Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates #9498

Closed
wants to merge 1 commit into from
Closed

Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates #9498

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 14, 2024
edited

Bumps the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates: @pnpm/lockfile-file and @pnpm/dependency-path.

Updates @pnpm/lockfile-file from 8.1.6 to 9.0.0

Release notes

Sourced from @​pnpm/lockfile-file's releases.

v9.0.0-rc.2

Installation instructions: https://pnpm.io/9.x/installation

Major Changes

  • Node.js v16 support dropped. Use at least Node.js v18.12.

  • Lockfile version bumped to v9.

  • Support for lockfile v5 is dropped. Use pnpm v8 to convert lockfile v5 to lockfile v6 #7470.

  • The dedupe-injected-deps setting is true by default.

  • The default value of the link-workspace-packages setting changed from true to false. This means that by default, dependencies will be linked from workspace packages only when they are specified using the workspace protocol.

  • The default value of the hoist-workspace-packages is true.

  • pnpm licenses list prints license information of all versions of the same package in case different versions use different licenses. The format of the pnpm licenses list --json output has been changed #7528.

  • A new command added for printing completion code to the console: pnpm completion [shell]. The old command that modified the user's shell dotfiles has been removed #3083.

  • pnpm will now check the package.json file for a packageManager field. If this field is present and specifies a different package manager or a different version of pnpm than the one you're currently using, pnpm will not proceed. This ensures that you're always using the correct package manager and version that the project requires.

  • enable-pre-post-scripts is set to true by default. This means that when you run a script like start, prestart and poststart will also run.

  • When installing git-hosted dependencies, only pick the files that would be packed with the package #7638.

  • Use the same directory for state files on macOS as on Linux (~/.local/state/pnpm).

  • Peer dependencies of peer dependencies are now resolved correctly. When peer dependencies have peer dependencies of their own, the peer dependencies are grouped with their own peer dependencies before being linked to their dependents.

    For instance, if card has react in peer dependencies and react has typescript in its peer dependencies, then the same version of react may be linked from different places if there are multiple versions of typescript. For instance:

    project1/package.json
{
  "dependencies": {
    "card": "1.0.0",
    "react": "16.8.0",
    "typescript": "7.0.0"
  }
}
project2/package.json
{
  "dependencies": {
    "card": "1.0.0",
    "react": "16.8.0",
    "typescript": "8.0.0"
  }
}
node_modules

... (truncated)

Commits

Updates @pnpm/dependency-path from 2.1.7 to 3.0.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot requested a review from a team as a code owner April 14, 2024 16:48
@dependabot dependabot bot added dependencies javascript Dependabot pull requests that update Javascript code labels Apr 14, 2024
@dependabot dependabot bot mentioned this pull request Apr 14, 2024
Closed
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn/helpers/pnpm-dependencies-7e200d5c0c branch 4 times, most recently from ae91319 to 7e289d0 Compare April 18, 2024 17:48
@dependabot
Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates
645c8f7 
Bumps the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates: [@pnpm/lockfile-file](https://github.com/pnpm/pnpm) and [@pnpm/dependency-path](https://github.com/pnpm/pnpm).


Updates `@pnpm/lockfile-file` from 8.1.6 to 9.0.0
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Commits](https://github.com/pnpm/pnpm/commits)

Updates `@pnpm/dependency-path` from 2.1.7 to 3.0.0
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Commits](https://github.com/pnpm/pnpm/commits/v3.0.0)

---
updated-dependencies:
- dependency-name: "@pnpm/lockfile-file"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pnpm-dependencies
- dependency-name: "@pnpm/dependency-path"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pnpm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn/helpers/pnpm-dependencies-7e200d5c0c branch from 7e289d0 to 645c8f7 Compare April 19, 2024 19:43
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 22, 2024

Superseded by #9562.

@dependabot dependabot bot closed this Apr 22, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn/helpers/pnpm-dependencies-7e200d5c0c branch April 22, 2024 14:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies javascript Dependabot pull requests that update Javascript code L: javascript
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants