chore(release): 11.0.0-rc.3

.changeset/add-pack-app-command.md

@@ -1,6 +0,0 @@
----
-"@pnpm/releasing.commands": minor
-"pnpm": minor
----
-
-Added a new `pnpm pack-app` command that packs a CommonJS entry file into a standalone executable for one or more target platforms, using the [Node.js Single Executable Applications](https://nodejs.org/api/single-executable-applications.html) API under the hood. Targets are specified as `<os>-<arch>[-<libc>]` (e.g. `linux-x64`, `linux-x64-musl`, `macos-arm64`, `win-x64`) and each produces an executable under `dist-app/<target>/` by default. Requires Node.js v25.5+ to perform the injection; an older host downloads Node.js v25 automatically.

.changeset/dev-engines-package-manager-compatible.md

@@ -1,6 +0,0 @@
----
-"@pnpm/config.reader": patch
-"pnpm": patch
----
-
-Do not print the `Cannot use both "packageManager" and "devEngines.packageManager" in package.json. "packageManager" will be ignored` warning when the two fields specify the exact same package manager name and version string. This lets projects keep both fields during the migration from `packageManager` to `devEngines.packageManager` without a noisy warning [#11301](https://github.com/pnpm/pnpm/issues/11301).

.changeset/fix-audit-fix-respects-audit-level.md

@@ -1,8 +0,0 @@
----
-"@pnpm/deps.compliance.commands": minor
-"pnpm": minor
----
-
-`pnpm audit --fix` now respects the `auditLevel` setting and supports a new interactive mode via `--interactive`/`-i`. Previously, `pnpm audit --fix` would fix all vulnerabilities regardless of the configured `auditLevel`, while `pnpm audit` (without `--fix`) correctly filtered by severity. Now both commands consistently filter advisories by the `auditLevel` setting, and you can use `pnpm audit --fix -i` to review and select which vulnerabilities to fix interactively.
-
-Overrides emitted by `pnpm audit --fix` now use a caret range (`^X.Y.Z`) instead of an open-ended `>=X.Y.Z`, so applying a security fix can no longer silently promote a dependency across a major version boundary.

.changeset/fix-directory-fetcher-absolute-path.md

@@ -1,6 +0,0 @@
----
-"@pnpm/fetching.directory-fetcher": patch
-"pnpm": patch
----
-
-Fix installing a directory dependency (`file:<dir>`) from an absolute path on a different drive on Windows. The directory fetcher was joining the stored directory onto `lockfileDir`, which on Windows concatenates an absolute cross-drive path literally (`path.join('D:\\...', 'C:\\Users\\...')` → `'D:\\...\\C:\\Users\\...'`). Use `path.resolve` so absolute paths are respected. This surfaced as an ENOENT during `pnpm setup` in CI when `PNPM_HOME` and the OS temp directory were on different drives.

.changeset/fix-git-dep-license-resolution.md

@@ -1,6 +0,0 @@
----
-"@pnpm/store.pkg-finder": patch
-"pnpm": patch
----
-
-Fixed `pnpm sbom` and `pnpm licenses` failing to resolve license information for git-sourced dependencies (`git+https://`, `git+ssh://`, `github:` shorthand). These commands now correctly read the package manifest from the content-addressable store for `type: 'git'` resolutions [#11260](https://github.com/pnpm/pnpm/issues/11260).

.changeset/fix-global-approve-builds-frozen-lockfile.md

@@ -1,6 +0,0 @@
----
-"@pnpm/building.commands": patch
-"pnpm": patch
----
-
-Fix `ERR_PNPM_OUTDATED_LOCKFILE` when approving builds during a global install. The `approve-builds` flow called by `pnpm add -g` passed the global packages directory to the subsequent install as `workspaceDir`, which caused sibling install directories (such as those left behind by `pnpm self-update`) to be picked up as workspace projects and fail the frozen-lockfile check.

.changeset/fix-peer-suffix-link-path.md

@@ -1,6 +0,0 @@
----
-"@pnpm/installing.deps-resolver": patch
-"pnpm": patch
----
-
-Restore the peer suffix encoding used by pnpm 10 for linked dependency paths. A `filenamify` upgrade changed how leading `./` and `../` segments were normalized, producing peer suffixes like `(b@+packages+b)` instead of `(b@packages+b)` for linked packages outside the workspace root, causing lockfile churn [#11272](https://github.com/pnpm/pnpm/issues/11272).

.changeset/fix-runtime-variant-virtual-store.md

@@ -1,13 +0,0 @@
----
-"@pnpm/deps.graph-hasher": minor
-"@pnpm/resolving.resolver-base": minor
-"@pnpm/installing.deps-installer": patch
-"@pnpm/installing.deps-resolver": patch
-"@pnpm/installing.deps-restorer": patch
-"@pnpm/installing.package-requester": patch
-"@pnpm/building.after-install": patch
-"@pnpm/deps.graph-builder": patch
-"pnpm": patch
----
-
-Fix: different platform variants of the same runtime (e.g. `node@runtime:25.9.0` glibc vs. musl) no longer share a single global-virtual-store entry. The virtual store path now incorporates the selected variant's integrity, so installs with different `--os`/`--cpu`/`--libc` end up in separate directories and `pnpm add --libc=musl node@runtime:<v>` reliably fetches the musl binary even when the glibc variant is already cached.

.changeset/minimum-release-age-ignore-missing-time.md

@@ -1,11 +0,0 @@
----
-"@pnpm/config.reader": minor
-"@pnpm/resolving.npm-resolver": minor
-"@pnpm/store.connection-manager": patch
-"@pnpm/deps.inspection.outdated": patch
-"@pnpm/exec.commands": patch
-"@pnpm/testing.command-defaults": patch
-"pnpm": minor
----
-
-Added a new setting `minimumReleaseAgeIgnoreMissingTime`, which is `true` by default. When enabled, pnpm skips the `minimumReleaseAge` maturity check if the registry metadata does not include the `time` field. Set to `false` to fail resolution instead.

.changeset/pnpm-version-missing-options.md

@@ -1,11 +0,0 @@
----
-"@pnpm/releasing.commands": minor
-"pnpm": minor
----
-
-Fixed and expanded `pnpm version` to match npm behavior:
-
-- Accept an explicit semver version (e.g. `pnpm version 1.2.3`) in addition to bump types.
-- Recognize `--no-commit-hooks`, `--no-git-tag-version`, `--sign-git-tag`, and `--message`.
-- Fix `--no-git-checks` which was previously parsed incorrectly.
-- Create a git commit and annotated tag for the version bump when running inside a git repository (unless `--no-git-tag-version` is used). `--message` supports `%s` replacement with the new version, and `--tag-version-prefix` controls the tag prefix (defaults to `v`). Git commits and tags are always skipped in recursive mode since multiple packages may be bumped to different versions in a single run [#11271](https://github.com/pnpm/pnpm/issues/11271).

.changeset/rename-exe-platform-packages.md

@@ -1,21 +0,0 @@
----
-"@pnpm/exe": major
-"pnpm": minor
----
-
-Renamed the platform-specific optional dependencies of `@pnpm/exe` to the new `@pnpm/exe.<platform>-<arch>[-<libc>]` scheme, using `process.platform` values (`linux`, `darwin`, `win32`) for the OS segment. The umbrella package `@pnpm/exe` itself is unchanged so existing `npm i -g @pnpm/exe` and `pnpm self-update` flows keep working.
-
-| before | after |
-| --- | --- |
-| `@pnpm/linux-x64` | `@pnpm/exe.linux-x64` |
-| `@pnpm/linux-arm64` | `@pnpm/exe.linux-arm64` |
-| `@pnpm/linuxstatic-x64` | `@pnpm/exe.linux-x64-musl` |
-| `@pnpm/linuxstatic-arm64` | `@pnpm/exe.linux-arm64-musl` |
-| `@pnpm/macos-x64` | `@pnpm/exe.darwin-x64` |
-| `@pnpm/macos-arm64` | `@pnpm/exe.darwin-arm64` |
-| `@pnpm/win-x64` | `@pnpm/exe.win32-x64` |
-| `@pnpm/win-arm64` | `@pnpm/exe.win32-arm64` |
-
-GitHub release asset filenames follow the same scheme — `pnpm-linuxstatic-x64.tar.gz` becomes `pnpm-linux-x64-musl.tar.gz`, `pnpm-macos-*` becomes `pnpm-darwin-*`, `pnpm-win-*` becomes `pnpm-win32-*`. Anyone downloading releases directly needs to use the new filenames; `get.pnpm.io/install.sh` and `install.ps1` will be updated in lockstep to accept both schemes based on the requested version.
-
-Resolves [#11314](https://github.com/pnpm/pnpm/issues/11314).

.changeset/sbom-legacy-licenses-array.md

@@ -1,9 +0,0 @@
----
-"@pnpm/deps.compliance.license-resolver": minor
-"@pnpm/deps.compliance.sbom": patch
-"@pnpm/deps.compliance.license-scanner": patch
-"@pnpm/deps.compliance.commands": patch
-"pnpm": patch
----
-
-`pnpm sbom` now detects licenses declared via the deprecated `licenses` array in `package.json` (e.g. `busboy`, `streamsearch`, `limiter`) and falls back to scanning on-disk `LICENSE` files — mirroring the resolution logic of `pnpm licenses`. Previously these packages were reported as `NOASSERTION`. Shared license resolution (manifest parsing + LICENSE-file fallback) lives in the new `@pnpm/deps.compliance.license-resolver` package. When a manifest sets both `license` and `licenses`, the modern `license` field now takes precedence for both commands (previously `pnpm licenses` preferred `licenses`) [#11248](https://github.com/pnpm/pnpm/issues/11248).

.meta-updater/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @pnpm-private/updater
 
+## 1100.0.3
+
+### Patch Changes
+
+- @pnpm/lockfile.fs@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

.meta-updater/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm-private/updater",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "private": true,
   "type": "module",
   "scripts": {

__utils__/assert-project/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @pnpm/assert-project
 
+## 1100.0.2
+
+### Patch Changes
+
+- @pnpm/lockfile.types@1100.0.2
+- @pnpm/assert-store@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

__utils__/assert-project/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@pnpm/assert-project",
   "description": "Utils for testing projects that use pnpm",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "author": {
     "name": "Zoltan Kochan",
     "email": "z@kochan.io",

__utils__/assert-store/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @pnpm/assert-store
 
+## 1100.0.2
+
+### Patch Changes
+
+- @pnpm/store.cafs@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

__utils__/assert-store/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@pnpm/assert-store",
   "description": "Utils for testing pnpm store",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "bugs": {
     "url": "https://github.com/pnpm/pnpm/issues"
   },

__utils__/jest-config/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @pnpm/jest-config
 
+## 1100.0.2
+
+### Patch Changes
+
+- @pnpm/worker@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

__utils__/jest-config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/jest-config",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "private": true,
   "main": "jest-preset.js",
   "type": "module",

__utils__/prepare/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @pnpm/prepare
 
+## 1100.0.2
+
+### Patch Changes
+
+- @pnpm/assert-project@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

__utils__/prepare/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/prepare",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
   "type": "module",

agent/client/CHANGELOG.md

@@ -0,0 +1,9 @@
+# @pnpm/agent.client
+
+## 0.0.1
+
+### Patch Changes
+
+- @pnpm/lockfile.types@1100.0.2
+- @pnpm/store.cafs@1100.0.2
+- @pnpm/worker@1100.0.2

agent/client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/agent.client",
-  "version": "0.0.0",
+  "version": "0.0.1",
   "description": "Client for pnpm agent server — sends store state, receives resolved lockfile and missing files",
   "keywords": [
     "pnpm",

agent/server/CHANGELOG.md

@@ -0,0 +1,13 @@
+# pnpm-agent
+
+## 0.0.1
+
+### Patch Changes
+
+- Updated dependencies [72c1e05]
+  - @pnpm/installing.deps-installer@1100.0.3
+  - @pnpm/installing.client@1100.0.3
+  - @pnpm/lockfile.types@1100.0.2
+  - @pnpm/store.controller@1100.0.2
+  - @pnpm/store.cafs@1100.0.2
+  - @pnpm/lockfile.fs@1100.0.2

agent/server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pnpm-agent",
-  "version": "0.0.1-0",
+  "version": "0.0.1",
   "description": "pnpm agent server for server-side resolution and store-aware downloads",
   "keywords": [
     "pnpm",

auth/commands/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @pnpm/auth.commands
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+
 ## 1100.0.2
 
 ### Patch Changes

auth/commands/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/auth.commands",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Commands for authentication with npm registries",
   "keywords": [
     "pnpm",

building/after-install/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @pnpm/building.after-install
 
+## 1100.0.3
+
+### Patch Changes
+
+- 72c1e05: Fix: different platform variants of the same runtime (e.g. `node@runtime:25.9.0` glibc vs. musl) no longer share a single global-virtual-store entry. The virtual store path now incorporates the selected variant's integrity, so installs with different `--os`/`--cpu`/`--libc` end up in separate directories and `pnpm add --libc=musl node@runtime:<v>` reliably fetches the musl binary even when the glibc variant is already cached.
+- Updated dependencies [7d25bc1]
+- Updated dependencies [72c1e05]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/deps.graph-hasher@1100.1.0
+  - @pnpm/store.connection-manager@1100.0.3
+  - @pnpm/exec.lifecycle@1100.0.3
+  - @pnpm/installing.context@1100.0.2
+  - @pnpm/lockfile.types@1100.0.2
+  - @pnpm/lockfile.utils@1100.0.2
+  - @pnpm/store.controller-types@1100.0.2
+  - @pnpm/store.cafs@1100.0.2
+  - @pnpm/lockfile.walker@1100.0.2
+  - @pnpm/worker@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

building/after-install/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/building.after-install",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Rebuild packages that are already installed by running their lifecycle scripts",
   "keywords": [
     "pnpm",

building/commands/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @pnpm/building.commands
 
+## 1100.0.3
+
+### Patch Changes
+
+- 7d9aae9: Fix `ERR_PNPM_OUTDATED_LOCKFILE` when approving builds during a global install. The `approve-builds` flow called by `pnpm add -g` passed the global packages directory to the subsequent install as `workspaceDir`, which caused sibling install directories (such as those left behind by `pnpm self-update`) to be picked up as workspace projects and fail the frozen-lockfile check.
+- Updated dependencies [7d25bc1]
+- Updated dependencies [72c1e05]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/building.after-install@1100.0.3
+  - @pnpm/store.connection-manager@1100.0.3
+  - @pnpm/installing.commands@1100.1.1
+  - @pnpm/config.writer@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

building/commands/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/building.commands",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Commands for rebuilding and managing dependency builds",
   "keywords": [
     "pnpm",

building/during-install/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @pnpm/building.during-install
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [72c1e05]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/deps.graph-hasher@1100.1.0
+  - @pnpm/exec.lifecycle@1100.0.3
+  - @pnpm/store.controller-types@1100.0.2
+  - @pnpm/worker@1100.0.2
+  - @pnpm/fs.hard-link-dir@1100.0.0
+  - @pnpm/patching.apply-patch@1100.0.0
+
 ## 1100.0.2
 
 ### Patch Changes

building/during-install/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/building.during-install",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Build packages in node_modules",
   "keywords": [
     "pnpm",

cache/api/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @pnpm/cache.api
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/resolving.npm-resolver@1100.1.0
+  - @pnpm/store.cafs@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

cache/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/cache.api",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "API for controlling the cache",
   "keywords": [
     "pnpm",

cache/commands/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @pnpm/cache.commands
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/cache.api@1100.0.3
+
 ## 1100.0.2
 
 ### Patch Changes

cache/commands/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/cache.commands",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Commands for controlling the cache",
   "keywords": [
     "pnpm",

cli/commands/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @pnpm/cli.commands
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+
 ## 1100.0.2
 
 ### Patch Changes

cli/commands/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/cli.commands",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Commands for pnpm CLI",
   "keywords": [
     "pnpm",

cli/default-reporter/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @pnpm/default-reporter
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+
 ## 1100.0.2
 
 ### Patch Changes

cli/default-reporter/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/cli.default-reporter",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "The default reporter of pnpm",
   "keywords": [
     "pnpm",

config/commands/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @pnpm/plugin-commands-config
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/workspace.workspace-manifest-writer@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

config/commands/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/config.commands",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Commands for reading and writing settings to/from config files",
   "keywords": [
     "pnpm",

config/reader/CHANGELOG.md

@@ -1,5 +1,16 @@
 # @pnpm/config
 
+## 1101.1.0
+
+### Minor Changes
+
+- 9e0833c: Added a new setting `minimumReleaseAgeIgnoreMissingTime`, which is `true` by default. When enabled, pnpm skips the `minimumReleaseAge` maturity check if the registry metadata does not include the `time` field. Set to `false` to fail resolution instead.
+
+### Patch Changes
+
+- 7d25bc1: Do not print the `Cannot use both "packageManager" and "devEngines.packageManager" in package.json. "packageManager" will be ignored` warning when the two fields specify the exact same package manager name and version string. This lets projects keep both fields during the migration from `packageManager` to `devEngines.packageManager` without a noisy warning [#11301](https://github.com/pnpm/pnpm/issues/11301).
+  - @pnpm/hooks.pnpmfile@1100.0.2
+
 ## 1101.0.0
 
 ### Major Changes

config/reader/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/config.reader",
-  "version": "1101.0.0",
+  "version": "1101.1.0",
   "description": "Gets configuration options for pnpm",
   "keywords": [
     "pnpm",

config/writer/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @pnpm/config.config-writer
 
+## 1100.0.2
+
+### Patch Changes
+
+- @pnpm/workspace.workspace-manifest-writer@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

config/writer/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/config.writer",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "description": "Functions for updating the configuration settings",
   "keywords": [
     "pnpm",

deps/compliance/audit/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @pnpm/audit
 
+## 1101.0.1
+
+### Patch Changes
+
+- @pnpm/lockfile.types@1100.0.2
+- @pnpm/lockfile.utils@1100.0.2
+- @pnpm/lockfile.detect-dep-types@1100.0.2
+- @pnpm/lockfile.fs@1100.0.2
+- @pnpm/lockfile.walker@1100.0.2
+
 ## 1101.0.0
 
 ### Major Changes

deps/compliance/audit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.compliance.audit",
-  "version": "1101.0.0",
+  "version": "1101.0.1",
   "description": "Audit a lockfile",
   "keywords": [
     "pnpm",

deps/compliance/commands/CHANGELOG.md

@@ -1,5 +1,31 @@
 # @pnpm/deps.compliance.commands
 
+## 1101.1.0
+
+### Minor Changes
+
+- 390ee62: `pnpm audit --fix` now respects the `auditLevel` setting and supports a new interactive mode via `--interactive`/`-i`. Previously, `pnpm audit --fix` would fix all vulnerabilities regardless of the configured `auditLevel`, while `pnpm audit` (without `--fix`) correctly filtered by severity. Now both commands consistently filter advisories by the `auditLevel` setting, and you can use `pnpm audit --fix -i` to review and select which vulnerabilities to fix interactively.
+
+  Overrides emitted by `pnpm audit --fix` now use a caret range (`^X.Y.Z`) instead of an open-ended `>=X.Y.Z`, so applying a security fix can no longer silently promote a dependency across a major version boundary.
+
+### Patch Changes
+
+- 61952c2: `pnpm sbom` now detects licenses declared via the deprecated `licenses` array in `package.json` (e.g. `busboy`, `streamsearch`, `limiter`) and falls back to scanning on-disk `LICENSE` files — mirroring the resolution logic of `pnpm licenses`. Previously these packages were reported as `NOASSERTION`. Shared license resolution (manifest parsing + LICENSE-file fallback) lives in the new `@pnpm/deps.compliance.license-resolver` package. When a manifest sets both `license` and `licenses`, the modern `license` field now takes precedence for both commands (previously `pnpm licenses` preferred `licenses`) [#11248](https://github.com/pnpm/pnpm/issues/11248).
+- Updated dependencies [7d25bc1]
+- Updated dependencies [9e0833c]
+- Updated dependencies [61952c2]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/deps.compliance.license-resolver@1100.0.0
+  - @pnpm/deps.compliance.sbom@1100.0.3
+  - @pnpm/deps.compliance.license-scanner@1100.0.3
+  - @pnpm/installing.commands@1100.1.1
+  - @pnpm/lockfile.types@1100.0.2
+  - @pnpm/lockfile.utils@1100.0.2
+  - @pnpm/deps.compliance.audit@1101.0.1
+  - @pnpm/lockfile.fs@1100.0.2
+  - @pnpm/lockfile.walker@1100.0.2
+  - @pnpm/config.writer@1100.0.2
+
 ## 1101.0.1
 
 ### Patch Changes

deps/compliance/commands/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.compliance.commands",
-  "version": "1101.0.1",
+  "version": "1101.1.0",
   "description": "pnpm commands for audit, licenses, and sbom",
   "keywords": [
     "pnpm",

deps/compliance/license-resolver/CHANGELOG.md

@@ -0,0 +1,7 @@
+# @pnpm/deps.compliance.license-resolver
+
+## 1100.0.0
+
+### Minor Changes
+
+- 61952c2: `pnpm sbom` now detects licenses declared via the deprecated `licenses` array in `package.json` (e.g. `busboy`, `streamsearch`, `limiter`) and falls back to scanning on-disk `LICENSE` files — mirroring the resolution logic of `pnpm licenses`. Previously these packages were reported as `NOASSERTION`. Shared license resolution (manifest parsing + LICENSE-file fallback) lives in the new `@pnpm/deps.compliance.license-resolver` package. When a manifest sets both `license` and `licenses`, the modern `license` field now takes precedence for both commands (previously `pnpm licenses` preferred `licenses`) [#11248](https://github.com/pnpm/pnpm/issues/11248).

deps/compliance/license-resolver/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.compliance.license-resolver",
-  "version": "1100.0.0-0",
+  "version": "1100.0.0",
   "description": "Resolve a package's license from its manifest or on-disk LICENSE file",
   "keywords": [
     "pnpm",

deps/compliance/license-scanner/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @pnpm/license-scanner
 
+## 1100.0.3
+
+### Patch Changes
+
+- 61952c2: `pnpm sbom` now detects licenses declared via the deprecated `licenses` array in `package.json` (e.g. `busboy`, `streamsearch`, `limiter`) and falls back to scanning on-disk `LICENSE` files — mirroring the resolution logic of `pnpm licenses`. Previously these packages were reported as `NOASSERTION`. Shared license resolution (manifest parsing + LICENSE-file fallback) lives in the new `@pnpm/deps.compliance.license-resolver` package. When a manifest sets both `license` and `licenses`, the modern `license` field now takes precedence for both commands (previously `pnpm licenses` preferred `licenses`) [#11248](https://github.com/pnpm/pnpm/issues/11248).
+- Updated dependencies [bcc88a1]
+- Updated dependencies [61952c2]
+  - @pnpm/store.pkg-finder@1100.0.3
+  - @pnpm/deps.compliance.license-resolver@1100.0.0
+  - @pnpm/lockfile.types@1100.0.2
+  - @pnpm/lockfile.utils@1100.0.2
+  - @pnpm/lockfile.detect-dep-types@1100.0.2
+  - @pnpm/lockfile.fs@1100.0.2
+  - @pnpm/lockfile.walker@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

deps/compliance/license-scanner/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.compliance.license-scanner",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Check for licenses packages",
   "keywords": [
     "pnpm",

deps/compliance/sbom/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @pnpm/deps.compliance.sbom
 
+## 1100.0.3
+
+### Patch Changes
+
+- 61952c2: `pnpm sbom` now detects licenses declared via the deprecated `licenses` array in `package.json` (e.g. `busboy`, `streamsearch`, `limiter`) and falls back to scanning on-disk `LICENSE` files — mirroring the resolution logic of `pnpm licenses`. Previously these packages were reported as `NOASSERTION`. Shared license resolution (manifest parsing + LICENSE-file fallback) lives in the new `@pnpm/deps.compliance.license-resolver` package. When a manifest sets both `license` and `licenses`, the modern `license` field now takes precedence for both commands (previously `pnpm licenses` preferred `licenses`) [#11248](https://github.com/pnpm/pnpm/issues/11248).
+- Updated dependencies [bcc88a1]
+- Updated dependencies [61952c2]
+  - @pnpm/store.pkg-finder@1100.0.3
+  - @pnpm/deps.compliance.license-resolver@1100.0.0
+  - @pnpm/lockfile.types@1100.0.2
+  - @pnpm/lockfile.utils@1100.0.2
+  - @pnpm/lockfile.detect-dep-types@1100.0.2
+  - @pnpm/lockfile.walker@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

deps/compliance/sbom/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.compliance.sbom",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Generate SBOM from pnpm lockfile",
   "keywords": [
     "pnpm",

deps/graph-builder/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @pnpm/deps.graph-builder
 
+## 1100.0.2
+
+### Patch Changes
+
+- 72c1e05: Fix: different platform variants of the same runtime (e.g. `node@runtime:25.9.0` glibc vs. musl) no longer share a single global-virtual-store entry. The virtual store path now incorporates the selected variant's integrity, so installs with different `--os`/`--cpu`/`--libc` end up in separate directories and `pnpm add --libc=musl node@runtime:<v>` reliably fetches the musl binary even when the glibc variant is already cached.
+- Updated dependencies [72c1e05]
+  - @pnpm/deps.graph-hasher@1100.1.0
+  - @pnpm/hooks.types@1100.0.2
+  - @pnpm/lockfile.utils@1100.0.2
+  - @pnpm/store.controller-types@1100.0.2
+  - @pnpm/lockfile.fs@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

deps/graph-builder/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.graph-builder",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "description": "A package for building a dependency graph from a lockfile",
   "keywords": [
     "pnpm",

deps/graph-hasher/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @pnpm/calc-dep-state
 
+## 1100.1.0
+
+### Minor Changes
+
+- 72c1e05: Fix: different platform variants of the same runtime (e.g. `node@runtime:25.9.0` glibc vs. musl) no longer share a single global-virtual-store entry. The virtual store path now incorporates the selected variant's integrity, so installs with different `--os`/`--cpu`/`--libc` end up in separate directories and `pnpm add --libc=musl node@runtime:<v>` reliably fetches the musl binary even when the glibc variant is already cached.
+
+### Patch Changes
+
+- Updated dependencies [72c1e05]
+  - @pnpm/resolving.resolver-base@1100.1.0
+  - @pnpm/lockfile.types@1100.0.2
+  - @pnpm/lockfile.utils@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

deps/graph-hasher/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.graph-hasher",
-  "version": "1100.0.1",
+  "version": "1100.1.0",
   "description": "Calculates the state of a dependency",
   "keywords": [
     "pnpm",

deps/inspection/commands/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @pnpm/deps.inspection.commands
 
+## 1100.1.2
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/resolving.npm-resolver@1100.1.0
+  - @pnpm/deps.inspection.outdated@1100.0.3
+  - @pnpm/global.commands@1100.0.3
+  - @pnpm/resolving.default-resolver@1100.0.3
+  - @pnpm/lockfile.fs@1100.0.2
+  - @pnpm/deps.inspection.list@1100.0.3
+  - @pnpm/deps.inspection.peers-checker@1100.0.2
+
 ## 1100.1.1
 
 ### Patch Changes

deps/inspection/commands/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.inspection.commands",
-  "version": "1100.1.1",
+  "version": "1100.1.2",
   "description": "The list, ll, why, and outdated commands of pnpm",
   "keywords": [
     "pnpm",

deps/inspection/list/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @pnpm/list
 
+## 1100.0.3
+
+### Patch Changes
+
+- @pnpm/lockfile.fs@1100.0.2
+- @pnpm/deps.inspection.tree-builder@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

deps/inspection/list/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.inspection.list",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "List installed packages in a symlinked `node_modules`",
   "keywords": [
     "pnpm",

deps/inspection/outdated/CHANGELOG.md

@@ -1,5 +1,16 @@
 # @pnpm/outdated
 
+## 1100.0.3
+
+### Patch Changes
+
+- 9e0833c: Added a new setting `minimumReleaseAgeIgnoreMissingTime`, which is `true` by default. When enabled, pnpm skips the `minimumReleaseAge` maturity check if the registry metadata does not include the `time` field. Set to `false` to fail resolution instead.
+- Updated dependencies [9e0833c]
+  - @pnpm/resolving.npm-resolver@1100.1.0
+  - @pnpm/installing.client@1100.0.3
+  - @pnpm/lockfile.utils@1100.0.2
+  - @pnpm/lockfile.fs@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

deps/inspection/outdated/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.inspection.outdated",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Check for outdated packages",
   "keywords": [
     "pnpm",

deps/inspection/peers-checker/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @pnpm/deps.inspection.peers-checker
 
+## 1100.0.2
+
+### Patch Changes
+
+- @pnpm/lockfile.fs@1100.0.2
+- @pnpm/lockfile.walker@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

deps/inspection/peers-checker/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.inspection.peers-checker",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "description": "Check for unmet and missing peer dependency issues from the lockfile",
   "keywords": [
     "pnpm",

deps/inspection/tree-builder/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @pnpm/reviewing.dependencies-hierarchy
 
+## 1100.0.2
+
+### Patch Changes
+
+- @pnpm/lockfile.utils@1100.0.2
+- @pnpm/store.cafs@1100.0.2
+- @pnpm/lockfile.detect-dep-types@1100.0.2
+- @pnpm/lockfile.fs@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

deps/inspection/tree-builder/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.inspection.tree-builder",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "description": "Creates a dependencies hierarchy for a symlinked `node_modules`",
   "keywords": [
     "pnpm",

deps/status/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @pnpm/deps.status
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [72c1e05]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/resolving.resolver-base@1100.1.0
+  - @pnpm/workspace.state@1100.0.3
+  - @pnpm/installing.context@1100.0.2
+  - @pnpm/lockfile.verification@1100.0.2
+  - @pnpm/lockfile.fs@1100.0.2
+  - @pnpm/lockfile.settings-checker@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

deps/status/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/deps.status",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Check dependencies status",
   "keywords": [
     "pnpm",

engine/pm/commands/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @pnpm/engine.pm.commands
 
+## 1101.0.1
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [72c1e05]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/deps.graph-hasher@1100.1.0
+  - @pnpm/installing.deps-restorer@1100.0.3
+  - @pnpm/resolving.npm-resolver@1100.1.0
+  - @pnpm/store.connection-manager@1100.0.3
+  - @pnpm/global.commands@1100.0.3
+  - @pnpm/installing.client@1100.0.3
+  - @pnpm/installing.env-installer@1100.1.1
+  - @pnpm/lockfile.types@1100.0.2
+  - @pnpm/store.controller@1100.0.2
+
 ## 1101.0.0
 
 ### Major Changes

engine/pm/commands/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/engine.pm.commands",
-  "version": "1101.0.0",
+  "version": "1101.0.1",
   "description": "pnpm commands for self-updating and setting up pnpm",
   "keywords": [
     "pnpm",

engine/runtime/bun-resolver/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @pnpm/resolving.bun-resolver
 
+## 1100.0.2
+
+### Patch Changes
+
+- Updated dependencies [72c1e05]
+- Updated dependencies [9e0833c]
+  - @pnpm/resolving.resolver-base@1100.1.0
+  - @pnpm/resolving.npm-resolver@1100.1.0
+  - @pnpm/fetching.fetcher-base@1100.0.2
+  - @pnpm/fetching.binary-fetcher@1100.0.2
+  - @pnpm/worker@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

engine/runtime/bun-resolver/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/engine.runtime.bun-resolver",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "description": "Resolves the Bun runtime",
   "keywords": [
     "pnpm",

engine/runtime/commands/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @pnpm/engine.runtime.commands
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/engine.runtime.node-resolver@1100.0.3
+
 ## 1100.0.2
 
 ### Patch Changes

engine/runtime/commands/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/engine.runtime.commands",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "pnpm commands for managing runtimes",
   "keywords": [
     "pnpm",

engine/runtime/deno-resolver/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @pnpm/resolving.deno-resolver
 
+## 1100.0.2
+
+### Patch Changes
+
+- Updated dependencies [72c1e05]
+- Updated dependencies [9e0833c]
+  - @pnpm/resolving.resolver-base@1100.1.0
+  - @pnpm/resolving.npm-resolver@1100.1.0
+  - @pnpm/fetching.fetcher-base@1100.0.2
+  - @pnpm/fetching.binary-fetcher@1100.0.2
+  - @pnpm/worker@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

engine/runtime/deno-resolver/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/engine.runtime.deno-resolver",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "description": "Resolves the Deno runtime",
   "keywords": [
     "pnpm",

engine/runtime/node-resolver/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @pnpm/node.resolver
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [7d25bc1]
+- Updated dependencies [72c1e05]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/resolving.resolver-base@1100.1.0
+
 ## 1100.0.2
 
 ### Patch Changes

engine/runtime/node-resolver/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/engine.runtime.node-resolver",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Resolves a Node.js version specifier to an exact Node.js version",
   "keywords": [
     "pnpm",

exec/commands/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @pnpm/plugin-commands-script-runners
 
+## 1100.0.3
+
+### Patch Changes
+
+- 9e0833c: Added a new setting `minimumReleaseAgeIgnoreMissingTime`, which is `true` by default. When enabled, pnpm skips the `minimumReleaseAge` maturity check if the registry metadata does not include the `time` field. Set to `false` to fail resolution instead.
+- Updated dependencies [7d25bc1]
+- Updated dependencies [9e0833c]
+  - @pnpm/config.reader@1101.1.0
+  - @pnpm/deps.status@1100.0.3
+  - @pnpm/engine.runtime.commands@1100.0.3
+  - @pnpm/installing.commands@1100.1.1
+  - @pnpm/exec.lifecycle@1100.0.3
+  - @pnpm/installing.client@1100.0.3
+  - @pnpm/workspace.injected-deps-syncer@1100.0.3
+  - @pnpm/crypto.hash@1100.0.0
+
 ## 1100.0.2
 
 ### Patch Changes

exec/commands/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/exec.commands",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Commands for running scripts",
   "keywords": [
     "pnpm",

exec/lifecycle/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @pnpm/lifecycle
 
+## 1100.0.3
+
+### Patch Changes
+
+- Updated dependencies [e03e8f4]
+  - @pnpm/fetching.directory-fetcher@1100.0.3
+  - @pnpm/store.controller-types@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

exec/lifecycle/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/exec.lifecycle",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Package lifecycle hook runner",
   "keywords": [
     "pnpm",

exec/prepare-package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @pnpm/prepare-package
 
+## 1100.0.3
+
+### Patch Changes
+
+- @pnpm/exec.lifecycle@1100.0.3
+
 ## 1100.0.2
 
 ### Patch Changes

exec/prepare-package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/exec.prepare-package",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "Prepares a Git-hosted package",
   "keywords": [
     "pnpm",

fetching/binary-fetcher/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @pnpm/fetching.binary-fetcher
 
+## 1100.0.2
+
+### Patch Changes
+
+- @pnpm/fetching.fetcher-base@1100.0.2
+- @pnpm/worker@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

fetching/binary-fetcher/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/fetching.binary-fetcher",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "description": "A fetcher for binary archives",
   "keywords": [
     "pnpm",

fetching/directory-fetcher/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @pnpm/directory-fetcher
 
+## 1100.0.3
+
+### Patch Changes
+
+- e03e8f4: Fix installing a directory dependency (`file:<dir>`) from an absolute path on a different drive on Windows. The directory fetcher was joining the stored directory onto `lockfileDir`, which on Windows concatenates an absolute cross-drive path literally (`path.join('D:\\...', 'C:\\Users\\...')` → `'D:\\...\\C:\\Users\\...'`). Use `path.resolve` so absolute paths are respected. This surfaced as an ENOENT during `pnpm setup` in CI when `PNPM_HOME` and the OS temp directory were on different drives.
+- Updated dependencies [72c1e05]
+  - @pnpm/resolving.resolver-base@1100.1.0
+  - @pnpm/fetching.fetcher-base@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

fetching/directory-fetcher/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/fetching.directory-fetcher",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "A fetcher for local directory packages",
   "keywords": [
     "pnpm",

fetching/fetcher-base/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @pnpm/fetcher-base
 
+## 1100.0.2
+
+### Patch Changes
+
+- Updated dependencies [72c1e05]
+  - @pnpm/resolving.resolver-base@1100.1.0
+
 ## 1100.0.1
 
 ### Patch Changes

fetching/fetcher-base/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/fetching.fetcher-base",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "description": "Types for pnpm-compatible fetchers",
   "keywords": [
     "pnpm",

fetching/git-fetcher/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @pnpm/git-fetcher
 
+## 1100.0.3
+
+### Patch Changes
+
+- @pnpm/fetching.fetcher-base@1100.0.2
+- @pnpm/exec.prepare-package@1100.0.3
+- @pnpm/worker@1100.0.2
+
 ## 1100.0.2
 
 ### Patch Changes

fetching/git-fetcher/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/fetching.git-fetcher",
-  "version": "1100.0.2",
+  "version": "1100.0.3",
   "description": "A fetcher for git-hosted packages",
   "keywords": [
     "pnpm",

fetching/pick-fetcher/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @pnpm/pick-fetcher
 
+## 1100.0.2
+
+### Patch Changes
+
+- Updated dependencies [72c1e05]
+  - @pnpm/resolving.resolver-base@1100.1.0
+  - @pnpm/fetching.fetcher-base@1100.0.2
+  - @pnpm/hooks.types@1100.0.2
+
 ## 1100.0.1
 
 ### Patch Changes

fetching/pick-fetcher/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pnpm/fetching.pick-fetcher",
-  "version": "1100.0.1",
+  "version": "1100.0.2",
   "description": "Pick a package fetcher by type",
   "keywords": [
     "pnpm",