Update pnpm to v10.9.0 #1105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

int128-renovate-merge-bot merged 1 commit into main from renovate/pnpm-10.x

Apr 21, 2025

+7 −7

Contributor

renovate bot commented Apr 21, 2025

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	`10.8.1` -> `10.9.0`

Release Notes

pnpm/pnpm (pnpm)

`v10.9.0`

Minor Changes

Added support for installing JSR packages. You can now install JSR packages using the following syntax:
```
pnpm add jsr:<pkg_name>
```
or with a version range:
```
pnpm add jsr:<pkg_name>@&#8203;<range>
```
For example, running:
```
pnpm add jsr:@&#8203;foo/bar
```
will add the following entry to your package.json:
```
{
  "dependencies": {
    "@&#8203;foo/bar": "jsr:^0.1.2"
  }
}
```
When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions:
```
{
  "dependencies": {
    "@&#8203;foo/bar": "npm:@&#8203;jsr/foo__bar@^0.1.2"
  }
}
```
Related issue: #8941.

Note: The @jsr scope defaults to https://npm.jsr.io/ if the @jsr:registry setting is not defined.
Added a new setting, dangerouslyAllowAllBuilds, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to pnpm-workspace.yaml:
```
neverBuiltDependencies: []
```
dangerouslyAllowAllBuilds has the same effect but also allows to be set globally via:
```
pnpm config set dangerouslyAllowAllBuilds true
```
It can also be set when running a command:
```
pnpm install --dangerously-allow-all-builds
```

Patch Changes

Fix a false negative in verifyDepsBeforeRun when nodeLinker is hoisted and there is a workspace package without dependencies and node_modules directory #9424.
Explicitly drop verifyDepsBeforeRun support for nodeLinker: pnp. Combining verifyDepsBeforeRun and nodeLinker: pnp will now print a warning.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


          Update pnpm to v10.9.0

2faa174

renovate bot added renovate renovate/pnpm labels

int128-renovate-merge-bot bot merged commit 9c9b6c9 into main

2 checks passed

int128-renovate-merge-bot bot deleted the renovate/pnpm-10.x branch

April 21, 2025 12:16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

renovate/pnpm renovate