mirror/pnpm - pnpm - Gitea: Git with a cup of tea

mirror/pnpm

Fork 0

mirror of https://github.com/pnpm/pnpm.git synced 2026-06-28 09:55:39 -04:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Abdullah Alaqeel	61969fbddf	fix(deps-status): detect lockfile-only changes (#12106 ) ## Summary Fixes `pnpm install` with `optimisticRepeatInstall` incorrectly returning `Already up to date` when `pnpm-lock.yaml` changed but project manifests did not. Fixes #12100. ## Root Cause `checkDepsStatus` used modified manifest mtimes as the only signal for whether it needed to validate dependency status. If no manifest was newer than `workspaceState.lastValidatedTimestamp`, it returned `upToDate: true` before checking whether the wanted lockfile had changed. That skipped lockfile validation for workflows like: - `git checkout HEAD~1 -- pnpm-lock.yaml` - restoring only `pnpm-lock.yaml` from a stash - external tools rewriting the lockfile without touching manifests ## Changes - Check wanted lockfile mtimes before taking the optimistic fast path. - If any wanted lockfile is missing or newer than the workspace state timestamp, validate all projects instead of only modified manifests. - Add a regression test proving a lockfile-only change does not skip wanted-lockfile validation. - Add a patch changeset for `@pnpm/deps.status` and `pnpm`. --------- Co-authored-by: Zoltan Kochan <z@kochan.io>	2026-06-16 22:04:07 +00:00
Zoltan Kochan	53668a42b8	fix: support explicit versions and --no-commit-hooks / --no-git-tag-version in `pnpm version` (#11299 ) * fix: support explicit versions and --no-commit-hooks / --no-git-tag-version in `pnpm version` Registers options under their canonical names so nopt correctly parses the `--no-` variants, accepts an explicit semver argument alongside bump types, and creates a git commit + annotated tag for the bump (honoring `--no-git-tag-version`, `--no-commit-hooks`, `--sign-git-tag`, `--message`, and `--tag-version-prefix`). Also fixes `--no-git-checks` which was parsed incorrectly. Closes #11271. chore: add gpgsign and newversion to cspell; set gpg sign config in version test * fix: address Copilot review feedback on pnpm version * fix: skip git commit and tag in recursive version runs * fix: address Copilot review feedback on pnpm version	2026-04-20 00:26:32 +02:00
Zoltan Kochan	f47ef4b125	refactor: reorganize monorepo domain structure (#10987 ) Reorganize the monorepo's top-level domain directories for clarity: - pkg-manager/ split into: - installing/ (core, headless, client, resolve-dependencies, etc.) - installing/linking/ (hoist, direct-dep-linker, modules-cleaner, etc.) - bins/ (link-bins, package-bins, remove-bins) - completion/ merged into cli/ - dedupe/ moved to installing/dedupe/ - env/ renamed to engine/ with subdomains: - engine/runtime/ (node.fetcher, node.resolver, plugin-commands-env, etc.) - engine/pm/ (plugin-commands-setup, plugin-commands-self-updater) - env.path moved to shell/ - tools/ and runtime/ dissolved - reviewing/ and lockfile audit packages moved to deps/: - deps/inspection/ (list, outdated, dependencies-hierarchy) - deps/compliance/ (audit, licenses, sbom) - registry/ moved to resolving/registry/ - semver/peer-range moved to deps/ - network/fetching-types moved to fetching/ - packages/ slimmed down, moving packages to proper domains: - calc-dep-state, dependency-path -> deps/ - parse-wanted-dependency -> resolving/ - git-utils -> network/ - naming-cases -> text/ - make-dedicated-lockfile -> lockfile/ - render-peer-issues -> installing/ - plugin-commands-doctor -> cli/ - plugin-commands-init -> workspace/ Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 13:45:54 +01:00

Abdullah Alaqeel

61969fbddf

fix(deps-status): detect lockfile-only changes (#12106 )

## Summary

Fixes `pnpm install` with `optimisticRepeatInstall` incorrectly returning `Already up to date` when `pnpm-lock.yaml` changed but project manifests did not.

Fixes #12100.

## Root Cause

`checkDepsStatus` used modified manifest mtimes as the only signal for whether it needed to validate dependency status. If no manifest was newer than `workspaceState.lastValidatedTimestamp`, it returned `upToDate: true` before checking whether the wanted lockfile had changed.

That skipped lockfile validation for workflows like:

- `git checkout HEAD~1 -- pnpm-lock.yaml`
- restoring only `pnpm-lock.yaml` from a stash
- external tools rewriting the lockfile without touching manifests

## Changes

- Check wanted lockfile mtimes before taking the optimistic fast path.
- If any wanted lockfile is missing or newer than the workspace state timestamp, validate all projects instead of only modified manifests.
- Add a regression test proving a lockfile-only change does not skip wanted-lockfile validation.
- Add a patch changeset for `@pnpm/deps.status` and `pnpm`.

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>

2026-06-16 22:04:07 +00:00

Zoltan Kochan

53668a42b8

fix: support explicit versions and --no-commit-hooks / --no-git-tag-version in pnpm version (#11299 )

* fix: support explicit versions and --no-commit-hooks / --no-git-tag-version in `pnpm version`

Registers options under their canonical names so nopt correctly parses the
`--no-*` variants, accepts an explicit semver argument alongside bump types,
and creates a git commit + annotated tag for the bump (honoring
`--no-git-tag-version`, `--no-commit-hooks`, `--sign-git-tag`, `--message`,
and `--tag-version-prefix`). Also fixes `--no-git-checks` which was parsed
incorrectly. Closes #11271.

* chore: add gpgsign and newversion to cspell; set gpg sign config in version test

* fix: address Copilot review feedback on pnpm version

* fix: skip git commit and tag in recursive version runs

* fix: address Copilot review feedback on pnpm version

2026-04-20 00:26:32 +02:00

Zoltan Kochan

f47ef4b125

refactor: reorganize monorepo domain structure (#10987 )

Reorganize the monorepo's top-level domain directories for clarity:

- pkg-manager/ split into:
  - installing/ (core, headless, client, resolve-dependencies, etc.)
  - installing/linking/ (hoist, direct-dep-linker, modules-cleaner, etc.)
  - bins/ (link-bins, package-bins, remove-bins)
- completion/ merged into cli/
- dedupe/ moved to installing/dedupe/
- env/ renamed to engine/ with subdomains:
  - engine/runtime/ (node.fetcher, node.resolver, plugin-commands-env, etc.)
  - engine/pm/ (plugin-commands-setup, plugin-commands-self-updater)
- env.path moved to shell/
- tools/ and runtime/ dissolved
- reviewing/ and lockfile audit packages moved to deps/:
  - deps/inspection/ (list, outdated, dependencies-hierarchy)
  - deps/compliance/ (audit, licenses, sbom)
- registry/ moved to resolving/registry/
- semver/peer-range moved to deps/
- network/fetching-types moved to fetching/
- packages/ slimmed down, moving packages to proper domains:
  - calc-dep-state, dependency-path -> deps/
  - parse-wanted-dependency -> resolving/
  - git-utils -> network/
  - naming-cases -> text/
  - make-dedicated-lockfile -> lockfile/
  - render-peer-issues -> installing/
  - plugin-commands-doctor -> cli/
  - plugin-commands-init -> workspace/

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-17 13:45:54 +01:00

3 Commits