chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/setup-node	action	minor	v3.5.1 -> v3.6.0
pnpm (source)	packageManager	minor	7.17.1 -> 7.25.1
vitest	devDependencies	minor	^0.25.0 -> ^0.28.0

---

Release Notes

actions/setup-node

v3.6.0: Add Support for Nightly, Canary and RC builds for Node.js

Compare Source

In scope of this release we added support to download nightly, rc (https://github.com/actions/setup-node/pull/611) and canary (https://github.com/actions/setup-node/pull/619) Node.js distributions.

For nightly versions:

jobs:
  build:
    runs-on: ubuntu-latest
    name: Node sample
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: '16-nightly'
      - run: npm ci
      - run: npm test

For canary versions:

jobs:
  build:
    runs-on: ubuntu-latest
    name: Node sample
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: '16-v8-canary’
      - run: npm ci
      - run: npm test

For rc versions:

jobs:
  build:
    runs-on: ubuntu-latest
    name: Node sample
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: '16.0.0-rc.1’
      - run: npm ci
      - run: npm test

Note: For more examples please refer to documentation.

Besides, we added the following changes as:

• Updated minimatch: https://github.com/actions/setup-node/pull/608
• Fixed extra newline character in version output when reading from a file: https://github.com/actions/setup-node/pull/625
• Passed the token input through on GHES: https://github.com/actions/setup-node/pull/595
• Fixed issue with scoped registries are duplicated in npmrc: https://github.com/actions/setup-node/pull/637

pnpm/pnpm

v7.25.1

Compare Source

Patch Changes

• Show dependency paths info in pnpm audit output #​3073
• The store integrity check should validate the side effects cache of the installed package. If the side effects cache is broken, the package needs to be rebuilt #​4997.
• Add more info to the description of the --force option in the pnpm install command #​5932.
• Don't crash when a bin file is not found and prefer-symlinked-executables is true #​5946.
• pnpm install --fix-lockfile should not fail if the package has no dependencies #​5878.

Our Gold Sponsors

Our Silver Sponsors

v7.25.0

Compare Source

Minor Changes

• When patching a dependency that is already patched, the existing patch is applied to the dependency, so that the new edit are applied on top of the existing ones. To ignore the existing patches, run the patch command with the --ignore-existing option #​5632.
• When extend-node-path is set to false, the NODE_PATH environment variable is not set in the command shims #​5910

Patch Changes

• Ensure the permission of bin file when prefer-symlinked-executables is set to true #​5913.
• If an external tool or a user have removed a package from node_modules, pnpm should add it back on install. This was only an issue with node-linker=hoisted.

Our Gold Sponsors

Our Silver Sponsors

v7.24.3

Compare Source

Patch Changes

• Don't break lockfile v6 on repeat install if use-lockfile-v6 is not set to true.

Our Gold Sponsors

Our Silver Sponsors

v7.24.2

Compare Source

Minor Changes

• Added support for pnpm-lock.yaml format v6. This new format will be the new lockfile format in pnpm v8. To use the new lockfile format, use the use-lockfile-v6=true setting in .npmrc. Or run pnpm install --use-lockfile-v6 #​5810.

Patch Changes

• pnpm run should fail if the path to the project contains colon(s).

• pnpm config set key=value should work the same as pnpm config set key value #​5889.

• The upload of built artifacts (side effects) should not fail when node-linker is set to hoisted and installation runs on a project that already had a node_modules directory #​5823.

  This fixes a bug introduced by #​5814.

• pnpm exec should work when the path to the project contains colon(s) #​5846.

• Git-hosted dependencies should not be built, when ignore-scripts is set to true #​5876.

Our Gold Sponsors

Our Silver Sponsors

v7.24.1

Compare Source

v7.24.0

Compare Source

v7.23.0

Compare Source

Minor Changes

• When the resolve-peers-from-workspace-root setting is set to true, pnpm will use dependencies installed in the root of the workspace to resolve peer dependencies in any of the workspace's projects #​5882.

Patch Changes

• The help of the run command should list the --resume-from option.
• Should display --include-workspace-root option on recursive command's help info.

Our Gold Sponsors

Our Silver Sponsors

v7.22.0

Compare Source

Minor Changes

• The pnpm list and pnpm why commands will now look through transitive dependencies of workspace: packages. A new --only-projects flag is available to only print workspace: packages.
• pnpm exec and pnpm run command support --resume-from option. When used, the command will executed from given package #​4690.
• Expose the npm_command environment variable to lifecycle hooks & scripts.

Patch Changes

• Fix a situation where pnpm list and pnpm why may not respect the --depth argument.
• Report to the console when a git-hosted dependency is built #​5847.
• Throw an accurate error message when trying to install a package that has no versions, or all of its versions are unpublished #​5849.
• replace dependency is-ci by ci-info (is-ci is just a simple wrapper around ci-info).
• Only run prepublish scripts of git-hosted dependencies, if the dependency doesn't have a main file. In this case we can assume that the dependencies has to be built.
• Print more contextual information when a git-hosted package fails to be prepared for installation #​5847.

Our Gold Sponsors

Our Silver Sponsors

v7.21.0

Compare Source

Minor Changes

• The pnpm dlx command supports the --shell-mode (or -c) option. When used, the script is executed by a shell #​5679.

Patch Changes

• The config command should work with the --location=global CLI option #​5841.
• Only the pnpm add --global <pkg> command should fail if there is no global pnpm bin directory in the system PATH #​5841.

Our Gold Sponsors

Our Silver Sponsors

v7.20.0

Compare Source

Minor Changes

• pnpm gets its own implementation of the following commands:

  • pnpm config get
  • pnpm config set
  • pnpm config delete
  • pnpm config list

  In previous versions these commands were passing through to npm CLI.

  PR: #​5829
  Related issue: #​5621

• Add show alias to pnpm view #​5835.

• pnpm reads settings from its own global configuration file at $XDG_CONFIG_HOME/pnpm/rc #​5829.

• Add the 'description'-field to the licenses output #​5836.

Patch Changes

• pnpm rebuild should not fail if node_modules was created by pnpm version 7.18 or older #​5815.
• pnpm env should print help.
• Run the prepublish scripts of packages installed from Git #​5826.
• pnpm rebuild should print a better error message when a hoisted dependency is not found #​5815.

Our Gold Sponsors

Our Silver Sponsors

v7.19.0

Compare Source

Minor Changes

• New setting supported in the package.json that is in the root of the workspace: pnpm.requiredScripts. Scripts listed in this array will be required in each project of the worksapce. Otherwise, pnpm -r run <script name> will fail #​5569.
• When the hoisted node linker is used, preserve node_modules directories when linking new dependencies. This improves performance, when installing in a project that already has a node_modules directory #​5795.
• When the hoisted node linker is used, pnpm should not build the same package multiple times during installation. If a package is present at multipe locations because hoisting could not hoist them to a single directory, then the package should only built in one of the locations and copied to the rest #​5814.

Patch Changes

• pnpm rebuild should work in projects that use the hoisted node linker #​5560.
• pnpm patch should print instructions about how to commit the changes #​5809.
• Allow the -S flag in command shims pnpm/cmd-shim#​42.
• Don't relink injected directories if they were not built #​5792.

Our Gold Sponsors

Our Silver Sponsors

v7.18.2

Compare Source

Patch Changes

• Added --json to the pnpm publish --help output #​5773.
• pnpm update should not replace workspace:*, workspace:~, and workspace:^ with workspace:<version> #​5764.
• The fatal error should be printed in JSON format, when running a pnpm command with the --json option #​5710.
• Throw an error while missing script start or file server.js #​5782.
• pnpm license list should not fail if a license file is an executable #​5740.

Our Gold Sponsors

Our Silver Sponsors

v7.18.1

Compare Source

Patch Changes

• The update notifier should suggest using the standalone script, when pnpm was installed using a standalone script #​5750.
• Vulnerabilities that don't have CVEs codes should not be skipped by pnpm audit if an ignoreCves list is declared in package.json #​5756.
• It should be possible to use overrides with absolute file paths #​5754.
• pnpm audit --json should ignore vulnerabilities listed in auditConfig.ignoreCves #​5734.
• pnpm licenses should print help, not just an error message #​5745.

Our Gold Sponsors

Our Silver Sponsors

v7.18.0

Compare Source

Minor Changes

• Overrides may be defined as a reference to a spec for a direct dependency by prefixing the name of the package you wish the version to match with a `# pnpm.

  {
    "dependencies": {
      "foo": "^1.0.0"
    },
    "overrides": {
      // the override is defined as a reference to the dependency
      "foo": "$foo",
      // the referenced package does not need to match the overridden one
      "bar": "$foo"
    }
  }

  Issue: #​5703

Patch Changes

• pnpm audit should work when the project's package.json has no version field #​5728
• Dependencies specified via * should be updated to semver ranges by pnpm update #​5681.
• It should be possible to override a dependency with a local package using relative path from the workspace root directory #​5493.
• Exit with non-zero exit code when child process exits with a non-zero exit clode #​5525.
• pnpm add should prefer local projects from the workspace, even if they use prerelease versions #​5316

Our Gold Sponsors

Configuration 📅 Schedule: Branch creation - "after 6pm on sunday" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired. If you want to rebase/retry this PR, check this box This PR has been generated by Mend Renovate. View repository job log here.