chore(release): 11.0.8

2026-05-14 03:26:13 -04:00 · 2026-05-07 08:23:22 +02:00
parent ce474ccfc7
commit 59ec360374
104 changed files with 457 additions and 72 deletions
--- a/.changeset-released/release-11.0.txt
+++ b/.changeset-released/release-11.0.txt
@@ -5,6 +5,9 @@ git-tarball-integrity
 global-yaml-user-prefs
 oidc-precedence-over-static-token
 pm-on-fail-survives-help-version
+preserve-non-derivable-tarballs
 recursive-filter-root-exclusion
 restore-publish-json-stdout
 scoped-registry-config-get-publish
+six-carrots-cross
+tarball-content-encoding
--- a/.changeset/preserve-non-derivable-tarballs.md
+++ b/.changeset/preserve-non-derivable-tarballs.md
@@ -1,6 +0,0 @@
---
-"@pnpm/lockfile.utils": patch
-"pnpm": patch
---
-
-Restored the heuristic that preserves tarball URLs in `pnpm-lock.yaml` when they cannot be derived from name+version+registry, even with the default `lockfileIncludeTarballUrl: false`. Without this, `pnpm install --frozen-lockfile` from an empty store fails with `ERR_PNPM_FETCH_404` for packages on registries that serve tarballs from a non-standard path — most notably GitHub Packages (`https://npm.pkg.github.com/download/<scope>/<name>/<version>/<hash>`) and JSR. `lockfileIncludeTarballUrl: true` continues to force the URL into the lockfile for every package [#11276](https://github.com/pnpm/pnpm/issues/11276).
--- a/.changeset/six-carrots-cross.md
+++ b/.changeset/six-carrots-cross.md
@@ -1,6 +0,0 @@
---
-"@pnpm/releasing.commands": patch
-"pnpm": patch
---
-
-Run `preversion`, `version`, and `postversion` lifecycle scripts for `pnpm version`.
--- a/.changeset/tarball-content-encoding.md
+++ b/.changeset/tarball-content-encoding.md
@@ -1,6 +0,0 @@
---
-"@pnpm/fetching.tarball-fetcher": patch
-"pnpm": patch
---
-
-Fixed `ERR_PNPM_BAD_TARBALL_SIZE` when a registry serves tarballs with an end-to-end `Content-Encoding` (e.g. `gzip`). Tarballs are already compressed, so the fetcher now requests them with `Accept-Encoding: identity` (matching pnpm v10's effective behavior) and, as defense in depth against misbehaving servers, no longer enforces the strict `Content-Length` check when the response declares a `Content-Encoding` — `Content-Length` in that case refers to the encoded payload, not the decoded bytes the fetch implementation yields [#11506](https://github.com/pnpm/pnpm/issues/11506).
--- a/.meta-updater/CHANGELOG.md
+++ b/.meta-updater/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @pnpm-private/updater

+## 1100.0.9
+
+### Patch Changes
+
+- @pnpm/lockfile.fs@1100.0.6
+
 ## 1100.0.8

 ### Patch Changes
--- a/.meta-updater/package.json
+++ b/.meta-updater/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm-private/updater",
-  "version": "1100.0.8",
+  "version": "1100.0.9",
  "private": true,
  "type": "module",
  "scripts": {
--- a/agent/server/CHANGELOG.md
+++ b/agent/server/CHANGELOG.md
@@ -1,5 +1,14 @@
 # pnpm-agent

+## 0.0.10
+
+### Patch Changes
+
+- @pnpm/installing.deps-installer@1101.0.8
+- @pnpm/lockfile.fs@1100.0.6
+- @pnpm/installing.client@1100.0.11
+- @pnpm/store.controller@1101.0.3
+
 ## 0.0.9

 ### Patch Changes
--- a/agent/server/package.json
+++ b/agent/server/package.json
@@ -1,6 +1,6 @@
 {
  "name": "pnpm-agent",
-  "version": "0.0.9",
+  "version": "0.0.10",
  "description": "pnpm agent server for server-side resolution and store-aware downloads",
  "keywords": [
    "pnpm",
--- a/building/after-install/CHANGELOG.md
+++ b/building/after-install/CHANGELOG.md
@@ -1,5 +1,15 @@
 # @pnpm/building.after-install

+## 1101.0.8
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/deps.graph-hasher@1100.1.4
+  - @pnpm/installing.context@1100.0.7
+  - @pnpm/store.connection-manager@1100.0.12
+
 ## 1101.0.7

 ### Patch Changes
--- a/building/after-install/package.json
+++ b/building/after-install/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/building.after-install",
-  "version": "1101.0.7",
+  "version": "1101.0.8",
  "description": "Rebuild packages that are already installed by running their lifecycle scripts",
  "keywords": [
    "pnpm",
--- a/building/commands/CHANGELOG.md
+++ b/building/commands/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/building.commands

+## 1100.0.13
+
+### Patch Changes
+
+- @pnpm/building.after-install@1101.0.8
+- @pnpm/installing.commands@1100.1.11
+- @pnpm/store.connection-manager@1100.0.12
+
 ## 1100.0.12

 ### Patch Changes
--- a/building/commands/package.json
+++ b/building/commands/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/building.commands",
-  "version": "1100.0.12",
+  "version": "1100.0.13",
  "description": "Commands for rebuilding and managing dependency builds",
  "keywords": [
    "pnpm",
--- a/building/during-install/CHANGELOG.md
+++ b/building/during-install/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @pnpm/building.during-install

+## 1101.0.6
+
+### Patch Changes
+
+- @pnpm/deps.graph-hasher@1100.1.4
+
 ## 1101.0.5

 ### Patch Changes
--- a/building/during-install/package.json
+++ b/building/during-install/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/building.during-install",
-  "version": "1101.0.5",
+  "version": "1101.0.6",
  "description": "Build packages in node_modules",
  "keywords": [
    "pnpm",
--- a/deps/compliance/audit/CHANGELOG.md
+++ b/deps/compliance/audit/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/audit

+## 1101.0.5
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/lockfile.fs@1100.0.6
+
 ## 1101.0.4

 ### Patch Changes
--- a/deps/compliance/audit/package.json
+++ b/deps/compliance/audit/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.compliance.audit",
-  "version": "1101.0.4",
+  "version": "1101.0.5",
  "description": "Audit a lockfile",
  "keywords": [
    "pnpm",
--- a/deps/compliance/commands/CHANGELOG.md
+++ b/deps/compliance/commands/CHANGELOG.md
@@ -1,5 +1,17 @@
 # @pnpm/deps.compliance.commands

+## 1101.1.10
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/deps.compliance.audit@1101.0.5
+  - @pnpm/deps.compliance.license-scanner@1100.0.8
+  - @pnpm/deps.compliance.sbom@1100.0.8
+  - @pnpm/lockfile.fs@1100.0.6
+  - @pnpm/installing.commands@1100.1.11
+
 ## 1101.1.9

 ### Patch Changes
--- a/deps/compliance/commands/package.json
+++ b/deps/compliance/commands/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.compliance.commands",
-  "version": "1101.1.9",
+  "version": "1101.1.10",
  "description": "pnpm commands for audit, licenses, and sbom",
  "keywords": [
    "pnpm",
--- a/deps/compliance/license-scanner/CHANGELOG.md
+++ b/deps/compliance/license-scanner/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/license-scanner

+## 1100.0.8
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/lockfile.fs@1100.0.6
+
 ## 1100.0.7

 ### Patch Changes
--- a/deps/compliance/license-scanner/package.json
+++ b/deps/compliance/license-scanner/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.compliance.license-scanner",
-  "version": "1100.0.7",
+  "version": "1100.0.8",
  "description": "Check for licenses packages",
  "keywords": [
    "pnpm",
--- a/deps/compliance/sbom/CHANGELOG.md
+++ b/deps/compliance/sbom/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @pnpm/deps.compliance.sbom

+## 1100.0.8
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+
 ## 1100.0.7

 ### Patch Changes
--- a/deps/compliance/sbom/package.json
+++ b/deps/compliance/sbom/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.compliance.sbom",
-  "version": "1100.0.7",
+  "version": "1100.0.8",
  "description": "Generate SBOM from pnpm lockfile",
  "keywords": [
    "pnpm",
--- a/deps/graph-builder/CHANGELOG.md
+++ b/deps/graph-builder/CHANGELOG.md
@@ -1,5 +1,14 @@
 # @pnpm/deps.graph-builder

+## 1100.0.7
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/deps.graph-hasher@1100.1.4
+  - @pnpm/lockfile.fs@1100.0.6
+
 ## 1100.0.6

 ### Patch Changes
--- a/deps/graph-builder/package.json
+++ b/deps/graph-builder/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.graph-builder",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "A package for building a dependency graph from a lockfile",
  "keywords": [
    "pnpm",
--- a/deps/graph-hasher/CHANGELOG.md
+++ b/deps/graph-hasher/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @pnpm/calc-dep-state

+## 1100.1.4
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+
 ## 1100.1.3

 ### Patch Changes
--- a/deps/graph-hasher/package.json
+++ b/deps/graph-hasher/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.graph-hasher",
-  "version": "1100.1.3",
+  "version": "1100.1.4",
  "description": "Calculates the state of a dependency",
  "keywords": [
    "pnpm",
--- a/deps/inspection/commands/CHANGELOG.md
+++ b/deps/inspection/commands/CHANGELOG.md
@@ -1,5 +1,16 @@
 # @pnpm/deps.inspection.commands

+## 1100.1.12
+
+### Patch Changes
+
+- @pnpm/deps.inspection.outdated@1100.0.11
+- @pnpm/lockfile.fs@1100.0.6
+- @pnpm/resolving.default-resolver@1100.0.10
+- @pnpm/deps.inspection.list@1100.0.7
+- @pnpm/global.commands@1100.0.13
+- @pnpm/deps.inspection.peers-checker@1100.0.6
+
 ## 1100.1.11

 ### Patch Changes
--- a/deps/inspection/commands/package.json
+++ b/deps/inspection/commands/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.inspection.commands",
-  "version": "1100.1.11",
+  "version": "1100.1.12",
  "description": "The list, ll, why, and outdated commands of pnpm",
  "keywords": [
    "pnpm",
--- a/deps/inspection/list/CHANGELOG.md
+++ b/deps/inspection/list/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @pnpm/list

+## 1100.0.7
+
+### Patch Changes
+
+- @pnpm/deps.inspection.tree-builder@1100.0.6
+- @pnpm/lockfile.fs@1100.0.6
+
 ## 1100.0.6

 ### Patch Changes
--- a/deps/inspection/list/package.json
+++ b/deps/inspection/list/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.inspection.list",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "List installed packages in a symlinked `node_modules`",
  "keywords": [
    "pnpm",
--- a/deps/inspection/outdated/CHANGELOG.md
+++ b/deps/inspection/outdated/CHANGELOG.md
@@ -1,5 +1,14 @@
 # @pnpm/outdated

+## 1100.0.11
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/lockfile.fs@1100.0.6
+  - @pnpm/installing.client@1100.0.11
+
 ## 1100.0.10

 ### Patch Changes
--- a/deps/inspection/outdated/package.json
+++ b/deps/inspection/outdated/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.inspection.outdated",
-  "version": "1100.0.10",
+  "version": "1100.0.11",
  "description": "Check for outdated packages",
  "keywords": [
    "pnpm",
--- a/deps/inspection/peers-checker/CHANGELOG.md
+++ b/deps/inspection/peers-checker/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @pnpm/deps.inspection.peers-checker

+## 1100.0.6
+
+### Patch Changes
+
+- @pnpm/lockfile.fs@1100.0.6
+
 ## 1100.0.5

 ### Patch Changes
--- a/deps/inspection/peers-checker/package.json
+++ b/deps/inspection/peers-checker/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.inspection.peers-checker",
-  "version": "1100.0.5",
+  "version": "1100.0.6",
  "description": "Check for unmet and missing peer dependency issues from the lockfile",
  "keywords": [
    "pnpm",
--- a/deps/inspection/tree-builder/CHANGELOG.md
+++ b/deps/inspection/tree-builder/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/reviewing.dependencies-hierarchy

+## 1100.0.6
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/lockfile.fs@1100.0.6
+
 ## 1100.0.5

 ### Patch Changes
--- a/deps/inspection/tree-builder/package.json
+++ b/deps/inspection/tree-builder/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.inspection.tree-builder",
-  "version": "1100.0.5",
+  "version": "1100.0.6",
  "description": "Creates a dependencies hierarchy for a symlinked `node_modules`",
  "keywords": [
    "pnpm",
--- a/deps/status/CHANGELOG.md
+++ b/deps/status/CHANGELOG.md
@@ -1,5 +1,14 @@
 # @pnpm/deps.status

+## 1100.0.11
+
+### Patch Changes
+
+- @pnpm/lockfile.fs@1100.0.6
+- @pnpm/lockfile.verification@1100.0.7
+- @pnpm/installing.context@1100.0.7
+- @pnpm/lockfile.settings-checker@1100.0.7
+
 ## 1100.0.10

 ### Patch Changes
--- a/deps/status/package.json
+++ b/deps/status/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/deps.status",
-  "version": "1100.0.10",
+  "version": "1100.0.11",
  "description": "Check dependencies status",
  "keywords": [
    "pnpm",
--- a/engine/pm/commands/CHANGELOG.md
+++ b/engine/pm/commands/CHANGELOG.md
@@ -1,5 +1,18 @@
 # @pnpm/engine.pm.commands

+## 1101.1.8
+
+### Patch Changes
+
+- @pnpm/deps.graph-hasher@1100.1.4
+- @pnpm/installing.deps-restorer@1101.0.7
+- @pnpm/installing.env-installer@1101.0.6
+- @pnpm/lockfile.fs@1100.0.6
+- @pnpm/installing.client@1100.0.11
+- @pnpm/global.commands@1100.0.13
+- @pnpm/store.connection-manager@1100.0.12
+- @pnpm/store.controller@1101.0.3
+
 ## 1101.1.7

 ### Patch Changes
--- a/engine/pm/commands/package.json
+++ b/engine/pm/commands/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/engine.pm.commands",
-  "version": "1101.1.7",
+  "version": "1101.1.8",
  "description": "pnpm commands for self-updating and setting up pnpm",
  "keywords": [
    "pnpm",
--- a/exec/commands/CHANGELOG.md
+++ b/exec/commands/CHANGELOG.md
@@ -1,5 +1,14 @@
 # @pnpm/plugin-commands-script-runners

+## 1100.1.3
+
+### Patch Changes
+
+- @pnpm/installing.client@1100.0.11
+- @pnpm/building.commands@1100.0.13
+- @pnpm/installing.commands@1100.1.11
+- @pnpm/deps.status@1100.0.11
+
 ## 1100.1.2

 ### Patch Changes
--- a/exec/commands/package.json
+++ b/exec/commands/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/exec.commands",
-  "version": "1100.1.2",
+  "version": "1100.1.3",
  "description": "Commands for running scripts",
  "keywords": [
    "pnpm",
--- a/fetching/tarball-fetcher/CHANGELOG.md
+++ b/fetching/tarball-fetcher/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @pnpm/tarball-fetcher

+## 1101.0.3
+
+### Patch Changes
+
+- 36b4c83: Fixed `ERR_PNPM_BAD_TARBALL_SIZE` when a registry serves tarballs with an end-to-end `Content-Encoding` (e.g. `gzip`). Tarballs are already compressed, so the fetcher now requests them with `Accept-Encoding: identity` (matching pnpm v10's effective behavior) and, as defense in depth against misbehaving servers, no longer enforces the strict `Content-Length` check when the response declares a `Content-Encoding` — `Content-Length` in that case refers to the encoded payload, not the decoded bytes the fetch implementation yields [#11506](https://github.com/pnpm/pnpm/issues/11506).
+
 ## 1101.0.2

 ### Patch Changes
--- a/fetching/tarball-fetcher/package.json
+++ b/fetching/tarball-fetcher/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/fetching.tarball-fetcher",
-  "version": "1101.0.2",
+  "version": "1101.0.3",
  "description": "Fetcher for packages hosted as tarballs",
  "keywords": [
    "pnpm",
--- a/global/commands/CHANGELOG.md
+++ b/global/commands/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/global.commands

+## 1100.0.13
+
+### Patch Changes
+
+- @pnpm/installing.deps-installer@1101.0.8
+- @pnpm/deps.inspection.list@1100.0.7
+- @pnpm/store.connection-manager@1100.0.12
+
 ## 1100.0.12

 ### Patch Changes
--- a/global/commands/package.json
+++ b/global/commands/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/global.commands",
-  "version": "1100.0.12",
+  "version": "1100.0.13",
  "description": "Global package command handlers for pnpm",
  "keywords": [
    "pnpm",
--- a/installing/client/CHANGELOG.md
+++ b/installing/client/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/client

+## 1100.0.11
+
+### Patch Changes
+
+- Updated dependencies [36b4c83]
+  - @pnpm/fetching.tarball-fetcher@1101.0.3
+  - @pnpm/resolving.default-resolver@1100.0.10
+
 ## 1100.0.10

 ### Patch Changes
--- a/installing/client/package.json
+++ b/installing/client/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/installing.client",
-  "version": "1100.0.10",
+  "version": "1100.0.11",
  "description": "Creates the package resolve and fetch functions",
  "keywords": [
    "pnpm",
--- a/installing/commands/CHANGELOG.md
+++ b/installing/commands/CHANGELOG.md
@@ -1,5 +1,19 @@
 # @pnpm/plugin-commands-installation

+## 1100.1.11
+
+### Patch Changes
+
+- @pnpm/building.after-install@1101.0.8
+- @pnpm/deps.inspection.outdated@1100.0.11
+- @pnpm/installing.deps-installer@1101.0.8
+- @pnpm/installing.env-installer@1101.0.6
+- @pnpm/global.commands@1100.0.13
+- @pnpm/deps.status@1100.0.11
+- @pnpm/installing.context@1100.0.7
+- @pnpm/store.connection-manager@1100.0.12
+- @pnpm/store.controller@1101.0.3
+
 ## 1100.1.10

 ### Patch Changes
--- a/installing/commands/package.json
+++ b/installing/commands/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/installing.commands",
-  "version": "1100.1.10",
+  "version": "1100.1.11",
  "description": "Commands for installation",
  "keywords": [
    "pnpm",
--- a/installing/context/CHANGELOG.md
+++ b/installing/context/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/get-context

+## 1100.0.7
+
+### Patch Changes
+
+- @pnpm/lockfile.fs@1100.0.6
+- @pnpm/installing.read-projects-context@1100.0.7
+- @pnpm/store.controller@1101.0.3
+
 ## 1100.0.6

 ### Patch Changes
--- a/installing/context/package.json
+++ b/installing/context/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/installing.context",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "Gets context information about a project",
  "keywords": [
    "pnpm",
--- a/installing/deps-installer/CHANGELOG.md
+++ b/installing/deps-installer/CHANGELOG.md
@@ -1,5 +1,26 @@
 # @pnpm/core

+## 1101.0.8
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/building.after-install@1101.0.8
+  - @pnpm/deps.graph-hasher@1100.1.4
+  - @pnpm/installing.deps-resolver@1100.0.7
+  - @pnpm/installing.deps-restorer@1101.0.7
+  - @pnpm/installing.linking.modules-cleaner@1100.0.7
+  - @pnpm/lockfile.filtering@1100.0.7
+  - @pnpm/lockfile.fs@1100.0.6
+  - @pnpm/lockfile.preferred-versions@1100.0.7
+  - @pnpm/lockfile.to-pnp@1100.0.6
+  - @pnpm/lockfile.verification@1100.0.7
+  - @pnpm/building.during-install@1101.0.6
+  - @pnpm/installing.context@1100.0.7
+  - @pnpm/lockfile.settings-checker@1100.0.7
+  - @pnpm/installing.package-requester@1101.0.3
+
 ## 1101.0.7

 ### Patch Changes
--- a/installing/deps-installer/package.json
+++ b/installing/deps-installer/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/installing.deps-installer",
-  "version": "1101.0.7",
+  "version": "1101.0.8",
  "description": "Fast, disk space efficient installation engine",
  "keywords": [
    "pnpm",
--- a/installing/deps-resolver/CHANGELOG.md
+++ b/installing/deps-resolver/CHANGELOG.md
@@ -1,5 +1,15 @@
 # @pnpm/resolve-dependencies

+## 1100.0.7
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/deps.graph-hasher@1100.1.4
+  - @pnpm/lockfile.preferred-versions@1100.0.7
+  - @pnpm/fetching.pick-fetcher@1100.0.5
+
 ## 1100.0.6

 ### Patch Changes
--- a/installing/deps-resolver/package.json
+++ b/installing/deps-resolver/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/installing.deps-resolver",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "Resolves dependency graph of a package",
  "keywords": [
    "pnpm",
--- a/installing/deps-restorer/CHANGELOG.md
+++ b/installing/deps-restorer/CHANGELOG.md
@@ -1,5 +1,21 @@
 # @pnpm/headless

+## 1101.0.7
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/deps.graph-builder@1100.0.7
+  - @pnpm/deps.graph-hasher@1100.1.4
+  - @pnpm/installing.linking.modules-cleaner@1100.0.7
+  - @pnpm/installing.linking.real-hoist@1100.0.6
+  - @pnpm/lockfile.filtering@1100.0.7
+  - @pnpm/lockfile.fs@1100.0.6
+  - @pnpm/lockfile.to-pnp@1100.0.6
+  - @pnpm/building.during-install@1101.0.6
+  - @pnpm/installing.package-requester@1101.0.3
+
 ## 1101.0.6

 ### Patch Changes
--- a/installing/deps-restorer/package.json
+++ b/installing/deps-restorer/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/installing.deps-restorer",
-  "version": "1101.0.6",
+  "version": "1101.0.7",
  "description": "Fast installation using only pnpm-lock.yaml",
  "keywords": [
    "pnpm",
--- a/installing/env-installer/CHANGELOG.md
+++ b/installing/env-installer/CHANGELOG.md
@@ -1,5 +1,16 @@
 # @pnpm/config.deps-installer

+## 1101.0.6
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/deps.graph-hasher@1100.1.4
+  - @pnpm/installing.deps-resolver@1100.0.7
+  - @pnpm/lockfile.fs@1100.0.6
+  - @pnpm/store.controller@1101.0.3
+
 ## 1101.0.5

 ### Patch Changes
--- a/installing/env-installer/package.json
+++ b/installing/env-installer/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/installing.env-installer",
-  "version": "1101.0.5",
+  "version": "1101.0.6",
  "description": "Installer for configurational dependencies",
  "keywords": [
    "pnpm",
--- a/installing/linking/modules-cleaner/CHANGELOG.md
+++ b/installing/linking/modules-cleaner/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/modules-cleaner

+## 1100.0.7
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/lockfile.filtering@1100.0.7
+
 ## 1100.0.6

 ### Patch Changes
--- a/installing/linking/modules-cleaner/package.json
+++ b/installing/linking/modules-cleaner/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/installing.linking.modules-cleaner",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "Exports util functions to clean up node_modules",
  "keywords": [
    "pnpm",
--- a/installing/linking/real-hoist/CHANGELOG.md
+++ b/installing/linking/real-hoist/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @pnpm/real-hoist

+## 1100.0.6
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+
 ## 1100.0.5

 ### Patch Changes
--- a/installing/linking/real-hoist/package.json
+++ b/installing/linking/real-hoist/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/installing.linking.real-hoist",
-  "version": "1100.0.5",
+  "version": "1100.0.6",
  "description": "Hoists dependencies in a node_modules created by pnpm",
  "keywords": [
    "pnpm",
--- a/installing/read-projects-context/CHANGELOG.md
+++ b/installing/read-projects-context/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @pnpm/read-projects-context

+## 1100.0.7
+
+### Patch Changes
+
+- @pnpm/lockfile.fs@1100.0.6
+
 ## 1100.0.6

 ### Patch Changes
--- a/installing/read-projects-context/package.json
+++ b/installing/read-projects-context/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/installing.read-projects-context",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "Reads the current state of projects from modules manifest",
  "keywords": [
    "pnpm",
--- a/lockfile/filtering/CHANGELOG.md
+++ b/lockfile/filtering/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @pnpm/filter-lockfile

+## 1100.0.7
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+
 ## 1100.0.6

 ### Patch Changes
--- a/lockfile/filtering/package.json
+++ b/lockfile/filtering/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/lockfile.filtering",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "Filters a lockfile",
  "keywords": [
    "pnpm",
--- a/lockfile/fs/CHANGELOG.md
+++ b/lockfile/fs/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @pnpm/lockfile-file

+## 1100.0.6
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+
 ## 1100.0.5

 ### Patch Changes
--- a/lockfile/fs/package.json
+++ b/lockfile/fs/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/lockfile.fs",
-  "version": "1100.0.5",
+  "version": "1100.0.6",
  "description": "Read/write pnpm-lock.yaml files",
  "keywords": [
    "pnpm",
--- a/lockfile/make-dedicated-lockfile/CHANGELOG.md
+++ b/lockfile/make-dedicated-lockfile/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @pnpm/make-dedicated-lockfile

+## 1100.0.7
+
+### Patch Changes
+
+- @pnpm/lockfile.fs@1100.0.6
+
 ## 1100.0.6

 ### Patch Changes
--- a/lockfile/make-dedicated-lockfile/package.json
+++ b/lockfile/make-dedicated-lockfile/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/lockfile.make-dedicated-lockfile",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "Creates a dedicated lockfile for a subset of workspace projects",
  "keywords": [
    "pnpm",
--- a/lockfile/preferred-versions/CHANGELOG.md
+++ b/lockfile/preferred-versions/CHANGELOG.md
@@ -1,5 +1,12 @@
 # @pnpm/lockfile.preferred-versions

+## 1100.0.7
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+
 ## 1100.0.6

 ### Patch Changes
--- a/lockfile/preferred-versions/package.json
+++ b/lockfile/preferred-versions/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/lockfile.preferred-versions",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "Get preferred version from lockfile",
  "keywords": [
    "pnpm",
--- a/lockfile/settings-checker/CHANGELOG.md
+++ b/lockfile/settings-checker/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @pnpm/lockfile.settings-checker

+## 1100.0.7
+
+### Patch Changes
+
+- @pnpm/lockfile.verification@1100.0.7
+
 ## 1100.0.6

 ### Patch Changes
--- a/lockfile/settings-checker/package.json
+++ b/lockfile/settings-checker/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/lockfile.settings-checker",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "Utilities to check if lockfile settings are out-of-date",
  "keywords": [
    "pnpm",
--- a/lockfile/to-pnp/CHANGELOG.md
+++ b/lockfile/to-pnp/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/lockfile-to-pnp

+## 1100.0.6
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/lockfile.fs@1100.0.6
+
 ## 1100.0.5

 ### Patch Changes
--- a/lockfile/to-pnp/package.json
+++ b/lockfile/to-pnp/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/lockfile.to-pnp",
-  "version": "1100.0.5",
+  "version": "1100.0.6",
  "description": "Creates a Plug'n'Play file from a pnpm-lock.yaml",
  "keywords": [
    "pnpm",
--- a/lockfile/utils/CHANGELOG.md
+++ b/lockfile/utils/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @pnpm/lockfile-utils

+## 1100.0.6
+
+### Patch Changes
+
+- cfa271b: Restored the heuristic that preserves tarball URLs in `pnpm-lock.yaml` when they cannot be derived from name+version+registry, even with the default `lockfileIncludeTarballUrl: false`. Without this, `pnpm install --frozen-lockfile` from an empty store fails with `ERR_PNPM_FETCH_404` for packages on registries that serve tarballs from a non-standard path — most notably GitHub Packages (`https://npm.pkg.github.com/download/<scope>/<name>/<version>/<hash>`) and JSR. `lockfileIncludeTarballUrl: true` continues to force the URL into the lockfile for every package [#11276](https://github.com/pnpm/pnpm/issues/11276).
+
 ## 1100.0.5

 ### Patch Changes
--- a/lockfile/utils/package.json
+++ b/lockfile/utils/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/lockfile.utils",
-  "version": "1100.0.5",
+  "version": "1100.0.6",
  "description": "Utils for dealing with pnpm-lock.yaml",
  "keywords": [
    "pnpm",
--- a/lockfile/verification/CHANGELOG.md
+++ b/lockfile/verification/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/lockfile.verification

+## 1100.0.7
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/installing.context@1100.0.7
+
 ## 1100.0.6

 ### Patch Changes
--- a/lockfile/verification/package.json
+++ b/lockfile/verification/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/lockfile.verification",
-  "version": "1100.0.6",
+  "version": "1100.0.7",
  "description": "Checks a lockfile",
  "keywords": [
    "pnpm",
--- a/modules-mounter/daemon/CHANGELOG.md
+++ b/modules-mounter/daemon/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @pnpm/mount-modules

+## 1100.0.10
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/lockfile.fs@1100.0.6
+
 ## 1100.0.9

 ### Patch Changes
--- a/modules-mounter/daemon/package.json
+++ b/modules-mounter/daemon/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/modules-mounter.daemon",
-  "version": "1100.0.9",
+  "version": "1100.0.10",
  "description": "Mounts a node_modules directory with FUSE",
  "keywords": [
    "pnpm",
--- a/patching/commands/CHANGELOG.md
+++ b/patching/commands/CHANGELOG.md
@@ -1,5 +1,16 @@
 # @pnpm/plugin-commands-patching

+## 1100.0.13
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/lockfile.fs@1100.0.6
+  - @pnpm/fetching.pick-fetcher@1100.0.5
+  - @pnpm/installing.commands@1100.1.11
+  - @pnpm/store.connection-manager@1100.0.12
+
 ## 1100.0.12

 ### Patch Changes
--- a/patching/commands/package.json
+++ b/patching/commands/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/patching.commands",
-  "version": "1100.0.12",
+  "version": "1100.0.13",
  "description": "Commands for creating patches",
  "keywords": [
    "pnpm",
--- a/pnpm/CHANGELOG.md
+++ b/pnpm/CHANGELOG.md
@@ -1,5 +1,13 @@
 # pnpm

+## 11.0.8
+
+### Patch Changes
+
+- Restored the heuristic that preserves tarball URLs in `pnpm-lock.yaml` when they cannot be derived from name+version+registry, even with the default `lockfileIncludeTarballUrl: false`. Without this, `pnpm install --frozen-lockfile` from an empty store fails with `ERR_PNPM_FETCH_404` for packages on registries that serve tarballs from a non-standard path — most notably GitHub Packages (`https://npm.pkg.github.com/download/<scope>/<name>/<version>/<hash>`) and JSR. `lockfileIncludeTarballUrl: true` continues to force the URL into the lockfile for every package [#11276](https://github.com/pnpm/pnpm/issues/11276).
+- Run `preversion`, `version`, and `postversion` lifecycle scripts for `pnpm version`.
+- Fixed `ERR_PNPM_BAD_TARBALL_SIZE` when a registry serves tarballs with an end-to-end `Content-Encoding` (e.g. `gzip`). Tarballs are already compressed, so the fetcher now requests them with `Accept-Encoding: identity` (matching pnpm v10's effective behavior) and, as defense in depth against misbehaving servers, no longer enforces the strict `Content-Length` check when the response declares a `Content-Encoding` — `Content-Length` in that case refers to the encoded payload, not the decoded bytes the fetch implementation yields [#11506](https://github.com/pnpm/pnpm/issues/11506).
+
 ## 11.0.7

 ### Patch Changes
--- a/pnpm/artifacts/darwin-arm64/package.json
+++ b/pnpm/artifacts/darwin-arm64/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/macos-arm64",
-  "version": "11.0.7",
+  "version": "11.0.8",
  "keywords": [
    "pnpm",
    "pnpm11",
--- a/pnpm/artifacts/exe/package.json
+++ b/pnpm/artifacts/exe/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/exe",
-  "version": "11.0.7",
+  "version": "11.0.8",
  "description": "Fast, disk space efficient package manager",
  "keywords": [
    "pnpm",
--- a/pnpm/artifacts/linux-arm64-musl/package.json
+++ b/pnpm/artifacts/linux-arm64-musl/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/linuxstatic-arm64",
-  "version": "11.0.7",
+  "version": "11.0.8",
  "keywords": [
    "pnpm",
    "pnpm11",
--- a/pnpm/artifacts/linux-arm64/package.json
+++ b/pnpm/artifacts/linux-arm64/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/linux-arm64",
-  "version": "11.0.7",
+  "version": "11.0.8",
  "keywords": [
    "pnpm",
    "pnpm11",
--- a/pnpm/artifacts/linux-x64-musl/package.json
+++ b/pnpm/artifacts/linux-x64-musl/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/linuxstatic-x64",
-  "version": "11.0.7",
+  "version": "11.0.8",
  "keywords": [
    "pnpm",
    "pnpm11",
--- a/pnpm/artifacts/linux-x64/package.json
+++ b/pnpm/artifacts/linux-x64/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/linux-x64",
-  "version": "11.0.7",
+  "version": "11.0.8",
  "keywords": [
    "pnpm",
    "pnpm11",
--- a/pnpm/artifacts/win32-arm64/package.json
+++ b/pnpm/artifacts/win32-arm64/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/win-arm64",
-  "version": "11.0.7",
+  "version": "11.0.8",
  "keywords": [
    "pnpm",
    "pnpm11",
--- a/pnpm/artifacts/win32-x64/package.json
+++ b/pnpm/artifacts/win32-x64/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/win-x64",
-  "version": "11.0.7",
+  "version": "11.0.8",
  "keywords": [
    "pnpm",
    "pnpm11",
--- a/pnpm/package.json
+++ b/pnpm/package.json
@@ -1,6 +1,6 @@
 {
  "name": "pnpm",
-  "version": "11.0.7",
+  "version": "11.0.8",
  "description": "Fast, disk space efficient package manager",
  "keywords": [
    "pnpm",
--- a/releasing/commands/CHANGELOG.md
+++ b/releasing/commands/CHANGELOG.md
@@ -1,5 +1,14 @@
 # @pnpm/releasing.commands

+## 1100.2.10
+
+### Patch Changes
+
+- ce474cc: Run `preversion`, `version`, and `postversion` lifecycle scripts for `pnpm version`.
+  - @pnpm/lockfile.fs@1100.0.6
+  - @pnpm/installing.client@1100.0.11
+  - @pnpm/installing.commands@1100.1.11
+
 ## 1100.2.9

 ### Patch Changes
--- a/releasing/commands/package.json
+++ b/releasing/commands/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/releasing.commands",
-  "version": "1100.2.9",
+  "version": "1100.2.10",
  "description": "Commands for deploy, pack, and publish",
  "keywords": [
    "pnpm",
--- a/store/commands/CHANGELOG.md
+++ b/store/commands/CHANGELOG.md
@@ -1,5 +1,15 @@
 # @pnpm/store.commands

+## 1100.0.12
+
+### Patch Changes
+
+- Updated dependencies [cfa271b]
+  - @pnpm/lockfile.utils@1100.0.6
+  - @pnpm/installing.client@1100.0.11
+  - @pnpm/installing.context@1100.0.7
+  - @pnpm/store.connection-manager@1100.0.12
+
 ## 1100.0.11

 ### Patch Changes
--- a/store/commands/package.json
+++ b/store/commands/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@pnpm/store.commands",
-  "version": "1100.0.11",
+  "version": "1100.0.12",
  "description": "Commands for controlling and inspecting the store",
  "keywords": [
    "pnpm",
--- a/Show More
+++ b/Show More