chore(deps): update pnpm to v8.6.12

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	8.6.2 -> 8.6.12

---

Release Notes

pnpm/pnpm (pnpm)

v8.6.12

Compare Source

Patch Changes

• Make the error message friendlier when a user attempts to run a command that does not exist #​6887.
• pnpm patch should work correctly when shared-workspace-file is set to false #​6885.
• pnpm env use should retry deleting the previous Node.js executable #​6587.
• pnpm dlx should not print an error stack when the underlying script execution fails #​6698.
• When showing the download progress of large tarball files, always display the same number of digits after the decimal point #​6901.
• Report download progress less frequently to improve performance #​6906.
• pnpm install --frozen-lockfile --lockfile-only should fail if the lockfile is not up to date with the package.json files #​6913.

Our Gold Sponsors

Our Silver Sponsors

v8.6.11

Compare Source

Patch Changes

• Change the install error message when a lockfile is wanted but absent to indicate the wanted lockfile is absent, not present. This now reflects the actual error #​6851.
• When dealing with a local dependency that is a path to a symlink, a new symlink should be created to the original symlink, not to the actual directory location.
• The length of the temporary file names in the content-addressable store reduced in order to prevent ENAMETOOLONG errors from happening #​6842.
• Don't print "added" stats, when installing with --lockfile-only.
• Installation of a git-hosted dependency should not fail if the pnpm-lock.yaml file of the installed dependency is not up-to-date #​6865.
• Don't ignore empty strings in params #​6594.
• Always set dedupe-peer-dependents to false, when running installation during deploy #​6858.
• When several containers use the same store simultaneously, there's a chance that multiple containers may create a temporary file at the same time. In such scenarios, pnpm could fail to rename the temporary file in one of the containers. This issue has been addressed: pnpm will no longer fail if the temporary file is absent but the destination file exists.
• Authorization token should be found in the configuration, when the requested URL is explicitly specified with a default port (443 on HTTPS or 80 on HTTP) #​6863.

Our Gold Sponsors

Our Silver Sponsors

v8.6.10

Compare Source

Patch Changes

• Installation succeeds if a non-optional dependency of an optional dependency has failing installation scripts #​6822.
• The length of the temporary file names in the content-addressable store reduced in order to prevent ENAMETOOLONG errors from happening #​6842.
• Ignore empty patch content when patch-commit.
• Sort keys in packageExtensions before calculating packageExtensionsChecksum #​6824.
• Pass the right scheme to git ls-remote in order to prevent a fallback to git+ssh that would result in a 'host key verification failed' issue #​6806
• The "postpublish" script of a git-hosted dependency is not executed, while building the dependency #​6822.

Our Gold Sponsors

Our Silver Sponsors

v8.6.9

Compare Source

Patch Changes

• Temporarily revert the fix to #​6805 to fix the regression it caused #​6827.

Our Gold Sponsors

Our Silver Sponsors

v8.6.8

Compare Source

Patch Changes

• When the same file is appended multiple times into a tarball, the last occurrence is selected when unpacking the tarball.
• Fixed a bug in which pnpm passed the wrong scheme to git ls-remote, causing a fallback to git+ssh and resulting in a 'host key verification failed' issue #​6805.
• Added support for publishConfig.registry in package.json for publishing #​6775.
• pnpm rebuild now uploads the built artifacts to the content-addressable store.
• If a command cannot be created in .bin, the exact error message is now displayed.
• Treat linked dependencies with a tag version type as up-to-date #​6592.
• pnpm setup now prints more details when it cannot detect the active shell.

Our Gold Sponsors

Our Silver Sponsors

v8.6.7

Compare Source

Patch Changes

• Ensure consistent output for scripts executed concurrently, both within a single project and across multiple projects. Each script's output will now be printed in a separate section of the terminal, when running multiple scripts in a single project using regex #​6692.
• The --parallel CLI flag should work on single project #​6692.
• Optimizing project manifest normalization, reducing amoung of data copying #​6763.
• Move loading wantedLockfile outside dependenciesHierarchyForPackage, preventing OOM crash when loading the same lock file too many times #​6757.
• Replace ineffective use of ramda difference with better alternative #​6760.

Our Gold Sponsors

Our Silver Sponsors

v8.6.6

Compare Source

Patch Changes

• Installation of a git-hosted dependency without package.json should not fail, when the dependency is read from cache #​6721.
• Local workspace bin files that should be compiled first are linked to dependent projects after compilation #​1801.
• Prefer versions found in parent package dependencies only #​6737.
• Multiple performance optimizations implemented by @​zxbodya:
  • avoid copying preferredVersions object #​6735
  • avoid object copy in resolvePeersOfNode #​6736
  • preferredVersions in resolveDependenciesOfImporters #​6748
  • remove ramda isEmpty usages #​6753
  • use Maps and Sets instead of objects #​6749
  • optimize splitNodeId, fix invalid nodeId #​6755

Our Gold Sponsors

Our Silver Sponsors

v8.6.5

Compare Source

Patch Changes

• Improve the performance of searching for auth tokens #​6717.

Our Gold Sponsors

Our Silver Sponsors

v8.6.4

Compare Source

Patch Changes

• In cases where both aliased and non-aliased dependencies exist to the same package, non-aliased dependencies will be used for resolving peer dependencies, addressing issue #​6588.
• Ignore the port in the URL, while searching for authentication token in the .npmrc file #​6354.
• Don't add the version of a local directory dependency to the lockfile. This information is not used anywhere by pnpm and is only causing more Git conflicts #​6695.

Our Gold Sponsors

Our Silver Sponsors

v8.6.3

Compare Source

Patch Changes

• When running a script in multiple projects, the script outputs should preserve colours #​2148.
• Don't crash when the APPDATA env variable is not set on Windows #​6659.
• Don't fail when a package is archived in a tarball with malformed tar headers #​5362.
• Peer dependencies of subdependencies should be installed, when node-linker is set to hoisted #​6680.
• Throw a meaningful error when applying a patch to a dependency fails.
• pnpm update --global --latest should work #​3779.
• pnpm license ls should work even when there is a patched git protocol dependency #​6595

Our Gold Sponsors

Our Silver Sponsors

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.