry-mock", - "version": "1100.0.5", + "version": "1100.0.6", "private": true, "description": "Thin test helpers that talk to the mock npm registry — wraps registry-access.commands with REGISTRY_MOCK_PORT and REGISTRY_MOCK_CREDENTIALS baked in.", "keywords": [ diff --git a/testing/temp-store/CHANGELOG.md b/testing/temp-store/CHANGELOG.md index 858054c315..220a1462c8 100644 --- a/testing/temp-store/CHANGELOG.md +++ b/testing/temp-store/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/testing.temp-store +## 1100.1.9 + +### Patch Changes + +- Updated dependencies [61810aa] +- Updated dependencies [a31faa7] + - @pnpm/store.index@1100.2.0 + - @pnpm/store.controller@1102.0.0 + - @pnpm/installing.client@1100.2.8 + - @pnpm/resolving.resolver-base@1100.4.2 + - @pnpm/store.controller-types@1100.1.5 + - @pnpm/testing.registry-mock@1100.0.6 + ## 1100.1.8 ### Patch Changes diff --git a/testing/temp-store/package.json b/testing/temp-store/package.json index 911b4215e2..792f2c37b8 100644 --- a/testing/temp-store/package.json +++ b/testing/temp-store/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/testing.temp-store", - "version": "1100.1.8", + "version": "1100.1.9", "description": "A temporary store for testing purposes", "keywords": [ "pnpm", diff --git a/worker/CHANGELOG.md b/worker/CHANGELOG.md index a6773b57e6..aa7eea2972 100644 --- a/worker/CHANGELOG.md +++ b/worker/CHANGELOG.md @@ -1,5 +1,31 @@ # @pnpm/worker +## 1100.2.0 + +### Minor Changes + +- 61810aa: Added a new setting `frozenStore` (`--frozen-store`) that lets `pnpm install` run against a package store on a read-only filesystem (e.g. a Nix store, a read-only bind mount, an OCI layer). When enabled, pnpm opens the store's SQLite `index.db` through the `immutable=1` URI — bypassing the WAL/`-shm` sidecar creation that otherwise fails on a read-only directory — and suppresses every store-write path (the `index.db` writer and the project-registry write). Pair it with `--offline --frozen-lockfile` against a fully-populated store. Under the global virtual store, package directories live inside the store, so if the store is missing the build output of a package whose lifecycle scripts are approved (or that has a patch), pnpm fails up front with `ERR_PNPM_FROZEN_STORE_NEEDS_BUILD` rather than crashing mid-build on a read-only write — seed the store with those builds first. Incompatible with `--force` and with a configured pnpr server, since both write into the store; the side-effects cache is likewise not written under `frozenStore`. If the store is missing its content directory, the install fails fast with `ERR_PNPM_FROZEN_STORE_INCOMPLETE` rather than attempting to initialize it. The read-only `immutable=1` open requires Node.js >=22.15.0, >=23.11.0, or >=24.0.0; on older runtimes `--frozen-store` fails with a clear `ERR_PNPM_FROZEN_STORE_UNSUPPORTED_NODE` error. Bin-linking also tolerates a read-only store: under the global virtual store a package's bin source lives inside the store, so the `chmod` that makes it executable would be refused — with `EPERM`/`EACCES`, or with `EROFS` on a genuinely read-only filesystem. That `chmod` is redundant when the seed already ships its bins executable with a normalized shebang, so it is now skipped in that case, while a non-executable bin (or one still carrying a Windows CRLF shebang) on a read-only store still errors. + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [f648e9b] +- Updated dependencies [61810aa] +- Updated dependencies [a31faa7] + - @pnpm/fs.symlink-dependency@1100.0.10 + - @pnpm/store.index@1100.2.0 + - @pnpm/fs.hard-link-dir@1100.0.2 + - @pnpm/store.cafs@1100.1.10 + - @pnpm/store.create-cafs-store@1100.0.14 + - @pnpm/building.pkg-requires-build@1100.0.8 + - @pnpm/store.cafs-types@1100.0.1 + ## 1100.1.11 ### Patch Changes diff --git a/worker/package.json b/worker/package.json index 96b36b5df7..2f6d8ff6f3 100644 --- a/worker/package.json +++ b/worker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/worker", - "version": "1100.1.11", + "version": "1100.2.0", "description": "A worker for extracting package tarballs to the store", "keywords": [ "pnpm", diff --git a/workspace/commands/CHANGELOG.md b/workspace/commands/CHANGELOG.md index 8d7a5b91cd..1141639da4 100644 --- a/workspace/commands/CHANGELOG.md +++ b/workspace/commands/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/plugin-commands-init +## 1100.1.20 + +### Patch Changes + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/types@1101.3.2 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/object.key-sorting@1100.0.1 + - @pnpm/cli.meta@1100.0.8 + - @pnpm/workspace.project-manifest-writer@1100.0.8 + ## 1100.1.19 ### Patch Changes diff --git a/workspace/commands/package.json b/workspace/commands/package.json index cd59ecdadb..2e1b480f07 100644 --- a/workspace/commands/package.json +++ b/workspace/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.commands", - "version": "1100.1.19", + "version": "1100.1.20", "description": "Create a package.json file", "keywords": [ "pnpm", diff --git a/workspace/injected-deps-syncer/CHANGELOG.md b/workspace/injected-deps-syncer/CHANGELOG.md index 81834de915..fe7ca128ba 100644 --- a/workspace/injected-deps-syncer/CHANGELOG.md +++ b/workspace/injected-deps-syncer/CHANGELOG.md @@ -1,5 +1,27 @@ # @pnpm/workspace.injected-deps-syncer +## 1100.0.19 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] +- Updated dependencies [cd8348c] + - @pnpm/bins.linker@1100.0.14 + - @pnpm/types@1101.3.2 + - @pnpm/fetching.directory-fetcher@1100.0.17 + - @pnpm/workspace.projects-reader@1101.0.12 + - @pnpm/installing.modules-yaml@1100.0.9 + - @pnpm/pkg-manifest.reader@1100.0.8 + ## 1100.0.18 ### Patch Changes diff --git a/workspace/injected-deps-syncer/package.json b/workspace/injected-deps-syncer/package.json index bff68fcaf3..7bb3545c49 100644 --- a/workspace/injected-deps-syncer/package.json +++ b/workspace/injected-deps-syncer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.injected-deps-syncer", - "version": "1100.0.18", + "version": "1100.0.19", "description": "Update all injected replica of a workspace package", "keywords": [ "pnpm", diff --git a/workspace/project-manifest-reader/CHANGELOG.md b/workspace/project-manifest-reader/CHANGELOG.md index 0d990f4441..b9ad9be63f 100644 --- a/workspace/project-manifest-reader/CHANGELOG.md +++ b/workspace/project-manifest-reader/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/read-project-manifest +## 1100.0.13 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/pkg-manifest.utils@1100.2.5 + - @pnpm/workspace.project-manifest-writer@1100.0.8 + ## 1100.0.12 ### Patch Changes diff --git a/workspace/project-manifest-reader/package.json b/workspace/project-manifest-reader/package.json index 1c2b06f261..e48b6a3740 100644 --- a/workspace/project-manifest-reader/package.json +++ b/workspace/project-manifest-reader/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.project-manifest-reader", - "version": "1100.0.12", + "version": "1100.0.13", "description": "Read a project manifest (called package.json in most cases)", "keywords": [ "pnpm", diff --git a/workspace/project-manifest-writer/CHANGELOG.md b/workspace/project-manifest-writer/CHANGELOG.md index fd663f6af7..422d798674 100644 --- a/workspace/project-manifest-writer/CHANGELOG.md +++ b/workspace/project-manifest-writer/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/write-project-manifest +## 1100.0.8 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.7 ### Patch Changes diff --git a/workspace/project-manifest-writer/package.json b/workspace/project-manifest-writer/package.json index 634d41987d..a615280780 100644 --- a/workspace/project-manifest-writer/package.json +++ b/workspace/project-manifest-writer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.project-manifest-writer", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Write a project manifest (called package.json in most cases)", "keywords": [ "pnpm", diff --git a/workspace/projects-filter/CHANGELOG.md b/workspace/projects-filter/CHANGELOG.md index 383205e781..a8f4a2b3f3 100644 --- a/workspace/projects-filter/CHANGELOG.md +++ b/workspace/projects-filter/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/filter-workspace-packages +## 1100.0.21 + +### Patch Changes + +- Updated dependencies [a31faa7] + - @pnpm/workspace.projects-reader@1101.0.12 + - @pnpm/workspace.projects-graph@1100.0.18 + - @pnpm/workspace.workspace-manifest-reader@1100.0.8 + ## 1100.0.20 ### Patch Changes diff --git a/workspace/projects-filter/package.json b/workspace/projects-filter/package.json index e0eb443f7e..4bd25be4d4 100644 --- a/workspace/projects-filter/package.json +++ b/workspace/projects-filter/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.projects-filter", - "version": "1100.0.20", + "version": "1100.0.21", "description": "Filters packages in a workspace", "keywords": [ "pnpm", diff --git a/workspace/projects-graph/CHANGELOG.md b/workspace/projects-graph/CHANGELOG.md index 75f21914dd..0008777820 100644 --- a/workspace/projects-graph/CHANGELOG.md +++ b/workspace/projects-graph/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/workspace.pkgs-graph +## 1100.0.18 + +### Patch Changes + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [1310ab5] +- Updated dependencies [a31faa7] + - @pnpm/resolving.npm-resolver@1102.0.0 + - @pnpm/types@1101.3.2 + - @pnpm/workspace.range-resolver@1100.0.2 + ## 1100.0.17 ### Patch Changes diff --git a/workspace/projects-graph/package.json b/workspace/projects-graph/package.json index 1bde7386ed..a674be597a 100644 --- a/workspace/projects-graph/package.json +++ b/workspace/projects-graph/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.projects-graph", - "version": "1100.0.17", + "version": "1100.0.18", "description": "Create a graph from an array of packages", "keywords": [ "pnpm", diff --git a/workspace/projects-reader/CHANGELOG.md b/workspace/projects-reader/CHANGELOG.md index bfad3ed23a..2cef725cb7 100644 --- a/workspace/projects-reader/CHANGELOG.md +++ b/workspace/projects-reader/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/find-workspace-packages +## 1101.0.12 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/types@1101.3.2 + - @pnpm/cli.utils@1101.0.12 + - @pnpm/workspace.project-manifest-reader@1100.0.13 + ## 1101.0.11 ### Patch Changes diff --git a/workspace/projects-reader/package.json b/workspace/projects-reader/package.json index 19f41249a8..e985424aae 100644 --- a/workspace/projects-reader/package.json +++ b/workspace/projects-reader/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.projects-reader", - "version": "1101.0.11", + "version": "1101.0.12", "description": "Finds packages inside a workspace", "keywords": [ "pnpm", diff --git a/workspace/projects-sorter/CHANGELOG.md b/workspace/projects-sorter/CHANGELOG.md index 95469589f9..799ed092f6 100644 --- a/workspace/projects-sorter/CHANGELOG.md +++ b/workspace/projects-sorter/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/sort-packages +## 1100.0.7 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.6 ### Patch Changes diff --git a/workspace/projects-sorter/package.json b/workspace/projects-sorter/package.json index c6906f6201..53caf890d1 100644 --- a/workspace/projects-sorter/package.json +++ b/workspace/projects-sorter/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.projects-sorter", - "version": "1100.0.6", + "version": "1100.0.7", "description": "Sort packages", "keywords": [ "pnpm", diff --git a/workspace/range-resolver/CHANGELOG.md b/workspace/range-resolver/CHANGELOG.md index 8ea6cd49a7..b61efc0f00 100644 --- a/workspace/range-resolver/CHANGELOG.md +++ b/workspace/range-resolver/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/resolve-workspace-range +## 1100.0.2 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + ## 1100.0.1 ### Patch Changes diff --git a/workspace/range-resolver/package.json b/workspace/range-resolver/package.json index 82af5a60c1..8dda4bcfca 100644 --- a/workspace/range-resolver/package.json +++ b/workspace/range-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.range-resolver", - "version": "1100.0.1", + "version": "1100.0.2", "description": "Resolves a range from versions that are present inside a workspace", "keywords": [ "pnpm", diff --git a/workspace/state/CHANGELOG.md b/workspace/state/CHANGELOG.md index 807e828008..9753322d24 100644 --- a/workspace/state/CHANGELOG.md +++ b/workspace/state/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/workspace.state +## 1100.0.22 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [61810aa] +- Updated dependencies [681b593] +- Updated dependencies [a31faa7] + - @pnpm/config.reader@1101.9.0 + - @pnpm/types@1101.3.2 + ## 1100.0.21 ### Patch Changes diff --git a/workspace/state/package.json b/workspace/state/package.json index f87e3bab84..0c61d72520 100644 --- a/workspace/state/package.json +++ b/workspace/state/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.state", - "version": "1100.0.21", + "version": "1100.0.22", "description": "Track the list of actual paths of workspace packages in a cache", "keywords": [ "pnpm", diff --git a/workspace/workspace-manifest-reader/CHANGELOG.md b/workspace/workspace-manifest-reader/CHANGELOG.md index e01b8b4f53..c80ea637ed 100644 --- a/workspace/workspace-manifest-reader/CHANGELOG.md +++ b/workspace/workspace-manifest-reader/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/workspace.read-manifest +## 1100.0.8 + +### Patch Changes + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + ## 1100.0.7 ### Patch Changes diff --git a/workspace/workspace-manifest-reader/package.json b/workspace/workspace-manifest-reader/package.json index 2a990615c8..ad873dce90 100644 --- a/workspace/workspace-manifest-reader/package.json +++ b/workspace/workspace-manifest-reader/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.workspace-manifest-reader", - "version": "1100.0.7", + "version": "1100.0.8", "description": "Reads a workspace manifest file", "keywords": [ "pnpm", diff --git a/workspace/workspace-manifest-writer/CHANGELOG.md b/workspace/workspace-manifest-writer/CHANGELOG.md index 4b637d6241..4c6056a958 100644 --- a/workspace/workspace-manifest-writer/CHANGELOG.md +++ b/workspace/workspace-manifest-writer/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/workspace.manifest-writer +## 1100.0.13 + +### Patch Changes + +- a31faa7: Updated dependency ranges. Notably: + + - `@pnpm/logger` peer dependency range moved to `^1100.0.0`. + - `msgpackr` 1.11.8 → 2.0.4 (store index files remain byte-compatible in both directions). + - `open` ^7.4.2 → ^11.0.0, `memoize` ^10 → ^11, `cli-truncate` ^5 → ^6, `pidtree` ^0.6 → ^1. + - `@yarnpkg/core` 4.5.0 → 4.8.0, `@rushstack/worker-pool` 0.7.7 → 0.7.18, `@cyclonedx/cyclonedx-library` 10.0.0 → 10.1.0, `@pnpm/config.nerf-dart` ^1 → ^2, `@pnpm/log.group` 3.0.2 → 4.0.1, `@pnpm/util.lex-comparator` ^3 → ^4. + +- Updated dependencies [681b593] + - @pnpm/types@1101.3.2 + - @pnpm/lockfile.types@1100.0.11 + - @pnpm/workspace.workspace-manifest-reader@1100.0.8 + ## 1100.0.12 ### Patch Changes diff --git a/workspace/workspace-manifest-writer/package.json b/workspace/workspace-manifest-writer/package.json index 9a3c860490..840e1210ac 100644 --- a/workspace/workspace-manifest-writer/package.json +++ b/workspace/workspace-manifest-writer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.workspace-manifest-writer", - "version": "1100.0.12", + "version": "1100.0.13", "description": "Updates the workspace manifest file", "keywords": [ "pnpm",