mirror of
https://github.com/pnpm/pnpm.git
synced 2026-04-15 20:49:40 -04:00
15549a9445
* feat(audit): add fix update mode Add the ability to fix vulnerabilities by updating packages in the lockfile instead of adding overrides. * revert: remove audit-registry parameter * fix: properly invoke audit command recursively on workspace * fix: negative weight version priority & top-level pinned dep updating * refactor: apply packageVulnerabilityAudit version preferences earlier * chore: update changeset * fix: vulnerability penalties are greater than direct dep weight * test: use nock on mock registry directly * fix: exit with 1 if it can't resolve all vulnerabilities to match npm * fix: properly update workspace top-level pinned vulnerable dependencies * fix: update lockfile * fix: update vulnerabilities in catalogs * chore: sync pnpm-lock.yaml with main