Commit 993ba37
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
chore(deps): update pnpm to v11.0.9 (#770)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [pnpm](https://pnpm.io)
([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) |
[`11.0.8` →
`11.0.9`](https://renovatebot.com/diffs/npm/pnpm/11.0.8/11.0.9) |
|
|
---
### Release Notes
<details>
<summary>pnpm/pnpm (pnpm)</summary>
###
[`v11.0.9`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1109)
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.0.8...v11.0.9)
##### Patch Changes
- Fixed installation of GitLab-hosted dependencies. pnpm now downloads
the tarball from
`https://gitlab.com/<user>/<project>/-/archive/<sha>/<project>-<sha>.tar.gz`
instead of the GitLab API endpoint that contained an encoded slash
(`%2F`) between user and project. The encoded slash both triggered `406
Not Acceptable` responses from GitLab and produced virtual store
directory names that Node refused to import
(`ERR_INVALID_MODULE_SPECIFIER`)
[#​11533](https://redirect.github.com/pnpm/pnpm/issues/11533).
- Honor `NPM_CONFIG_USERCONFIG` (and its lowercase
`npm_config_userconfig` form) as a low-priority fallback when locating
the user-level `.npmrc`. This restores compatibility with environments
that point npm at a custom auth file via that env var — most notably
`actions/setup-node`, which writes registry credentials to
`${runner.temp}/.npmrc` and exports `NPM_CONFIG_USERCONFIG` to reference
it. Without this, GitHub Actions workflows using `actions/setup-node` to
authenticate to private registries broke after upgrading to pnpm v11.
PNPM-prefixed env vars and `npmrcAuthFile` from the global `config.yaml`
continue to take precedence
[#​11539](https://redirect.github.com/pnpm/pnpm/issues/11539).
- Fix `pnpm pack` not bundling dependencies listed in
`bundleDependencies` (or `bundledDependencies`). The npm-packlist
upgrade in pnpm 11 changed its API to require the caller to pre-populate
the dependency tree, which the wrapper was not doing —
`bundleDependencies` were silently dropped from the tarball
[#​11519](https://redirect.github.com/pnpm/pnpm/issues/11519).
- Fixed the pnpm CLI crashing with a confusing `SyntaxError: Invalid
regular expression flags` instead of printing a clear "requires Node.js
v22.13" error when launched on an unsupported Node.js version. The
Node.js version check in `bin/pnpm.mjs` was effectively dead code
because the static `import` of the bundled `dist/pnpm.mjs` was hoisted
by the ES module loader and parsed before the check could run
[#​11546](https://redirect.github.com/pnpm/pnpm/issues/11546).
- Fixed `pnpm --prefix=<dir> install` overwriting the existing
`pnpm-workspace.yaml` in `<dir>` with `set this to true or false`
placeholders. The renamed `--prefix` option (which maps to `dir`) was
not honored when locating the workspace root, so the workspace
manifest's `allowBuilds` settings were not loaded into config and got
clobbered when ignored builds were auto-populated
[#​11535](https://redirect.github.com/pnpm/pnpm/issues/11535).
- Fixed `pnpm publish --provenance` failing with a 422 from the registry
when the package version contained semver build metadata (e.g.
`1.0.0-canary.0+abc1234`). The `+<build>` segment is now stripped before
packing so that the version embedded in the tarball, the metadata sent
to the registry, and the sigstore provenance subject all agree
[#​11518](https://redirect.github.com/pnpm/pnpm/issues/11518).
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/node-modules/urllib).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent fbf0b94 commit 993ba37
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
111 | 111 | | |
112 | 112 | | |
113 | 113 | | |
114 | | - | |
| 114 | + | |
115 | 115 | | |
116 | 116 | | |
117 | 117 | | |
| |||
0 commit comments