diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index eefc0526b59..d81d248e154 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout Commit - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install pnpm uses: pnpm/action-setup@v4.1.0 with: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4c4a37aaf7a..ea119b90441 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,7 +37,7 @@ jobs: git config --global user.name "xyz" git config --global user.email "x@y.z" - name: Checkout Commit - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install pnpm uses: pnpm/action-setup@v4.1.0 with: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6b1b186ba49..af39172d6e7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bedf88214b4..f09addd2a26 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: environment: release steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install ldid run: | sudo apt-get update diff --git a/.github/workflows/update-latest.yml b/.github/workflows/update-latest.yml index 36994bce2e6..668874b1c92 100644 --- a/.github/workflows/update-latest.yml +++ b/.github/workflows/update-latest.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 - name: Update tag env: "npm_config_//registry.npmjs.org/:_authToken": ${{ secrets.NPM_TOKEN }} diff --git a/.meta-updater/CHANGELOG.md b/.meta-updater/CHANGELOG.md index c33f894dbdc..ac67f3fb8f3 100644 --- a/.meta-updater/CHANGELOG.md +++ b/.meta-updater/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm-private/updater +## 1000.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/workspace.read-manifest@1000.2.3 + ## 3.0.19 ### Patch Changes diff --git a/.meta-updater/package.json b/.meta-updater/package.json index 77920cca79c..01dcb4467ac 100644 --- a/.meta-updater/package.json +++ b/.meta-updater/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm-private/updater", - "version": "1000.0.0", + "version": "1000.0.1", "private": true, "type": "module", "scripts": { diff --git a/__utils__/assert-project/CHANGELOG.md b/__utils__/assert-project/CHANGELOG.md index fb4d4bccc7c..3eee5ac7271 100644 --- a/__utils__/assert-project/CHANGELOG.md +++ b/__utils__/assert-project/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/assert-project +## 1000.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/assert-store@1000.0.1 + ## 4.0.16 ### Patch Changes diff --git a/__utils__/assert-project/package.json b/__utils__/assert-project/package.json index 3788bfe74ae..2dd59dd6fec 100644 --- a/__utils__/assert-project/package.json +++ b/__utils__/assert-project/package.json @@ -1,7 +1,7 @@ { "name": "@pnpm/assert-project", "description": "Utils for testing projects that use pnpm", - "version": "1000.0.0", + "version": "1000.0.1", "author": { "name": "Zoltan Kochan", "email": "z@kochan.io", diff --git a/__utils__/assert-store/CHANGELOG.md b/__utils__/assert-store/CHANGELOG.md index ca91c5ae7cf..c780fd25546 100644 --- a/__utils__/assert-store/CHANGELOG.md +++ b/__utils__/assert-store/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/assert-store +## 1000.0.1 + +### Patch Changes + +- @pnpm/store.cafs@1000.0.17 + ## 2.0.16 ### Patch Changes diff --git a/__utils__/assert-store/package.json b/__utils__/assert-store/package.json index 3031e3869c0..0a11f8a80e7 100644 --- a/__utils__/assert-store/package.json +++ b/__utils__/assert-store/package.json @@ -1,7 +1,7 @@ { "name": "@pnpm/assert-store", "description": "Utils for testing pnpm store", - "version": "1000.0.0", + "version": "1000.0.1", "bugs": { "url": "https://github.com/pnpm/pnpm/issues" }, diff --git a/__utils__/jest-config/CHANGELOG.md b/__utils__/jest-config/CHANGELOG.md index c8a32f26764..9687d612ca5 100644 --- a/__utils__/jest-config/CHANGELOG.md +++ b/__utils__/jest-config/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/jest-config +## 1000.0.1 + +### Patch Changes + +- @pnpm/worker@1000.1.12 + ## 1.0.22 ### Patch Changes diff --git a/__utils__/jest-config/package.json b/__utils__/jest-config/package.json index 3a63f9b2695..3bcfbd6de78 100644 --- a/__utils__/jest-config/package.json +++ b/__utils__/jest-config/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/jest-config", - "version": "1000.0.0", + "version": "1000.0.1", "private": true, "main": "jest-preset.js", "dependencies": { diff --git a/__utils__/prepare/CHANGELOG.md b/__utils__/prepare/CHANGELOG.md index a99900e4135..e242fc42b1c 100644 --- a/__utils__/prepare/CHANGELOG.md +++ b/__utils__/prepare/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/prepare +## 1000.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/assert-project@1000.0.1 + ## 0.0.123 ### Patch Changes diff --git a/__utils__/prepare/package.json b/__utils__/prepare/package.json index 32fd06f32b6..890599825f0 100644 --- a/__utils__/prepare/package.json +++ b/__utils__/prepare/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/prepare", - "version": "1000.0.0", + "version": "1000.0.1", "main": "lib/index.js", "types": "lib/index.d.ts", "dependencies": { diff --git a/cache/api/CHANGELOG.md b/cache/api/CHANGELOG.md index 445ec372d44..b864a6d874a 100644 --- a/cache/api/CHANGELOG.md +++ b/cache/api/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/cache.api +## 1000.0.29 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/config@1004.3.0 + - @pnpm/store.cafs@1000.0.17 + ## 1000.0.28 ### Patch Changes diff --git a/cache/api/package.json b/cache/api/package.json index db3a59ad73c..156a13d5631 100644 --- a/cache/api/package.json +++ b/cache/api/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cache.api", - "version": "1000.0.28", + "version": "1000.0.29", "description": "API for controlling the cache", "keywords": [ "pnpm", diff --git a/cache/commands/CHANGELOG.md b/cache/commands/CHANGELOG.md index ee47327c4d0..450d4d3fb81 100644 --- a/cache/commands/CHANGELOG.md +++ b/cache/commands/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/cache.commands +## 1000.0.35 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/cache.api@1000.0.29 + ## 1000.0.34 ### Patch Changes diff --git a/cache/commands/package.json b/cache/commands/package.json index 2d9777da82a..56621101d36 100644 --- a/cache/commands/package.json +++ b/cache/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cache.commands", - "version": "1000.0.34", + "version": "1000.0.35", "description": "Commands for controlling the cache", "keywords": [ "pnpm", diff --git a/cli/cli-meta/CHANGELOG.md b/cli/cli-meta/CHANGELOG.md index f175ff56c16..fb598d2507a 100644 --- a/cli/cli-meta/CHANGELOG.md +++ b/cli/cli-meta/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/cli-meta +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/cli/cli-meta/package.json b/cli/cli-meta/package.json index f3ef6c773ce..498a6b4e0aa 100644 --- a/cli/cli-meta/package.json +++ b/cli/cli-meta/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cli-meta", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Reads the metainfo of the currently running pnpm instance", "keywords": [ "pnpm", diff --git a/cli/cli-utils/CHANGELOG.md b/cli/cli-utils/CHANGELOG.md index b7f7240a929..156389545c7 100644 --- a/cli/cli-utils/CHANGELOG.md +++ b/cli/cli-utils/CHANGELOG.md @@ -1,5 +1,27 @@ # @pnpm/cli-utils +## 1001.2.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/pnpmfile@1002.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/config.deps-installer@1000.0.12 + - @pnpm/default-reporter@1002.0.6 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/read-project-manifest@1001.1.1 + ## 1001.1.2 ### Patch Changes diff --git a/cli/cli-utils/package.json b/cli/cli-utils/package.json index 1e3624ca5d1..d075c75f629 100644 --- a/cli/cli-utils/package.json +++ b/cli/cli-utils/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cli-utils", - "version": "1001.1.2", + "version": "1001.2.0", "description": "Utils for pnpm commands", "keywords": [ "pnpm", diff --git a/cli/cli-utils/src/getConfig.ts b/cli/cli-utils/src/getConfig.ts index ae9d28199c0..66b2a6c277c 100644 --- a/cli/cli-utils/src/getConfig.ts +++ b/cli/cli-utils/src/getConfig.ts @@ -43,12 +43,13 @@ export async function getConfig ( const configModulesDir = path.join(config.lockfileDir ?? config.rootProjectManifestDir, 'node_modules/.pnpm-config') pnpmfiles.unshift(...calcPnpmfilePathsOfPluginDeps(configModulesDir, config.configDependencies)) } - const { hooks, resolvedPnpmfilePaths } = requireHooks(config.lockfileDir ?? config.dir, { + const { hooks, finders, resolvedPnpmfilePaths } = requireHooks(config.lockfileDir ?? config.dir, { globalPnpmfile: config.globalPnpmfile, pnpmfiles, tryLoadDefaultPnpmfile: config.tryLoadDefaultPnpmfile, }) config.hooks = hooks + config.finders = finders config.pnpmfile = resolvedPnpmfilePaths if (config.hooks?.updateConfig) { for (const updateConfig of config.hooks.updateConfig) { diff --git a/cli/default-reporter/CHANGELOG.md b/cli/default-reporter/CHANGELOG.md index b1e395d0c3d..76854500f1b 100644 --- a/cli/default-reporter/CHANGELOG.md +++ b/cli/default-reporter/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/default-reporter +## 1002.0.6 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/render-peer-issues@1002.0.3 + ## 1002.0.5 ### Patch Changes diff --git a/cli/default-reporter/package.json b/cli/default-reporter/package.json index c5a5d469f67..7aa722f6fcb 100644 --- a/cli/default-reporter/package.json +++ b/cli/default-reporter/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/default-reporter", - "version": "1002.0.5", + "version": "1002.0.6", "description": "The default reporter of pnpm", "keywords": [ "pnpm", diff --git a/cli/parse-cli-args/CHANGELOG.md b/cli/parse-cli-args/CHANGELOG.md index e42a45e8a38..6040d38d897 100644 --- a/cli/parse-cli-args/CHANGELOG.md +++ b/cli/parse-cli-args/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/parse-cli-args +## 1000.1.3 + +### Patch Changes + +- 7e89138: Fix deprecation warning printed when executing pnpm with Node.js 24 [#9529](https://github.com/pnpm/pnpm/issues/9529). + ## 1000.1.2 ### Patch Changes diff --git a/cli/parse-cli-args/package.json b/cli/parse-cli-args/package.json index bc164291f62..812033a2bd3 100644 --- a/cli/parse-cli-args/package.json +++ b/cli/parse-cli-args/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/parse-cli-args", - "version": "1000.1.2", + "version": "1000.1.3", "description": "Parses the CLI args passed to pnpm", "keywords": [ "pnpm", diff --git a/completion/plugin-commands-completion/CHANGELOG.md b/completion/plugin-commands-completion/CHANGELOG.md index 42e5da63e76..e6cd6f4b6d8 100644 --- a/completion/plugin-commands-completion/CHANGELOG.md +++ b/completion/plugin-commands-completion/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/plugin-commands-completion +## 1000.0.32 + +### Patch Changes + +- 7e89138: Fix deprecation warning printed when executing pnpm with Node.js 24 [#9529](https://github.com/pnpm/pnpm/issues/9529). +- Updated dependencies [7e89138] +- Updated dependencies [e792927] + - @pnpm/parse-cli-args@1000.1.3 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/workspace.find-packages@1000.0.35 + - @pnpm/workspace.read-manifest@1000.2.3 + ## 1000.0.31 ### Patch Changes diff --git a/completion/plugin-commands-completion/package.json b/completion/plugin-commands-completion/package.json index 46cf91bb609..a9ad785ee4e 100644 --- a/completion/plugin-commands-completion/package.json +++ b/completion/plugin-commands-completion/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-completion", - "version": "1000.0.31", + "version": "1000.0.32", "description": "Commands for shell completions", "keywords": [ "pnpm", diff --git a/config/config-writer/CHANGELOG.md b/config/config-writer/CHANGELOG.md index 1a570740334..ff4421ac0ac 100644 --- a/config/config-writer/CHANGELOG.md +++ b/config/config-writer/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/config.config-writer +## 1000.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/workspace.manifest-writer@1001.0.1 + ## 1000.0.10 ### Patch Changes diff --git a/config/config-writer/package.json b/config/config-writer/package.json index 0c41193e377..57a5f7fb47f 100644 --- a/config/config-writer/package.json +++ b/config/config-writer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.config-writer", - "version": "1000.0.10", + "version": "1000.0.11", "description": "Functions for updating the configuration settings", "keywords": [ "pnpm", diff --git a/config/config/CHANGELOG.md b/config/config/CHANGELOG.md index 5ee13d6dbfe..ae5310b4355 100644 --- a/config/config/CHANGELOG.md +++ b/config/config/CHANGELOG.md @@ -1,5 +1,33 @@ # @pnpm/config +## 1004.3.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/pnpmfile@1002.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/workspace.read-manifest@1000.2.3 + - @pnpm/catalogs.config@1000.0.4 + ## 1004.2.1 ### Patch Changes diff --git a/config/config/package.json b/config/config/package.json index 0efe5757b5d..566ba5899f4 100644 --- a/config/config/package.json +++ b/config/config/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config", - "version": "1004.2.1", + "version": "1004.3.0", "description": "Gets configuration options for pnpm", "keywords": [ "pnpm", diff --git a/config/config/src/Config.ts b/config/config/src/Config.ts index c25eeaa1d4d..330fcc0267d 100644 --- a/config/config/src/Config.ts +++ b/config/config/src/Config.ts @@ -1,5 +1,6 @@ import type { Catalogs } from '@pnpm/catalogs.types' import { + type Finder, type Project, type ProjectManifest, type ProjectsGraph, @@ -141,6 +142,7 @@ export interface Config extends OptionsFromRootManifest { pnpmfile: string[] | string tryLoadDefaultPnpmfile?: boolean hooks?: Hooks + finders?: Record packageImportMethod?: 'auto' | 'hardlink' | 'copy' | 'clone' | 'clone-or-copy' hoistPattern?: string[] publicHoistPattern?: string[] | string @@ -227,6 +229,8 @@ export interface Config extends OptionsFromRootManifest { dangerouslyAllowAllBuilds: boolean ci: boolean preserveAbsolutePaths?: boolean + minimumReleaseAge?: number + minimumReleaseAgeExclude?: string[] } export interface ConfigWithDeprecatedSettings extends Config { diff --git a/config/config/src/types.ts b/config/config/src/types.ts index 6c90dd73cce..be23d954277 100644 --- a/config/config/src/types.ts +++ b/config/config/src/types.ts @@ -63,6 +63,8 @@ export const types = Object.assign({ maxsockets: Number, 'modules-cache-max-age': Number, 'dlx-cache-max-age': Number, + 'minimum-release-age': Number, + 'minimum-release-age-exclude': [String, Array], 'modules-dir': String, 'network-concurrency': Number, 'node-linker': ['pnp', 'isolated', 'hoisted'], diff --git a/config/deps-installer/CHANGELOG.md b/config/deps-installer/CHANGELOG.md index 636aef2b97c..ed18b12915d 100644 --- a/config/deps-installer/CHANGELOG.md +++ b/config/deps-installer/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/config.deps-installer +## 1000.0.12 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + - @pnpm/config.config-writer@1000.0.11 + - @pnpm/pick-registry-for-package@1000.0.10 + - @pnpm/fetch@1000.2.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/package-store@1002.0.10 + ## 1000.0.11 ### Patch Changes diff --git a/config/deps-installer/package.json b/config/deps-installer/package.json index 4df3cd2edea..f210c734c5f 100644 --- a/config/deps-installer/package.json +++ b/config/deps-installer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.deps-installer", - "version": "1000.0.11", + "version": "1000.0.12", "description": "Installer for configurational dependencies", "keywords": [ "pnpm", diff --git a/config/normalize-registries/CHANGELOG.md b/config/normalize-registries/CHANGELOG.md index 9d0cdf22384..446a199d886 100644 --- a/config/normalize-registries/CHANGELOG.md +++ b/config/normalize-registries/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/normalize-registries +## 1000.1.3 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.1.2 ### Patch Changes diff --git a/config/normalize-registries/package.json b/config/normalize-registries/package.json index 908ed6de103..c16bd8567ed 100644 --- a/config/normalize-registries/package.json +++ b/config/normalize-registries/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/normalize-registries", - "version": "1000.1.2", + "version": "1000.1.3", "description": "Accepts a mapping of registry URLs and returns a mapping with the same URLs but normalized", "keywords": [ "pnpm", diff --git a/config/package-is-installable/CHANGELOG.md b/config/package-is-installable/CHANGELOG.md index 52668d1b7a6..39aa0d78933 100644 --- a/config/package-is-installable/CHANGELOG.md +++ b/config/package-is-installable/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/package-is-installable +## 1000.0.13 + +### Patch Changes + +- df8d57f: Throw an error if `nodeVersion` is not set to an exact semver version [#9934](https://github.com/pnpm/pnpm/issues/9934). +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/env.system-node-version@1000.0.10 + ## 1000.0.12 ### Patch Changes diff --git a/config/package-is-installable/package.json b/config/package-is-installable/package.json index 555446481f3..739438d2ef6 100644 --- a/config/package-is-installable/package.json +++ b/config/package-is-installable/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/package-is-installable", - "version": "1000.0.12", + "version": "1000.0.13", "description": "Checks if a package is installable on the current system", "keywords": [ "pnpm", diff --git a/config/package-is-installable/src/checkEngine.ts b/config/package-is-installable/src/checkEngine.ts index 877254cf4f8..42dbf884ec5 100644 --- a/config/package-is-installable/src/checkEngine.ts +++ b/config/package-is-installable/src/checkEngine.ts @@ -22,6 +22,9 @@ export function checkEngine ( if (!wantedEngine) return null const unsatisfiedWanted: WantedEngine = {} if (wantedEngine.node && !semver.satisfies(currentEngine.node, wantedEngine.node, { includePrerelease: true })) { + if (!semver.valid(currentEngine.node)) { + throw new PnpmError('INVALID_NODE_VERSION', `The nodeVersion setting is "${currentEngine.node}", which is not exact semver version`) + } unsatisfiedWanted.node = wantedEngine.node } if (currentEngine.pnpm && wantedEngine.pnpm && !semver.satisfies(currentEngine.pnpm, wantedEngine.pnpm, { includePrerelease: true })) { diff --git a/config/package-is-installable/test/checkEngine.ts b/config/package-is-installable/test/checkEngine.ts index 5195cd69637..fb6c05f98cc 100644 --- a/config/package-is-installable/test/checkEngine.ts +++ b/config/package-is-installable/test/checkEngine.ts @@ -16,6 +16,10 @@ test('node version too old', () => { expect(err?.wanted.node).toBe('0.10.24') }) +test('node range passed in instead of version', () => { + expect(() => checkEngine(packageId, { node: '21.0.0' }, { node: '>=20.0.0' })).toThrow('The nodeVersion setting is') +}) + test('pnpm version too old', () => { const err = checkEngine(packageId, { pnpm: '^1.4.6' }, { pnpm: '1.3.2', node: '0.2.1' }) expect(err).toBeTruthy() diff --git a/config/pick-registry-for-package/CHANGELOG.md b/config/pick-registry-for-package/CHANGELOG.md index 7b05f287033..7fecbfab681 100644 --- a/config/pick-registry-for-package/CHANGELOG.md +++ b/config/pick-registry-for-package/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/pick-registry-for-package +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/config/pick-registry-for-package/package.json b/config/pick-registry-for-package/package.json index 4439cf6fb9c..018c0df4ff1 100644 --- a/config/pick-registry-for-package/package.json +++ b/config/pick-registry-for-package/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/pick-registry-for-package", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Picks the right registry for the package from a registries config", "keywords": [ "pnpm", diff --git a/config/plugin-commands-config/CHANGELOG.md b/config/plugin-commands-config/CHANGELOG.md index be1c76e6662..27461d5548c 100644 --- a/config/plugin-commands-config/CHANGELOG.md +++ b/config/plugin-commands-config/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/plugin-commands-config +## 1000.2.2 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/workspace.manifest-writer@1001.0.1 + ## 1000.2.1 ### Patch Changes diff --git a/config/plugin-commands-config/package.json b/config/plugin-commands-config/package.json index 5121ffd4a59..9139c29046d 100644 --- a/config/plugin-commands-config/package.json +++ b/config/plugin-commands-config/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-config", - "version": "1000.2.1", + "version": "1000.2.2", "description": "Commands for reading and writing settings to/from config files", "keywords": [ "pnpm", diff --git a/dedupe/check/CHANGELOG.md b/dedupe/check/CHANGELOG.md index 7f9e3d34a1d..3c2d4904c5e 100644 --- a/dedupe/check/CHANGELOG.md +++ b/dedupe/check/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/dedupe.check +## 1001.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + ## 1001.0.10 ### Patch Changes diff --git a/dedupe/check/package.json b/dedupe/check/package.json index 2714d8f0bc2..597db4b3324 100644 --- a/dedupe/check/package.json +++ b/dedupe/check/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/dedupe.check", - "version": "1001.0.10", + "version": "1001.0.11", "description": "Visualize pnpm dedupe --check issues.", "keywords": [ "pnpm", diff --git a/deps/graph-builder/CHANGELOG.md b/deps/graph-builder/CHANGELOG.md index 2d69b618e07..4d0f89fc8fe 100644 --- a/deps/graph-builder/CHANGELOG.md +++ b/deps/graph-builder/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/deps.graph-builder +## 1002.2.4 + +### Patch Changes + +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/patching.config@1001.0.8 + ## 1002.2.3 ### Patch Changes diff --git a/deps/graph-builder/package.json b/deps/graph-builder/package.json index 082889a8a0c..f39483d6bf9 100644 --- a/deps/graph-builder/package.json +++ b/deps/graph-builder/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.graph-builder", - "version": "1002.2.3", + "version": "1002.2.4", "description": "A package for building a dependency graph from a lockfile", "keywords": [ "pnpm", diff --git a/deps/status/CHANGELOG.md b/deps/status/CHANGELOG.md index 4390b9a4e74..0c801693a0a 100644 --- a/deps/status/CHANGELOG.md +++ b/deps/status/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/deps.status +## 1003.0.7 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.verification@1001.2.6 + - @pnpm/workspace.state@1002.0.3 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/get-context@1001.1.5 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/workspace.find-packages@1000.0.35 + - @pnpm/workspace.read-manifest@1000.2.3 + - @pnpm/lockfile.settings-checker@1001.0.13 + ## 1003.0.6 ### Patch Changes diff --git a/deps/status/package.json b/deps/status/package.json index 4862daff30e..7c52d43b2f1 100644 --- a/deps/status/package.json +++ b/deps/status/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.status", - "version": "1003.0.6", + "version": "1003.0.7", "description": "Check dependencies status", "keywords": [ "pnpm", diff --git a/env/node.fetcher/CHANGELOG.md b/env/node.fetcher/CHANGELOG.md index 69b679b3295..a7c81eb9fa3 100644 --- a/env/node.fetcher/CHANGELOG.md +++ b/env/node.fetcher/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/node.fetcher +## 1001.0.3 + +### Patch Changes + +- @pnpm/node.resolver@1001.0.1 +- @pnpm/tarball-fetcher@1001.0.14 +- @pnpm/create-cafs-store@1000.0.18 +- @pnpm/fetching.binary-fetcher@1000.0.2 + ## 1001.0.2 ### Patch Changes diff --git a/env/node.fetcher/package.json b/env/node.fetcher/package.json index 1d2830057e6..bde52bc7957 100644 --- a/env/node.fetcher/package.json +++ b/env/node.fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/node.fetcher", - "version": "1001.0.2", + "version": "1001.0.3", "description": "Node.js artifacts fetcher", "keywords": [ "pnpm", diff --git a/env/node.resolver/CHANGELOG.md b/env/node.resolver/CHANGELOG.md index b11825bceac..72aa76f3413 100644 --- a/env/node.resolver/CHANGELOG.md +++ b/env/node.resolver/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/node.resolver +## 1001.0.1 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/resolver-base@1005.0.1 + ## 1001.0.0 ### Major Changes diff --git a/env/node.resolver/package.json b/env/node.resolver/package.json index eaba66aebeb..c9a707b8a1a 100644 --- a/env/node.resolver/package.json +++ b/env/node.resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/node.resolver", - "version": "1001.0.0", + "version": "1001.0.1", "description": "Resolves a Node.js version specifier to an exact Node.js version", "keywords": [ "pnpm", diff --git a/env/plugin-commands-env/CHANGELOG.md b/env/plugin-commands-env/CHANGELOG.md index ee9b6b5f798..988f01aa6b9 100644 --- a/env/plugin-commands-env/CHANGELOG.md +++ b/env/plugin-commands-env/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/plugin-commands-env +## 1000.0.36 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/remove-bins@1000.0.13 + - @pnpm/node.resolver@1001.0.1 + - @pnpm/fetch@1000.2.5 + - @pnpm/node.fetcher@1001.0.3 + - @pnpm/env.system-node-version@1000.0.10 + ## 1000.0.35 ### Patch Changes diff --git a/env/plugin-commands-env/package.json b/env/plugin-commands-env/package.json index 25659bb2083..42620195897 100644 --- a/env/plugin-commands-env/package.json +++ b/env/plugin-commands-env/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-env", - "version": "1000.0.35", + "version": "1000.0.36", "description": "pnpm commands for managing Node.js", "keywords": [ "pnpm", diff --git a/env/system-node-version/CHANGELOG.md b/env/system-node-version/CHANGELOG.md index 853aa514367..00c961c9e29 100644 --- a/env/system-node-version/CHANGELOG.md +++ b/env/system-node-version/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/env.system-node-version +## 1000.0.10 + +### Patch Changes + +- @pnpm/cli-meta@1000.0.10 + ## 1000.0.9 ### Patch Changes diff --git a/env/system-node-version/package.json b/env/system-node-version/package.json index 08c37d4bd22..4551cc95a2a 100644 --- a/env/system-node-version/package.json +++ b/env/system-node-version/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/env.system-node-version", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Detects the current system node version", "keywords": [ "pnpm", diff --git a/exec/build-commands/CHANGELOG.md b/exec/build-commands/CHANGELOG.md index 894217ec524..21519971248 100644 --- a/exec/build-commands/CHANGELOG.md +++ b/exec/build-commands/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/exec.build-commands +## 1001.0.25 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/plugin-commands-rebuild@1002.0.25 + - @pnpm/config.config-writer@1000.0.11 + - @pnpm/modules-yaml@1000.3.5 + ## 1001.0.24 ### Patch Changes diff --git a/exec/build-commands/package.json b/exec/build-commands/package.json index 915d54d61a1..f3ca1049808 100644 --- a/exec/build-commands/package.json +++ b/exec/build-commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exec.build-commands", - "version": "1001.0.24", + "version": "1001.0.25", "description": "Commands for managing dependency builds", "keywords": [ "pnpm", diff --git a/exec/build-modules/CHANGELOG.md b/exec/build-modules/CHANGELOG.md index 7ce523ca91d..c6f68a73632 100644 --- a/exec/build-modules/CHANGELOG.md +++ b/exec/build-modules/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/build-modules +## 1000.3.14 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/link-bins@1000.2.2 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/fs.hard-link-dir@1000.0.1 + - @pnpm/patching.apply-patch@1000.0.6 + ## 1000.3.13 ### Patch Changes diff --git a/exec/build-modules/package.json b/exec/build-modules/package.json index ef8a3963655..f98907eb116 100644 --- a/exec/build-modules/package.json +++ b/exec/build-modules/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/build-modules", - "version": "1000.3.13", + "version": "1000.3.14", "description": "Build packages in node_modules", "keywords": [ "pnpm", diff --git a/exec/lifecycle/CHANGELOG.md b/exec/lifecycle/CHANGELOG.md index a4bf1d121fc..50d414aa20c 100644 --- a/exec/lifecycle/CHANGELOG.md +++ b/exec/lifecycle/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/lifecycle +## 1001.0.21 + +### Patch Changes + +- a6856fd: Canceling a running process with Ctrl-C should make `pnpm run` return a non-zero exit code [#9626](https://github.com/pnpm/pnpm/issues/9626). +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/link-bins@1000.2.2 + - @pnpm/directory-fetcher@1000.1.11 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/store-controller-types@1004.0.2 + ## 1001.0.20 ### Patch Changes diff --git a/exec/lifecycle/package.json b/exec/lifecycle/package.json index 5518d5fe7bc..5912badc555 100644 --- a/exec/lifecycle/package.json +++ b/exec/lifecycle/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lifecycle", - "version": "1001.0.20", + "version": "1001.0.21", "description": "Package lifecycle hook runner", "keywords": [ "pnpm", diff --git a/exec/pkg-requires-build/CHANGELOG.md b/exec/pkg-requires-build/CHANGELOG.md index caa8f38066a..23148135dd7 100644 --- a/exec/pkg-requires-build/CHANGELOG.md +++ b/exec/pkg-requires-build/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/exec.pkg-requires-build +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/exec/pkg-requires-build/package.json b/exec/pkg-requires-build/package.json index e7916ee8f8a..0ee221dbedc 100644 --- a/exec/pkg-requires-build/package.json +++ b/exec/pkg-requires-build/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exec.pkg-requires-build", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Checks if a package requires to be built", "keywords": [ "pnpm", diff --git a/exec/plugin-commands-rebuild/CHANGELOG.md b/exec/plugin-commands-rebuild/CHANGELOG.md index cf00c77c151..1ac9e59d3b2 100644 --- a/exec/plugin-commands-rebuild/CHANGELOG.md +++ b/exec/plugin-commands-rebuild/CHANGELOG.md @@ -1,5 +1,36 @@ # @pnpm/plugin-commands-rebuild +## 1002.0.25 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/link-bins@1000.2.2 + - @pnpm/normalize-registries@1000.1.3 + - @pnpm/exec.pkg-requires-build@1000.0.10 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/lockfile.walker@1001.0.14 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/get-context@1001.1.5 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/store.cafs@1000.0.17 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/workspace.find-packages@1000.0.35 + - @pnpm/sort-packages@1000.0.10 + ## 1002.0.24 ### Patch Changes diff --git a/exec/plugin-commands-rebuild/package.json b/exec/plugin-commands-rebuild/package.json index 5d0673a6130..6700dcd8f8f 100644 --- a/exec/plugin-commands-rebuild/package.json +++ b/exec/plugin-commands-rebuild/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-rebuild", - "version": "1002.0.24", + "version": "1002.0.25", "description": "Commands for rebuilding dependencies", "keywords": [ "pnpm", diff --git a/exec/plugin-commands-script-runners/CHANGELOG.md b/exec/plugin-commands-script-runners/CHANGELOG.md index 3cf18780d79..d4b13baad9b 100644 --- a/exec/plugin-commands-script-runners/CHANGELOG.md +++ b/exec/plugin-commands-script-runners/CHANGELOG.md @@ -1,5 +1,30 @@ # @pnpm/plugin-commands-script-runners +## 1001.0.5 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [c182b2d] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/plugin-commands-installation@1004.6.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/deps.status@1003.0.7 + - @pnpm/plugin-commands-env@1000.0.36 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/client@1001.0.4 + - @pnpm/package-bins@1000.0.10 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/sort-packages@1000.0.10 + - @pnpm/crypto.hash@1000.2.0 + - @pnpm/workspace.injected-deps-syncer@1000.0.12 + ## 1001.0.4 ### Patch Changes diff --git a/exec/plugin-commands-script-runners/package.json b/exec/plugin-commands-script-runners/package.json index 2108e34f22f..b496ce80cc6 100644 --- a/exec/plugin-commands-script-runners/package.json +++ b/exec/plugin-commands-script-runners/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-script-runners", - "version": "1001.0.4", + "version": "1001.0.5", "description": "Commands for running scripts", "keywords": [ "pnpm", diff --git a/exec/prepare-package/CHANGELOG.md b/exec/prepare-package/CHANGELOG.md index 15973f6abdf..865e871343f 100644 --- a/exec/prepare-package/CHANGELOG.md +++ b/exec/prepare-package/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/prepare-package +## 1000.0.22 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/lifecycle@1001.0.21 + ## 1000.0.21 ### Patch Changes diff --git a/exec/prepare-package/package.json b/exec/prepare-package/package.json index 0ca125e3af9..628bfee45d3 100644 --- a/exec/prepare-package/package.json +++ b/exec/prepare-package/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/prepare-package", - "version": "1000.0.21", + "version": "1000.0.22", "description": "Prepares a Git-hosted package", "keywords": [ "pnpm", diff --git a/fetching/binary-fetcher/CHANGELOG.md b/fetching/binary-fetcher/CHANGELOG.md index 339edfca127..2067c912e9b 100644 --- a/fetching/binary-fetcher/CHANGELOG.md +++ b/fetching/binary-fetcher/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/fetching.binary-fetcher +## 1000.0.2 + +### Patch Changes + +- @pnpm/fetcher-base@1001.0.1 +- @pnpm/worker@1000.1.12 + ## 1000.0.1 ### Patch Changes diff --git a/fetching/binary-fetcher/package.json b/fetching/binary-fetcher/package.json index 5d8fec21cce..539d2e509f0 100644 --- a/fetching/binary-fetcher/package.json +++ b/fetching/binary-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetching.binary-fetcher", - "version": "1000.0.1", + "version": "1000.0.2", "description": "A fetcher for binary archives", "keywords": [ "pnpm", diff --git a/fetching/directory-fetcher/CHANGELOG.md b/fetching/directory-fetcher/CHANGELOG.md index c2be359b109..f1a7fe47c72 100644 --- a/fetching/directory-fetcher/CHANGELOG.md +++ b/fetching/directory-fetcher/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/directory-fetcher +## 1000.1.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/exec.pkg-requires-build@1000.0.10 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/resolver-base@1005.0.1 + ## 1000.1.10 ### Patch Changes diff --git a/fetching/directory-fetcher/package.json b/fetching/directory-fetcher/package.json index a37485bc576..591e5466b2c 100644 --- a/fetching/directory-fetcher/package.json +++ b/fetching/directory-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/directory-fetcher", - "version": "1000.1.10", + "version": "1000.1.11", "description": "A fetcher for local directory packages", "keywords": [ "pnpm", diff --git a/fetching/fetcher-base/CHANGELOG.md b/fetching/fetcher-base/CHANGELOG.md index d8271272298..b0929534098 100644 --- a/fetching/fetcher-base/CHANGELOG.md +++ b/fetching/fetcher-base/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/fetcher-base +## 1001.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/resolver-base@1005.0.1 + ## 1001.0.0 ### Major Changes diff --git a/fetching/fetcher-base/package.json b/fetching/fetcher-base/package.json index 15cd8a50166..071aa668dcd 100644 --- a/fetching/fetcher-base/package.json +++ b/fetching/fetcher-base/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetcher-base", - "version": "1001.0.0", + "version": "1001.0.1", "description": "Types for pnpm-compatible fetchers", "keywords": [ "pnpm", diff --git a/fetching/git-fetcher/CHANGELOG.md b/fetching/git-fetcher/CHANGELOG.md index 6a10bef4058..043d2e7dc35 100644 --- a/fetching/git-fetcher/CHANGELOG.md +++ b/fetching/git-fetcher/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/git-fetcher +## 1001.0.14 + +### Patch Changes + +- @pnpm/prepare-package@1000.0.22 +- @pnpm/fetcher-base@1001.0.1 +- @pnpm/worker@1000.1.12 + ## 1001.0.13 ### Patch Changes diff --git a/fetching/git-fetcher/package.json b/fetching/git-fetcher/package.json index 81f06cde634..e8c3f8a5570 100644 --- a/fetching/git-fetcher/package.json +++ b/fetching/git-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/git-fetcher", - "version": "1001.0.13", + "version": "1001.0.14", "description": "A fetcher for git-hosted packages", "keywords": [ "pnpm", diff --git a/fetching/tarball-fetcher/CHANGELOG.md b/fetching/tarball-fetcher/CHANGELOG.md index fd07fd49eb9..3be0c145914 100644 --- a/fetching/tarball-fetcher/CHANGELOG.md +++ b/fetching/tarball-fetcher/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/tarball-fetcher +## 1001.0.14 + +### Patch Changes + +- @pnpm/prepare-package@1000.0.22 +- @pnpm/fetcher-base@1001.0.1 +- @pnpm/core-loggers@1001.0.3 +- @pnpm/worker@1000.1.12 + ## 1001.0.13 ### Patch Changes diff --git a/fetching/tarball-fetcher/package.json b/fetching/tarball-fetcher/package.json index f8390df057c..3c1e08f0243 100644 --- a/fetching/tarball-fetcher/package.json +++ b/fetching/tarball-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/tarball-fetcher", - "version": "1001.0.13", + "version": "1001.0.14", "description": "Fetcher for packages hosted as tarballs", "keywords": [ "pnpm", diff --git a/fs/find-packages/CHANGELOG.md b/fs/find-packages/CHANGELOG.md index d72c8644717..34ce781e1da 100644 --- a/fs/find-packages/CHANGELOG.md +++ b/fs/find-packages/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/fs.find-packages +## 1000.0.14 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + ## 1000.0.13 ### Patch Changes diff --git a/fs/find-packages/package.json b/fs/find-packages/package.json index 0f172d17fbc..5db643e24c8 100644 --- a/fs/find-packages/package.json +++ b/fs/find-packages/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fs.find-packages", - "version": "1000.0.13", + "version": "1000.0.14", "description": "Find all packages inside a directory", "keywords": [ "pnpm", diff --git a/fs/indexed-pkg-importer/CHANGELOG.md b/fs/indexed-pkg-importer/CHANGELOG.md index ad342ca722c..cdaf621edf5 100644 --- a/fs/indexed-pkg-importer/CHANGELOG.md +++ b/fs/indexed-pkg-importer/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/fs.indexed-pkg-importer +## 1000.1.12 + +### Patch Changes + +- @pnpm/core-loggers@1001.0.3 +- @pnpm/store-controller-types@1004.0.2 + ## 1000.1.11 ### Patch Changes diff --git a/fs/indexed-pkg-importer/package.json b/fs/indexed-pkg-importer/package.json index ffb66dc0374..be2b6d6fc72 100644 --- a/fs/indexed-pkg-importer/package.json +++ b/fs/indexed-pkg-importer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fs.indexed-pkg-importer", - "version": "1000.1.11", + "version": "1000.1.12", "description": "Replicates indexed directories using hard links, copies, or cloning", "keywords": [ "pnpm", diff --git a/fs/symlink-dependency/CHANGELOG.md b/fs/symlink-dependency/CHANGELOG.md index 402cf977530..e7e9f437e10 100644 --- a/fs/symlink-dependency/CHANGELOG.md +++ b/fs/symlink-dependency/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/symlink-dependency +## 1000.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/core-loggers@1001.0.3 + ## 1000.0.10 ### Patch Changes diff --git a/fs/symlink-dependency/package.json b/fs/symlink-dependency/package.json index 64aa2404692..58ad779e705 100644 --- a/fs/symlink-dependency/package.json +++ b/fs/symlink-dependency/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/symlink-dependency", - "version": "1000.0.10", + "version": "1000.0.11", "description": "Symlink a dependency to node_modules", "keywords": [ "pnpm", diff --git a/hooks/pnpmfile/CHANGELOG.md b/hooks/pnpmfile/CHANGELOG.md index 9ce0fd9042d..9df24366b79 100644 --- a/hooks/pnpmfile/CHANGELOG.md +++ b/hooks/pnpmfile/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/pnpmfile +## 1002.1.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/hooks.types@1001.0.11 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/crypto.hash@1000.2.0 + ## 1002.0.2 ### Patch Changes diff --git a/hooks/pnpmfile/package.json b/hooks/pnpmfile/package.json index 5b300216db3..a66902eb487 100644 --- a/hooks/pnpmfile/package.json +++ b/hooks/pnpmfile/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/pnpmfile", - "version": "1002.0.2", + "version": "1002.1.0", "description": "Reading a .pnpmfile.cjs", "keywords": [ "pnpm", @@ -47,7 +47,8 @@ "devDependencies": { "@pnpm/fetcher-base": "workspace:*", "@pnpm/logger": "workspace:*", - "@pnpm/pnpmfile": "workspace:*" + "@pnpm/pnpmfile": "workspace:*", + "@pnpm/test-fixtures": "workspace:*" }, "engines": { "node": ">=18.12" diff --git a/hooks/pnpmfile/src/requireHooks.ts b/hooks/pnpmfile/src/requireHooks.ts index 305688f99d8..66b69a6e88d 100644 --- a/hooks/pnpmfile/src/requireHooks.ts +++ b/hooks/pnpmfile/src/requireHooks.ts @@ -5,7 +5,7 @@ import { createHashFromMultipleFiles } from '@pnpm/crypto.hash' import pathAbsolute from 'path-absolute' import type { CustomFetchers } from '@pnpm/fetcher-base' import { type ImportIndexedPackageAsync } from '@pnpm/store-controller-types' -import { requirePnpmfile, type Pnpmfile } from './requirePnpmfile.js' +import { requirePnpmfile, type Pnpmfile, type Finders } from './requirePnpmfile.js' import { type HookContext, type Hooks } from './Hooks.js' // eslint-disable-next-line @@ -24,6 +24,7 @@ interface PnpmfileEntry { interface PnpmfileEntryLoaded { file: string hooks: Pnpmfile['hooks'] | undefined + finders: Pnpmfile['finders'] | undefined includeInChecksum: boolean } @@ -40,6 +41,7 @@ export interface CookedHooks { export interface RequireHooksResult { hooks: CookedHooks + finders: Finders resolvedPnpmfilePaths: string[] } @@ -85,6 +87,7 @@ export function requireHooks ( file, includeInChecksum, hooks: requirePnpmfileResult.pnpmfileModule?.hooks, + finders: requirePnpmfileResult.pnpmfileModule?.finders, }) } else if (!optional) { throw new PnpmError('PNPMFILE_NOT_FOUND', `pnpmfile at "${file}" is not found`) @@ -92,6 +95,7 @@ export function requireHooks ( } } + const mergedFinders: Finders = {} const cookedHooks: CookedHooks & Required> = { readPackage: [], preResolution: [], @@ -116,9 +120,23 @@ export function requireHooks ( let importProvider: string | undefined let fetchersProvider: string | undefined + const finderProviders: Record = {} // process hooks in order - for (const { hooks, file } of entries) { + for (const { hooks, file, finders } of entries) { + if (finders != null) { + for (const [finderName, finder] of Object.entries(finders)) { + if (mergedFinders[finderName] != null) { + const firstDefinedIn = finderProviders[finderName] + throw new PnpmError( + 'DUPLICATE_FINDER', + `Finder "${finderName}" defined in both ${firstDefinedIn} and ${file}` + ) + } + mergedFinders[finderName] = finder + finderProviders[finderName] = file + } + } const fileHooks: Hooks = hooks ?? {} // readPackage & afterAllResolved @@ -180,6 +198,7 @@ export function requireHooks ( return { hooks: cookedHooks, + finders: mergedFinders, resolvedPnpmfilePaths: entries.map(({ file }) => file), } } diff --git a/hooks/pnpmfile/src/requirePnpmfile.ts b/hooks/pnpmfile/src/requirePnpmfile.ts index 7dfa91c04e4..52e1fbb933d 100644 --- a/hooks/pnpmfile/src/requirePnpmfile.ts +++ b/hooks/pnpmfile/src/requirePnpmfile.ts @@ -3,7 +3,7 @@ import fs from 'fs' import util from 'util' import { PnpmError } from '@pnpm/error' import { logger } from '@pnpm/logger' -import { type PackageManifest } from '@pnpm/types' +import { type PackageManifest, type Finder } from '@pnpm/types' import chalk from 'chalk' import { type Hooks } from './Hooks.js' @@ -27,8 +27,11 @@ class PnpmFileFailError extends PnpmError { } } +export type Finders = Record + export interface Pnpmfile { hooks?: Hooks + finders?: Finders } export function requirePnpmfile (pnpmFilePath: string, prefix: string): { pnpmfileModule: Pnpmfile | undefined } | undefined { diff --git a/hooks/pnpmfile/test/__fixtures__/finders/finderBar.js b/hooks/pnpmfile/test/__fixtures__/finders/finderBar.js new file mode 100644 index 00000000000..3a5edecd317 --- /dev/null +++ b/hooks/pnpmfile/test/__fixtures__/finders/finderBar.js @@ -0,0 +1,6 @@ +module.exports = { + finders: { + bar: () => false, + }, +} + diff --git a/hooks/pnpmfile/test/__fixtures__/finders/finderFoo1.js b/hooks/pnpmfile/test/__fixtures__/finders/finderFoo1.js new file mode 100644 index 00000000000..deea705e6ff --- /dev/null +++ b/hooks/pnpmfile/test/__fixtures__/finders/finderFoo1.js @@ -0,0 +1,5 @@ +module.exports = { + finders: { + foo: () => false, + }, +} diff --git a/hooks/pnpmfile/test/__fixtures__/finders/finderFoo2.js b/hooks/pnpmfile/test/__fixtures__/finders/finderFoo2.js new file mode 100644 index 00000000000..deea705e6ff --- /dev/null +++ b/hooks/pnpmfile/test/__fixtures__/finders/finderFoo2.js @@ -0,0 +1,5 @@ +module.exports = { + finders: { + foo: () => false, + }, +} diff --git a/hooks/pnpmfile/test/index.ts b/hooks/pnpmfile/test/index.ts index ceb78496919..df52196633f 100644 --- a/hooks/pnpmfile/test/index.ts +++ b/hooks/pnpmfile/test/index.ts @@ -1,9 +1,11 @@ import path from 'path' import { type Log } from '@pnpm/core-loggers' import { requireHooks, BadReadPackageHookError, type HookContext } from '@pnpm/pnpmfile' +import { fixtures } from '@pnpm/test-fixtures' import { requirePnpmfile } from '../src/requirePnpmfile.js' const defaultHookContext: HookContext = { log () {} } +const f = fixtures(__dirname) test('ignoring a pnpmfile that exports undefined', () => { const { pnpmfileModule: pnpmfile } = requirePnpmfile(path.join(__dirname, '__fixtures__/undefined.js'), __dirname)! @@ -83,3 +85,19 @@ test('updateConfig throws an error if it returns undefined', async () => { test('requireHooks throw an error if one of the specified pnpmfiles does not exist', async () => { expect(() => requireHooks(__dirname, { pnpmfiles: ['does-not-exist.cjs'] })).toThrow('is not found') }) + +test('requireHooks throws an error if there are two finders with the same name', async () => { + const findersDir = f.find('finders') + const pnpmfile1 = path.join(findersDir, 'finderFoo1.js') + const pnpmfile2 = path.join(findersDir, 'finderFoo2.js') + expect(() => requireHooks(__dirname, { pnpmfiles: [pnpmfile1, pnpmfile2] })).toThrow('Finder "foo" defined in both') +}) + +test('requireHooks merges all the finders', async () => { + const findersDir = f.find('finders') + const pnpmfile1 = path.join(findersDir, 'finderFoo1.js') + const pnpmfile2 = path.join(findersDir, 'finderBar.js') + const { finders } = requireHooks(__dirname, { pnpmfiles: [pnpmfile1, pnpmfile2] }) + expect(finders.foo).toBeDefined() + expect(finders.bar).toBeDefined() +}) diff --git a/hooks/pnpmfile/tsconfig.json b/hooks/pnpmfile/tsconfig.json index abeca860531..69f377ab9a0 100644 --- a/hooks/pnpmfile/tsconfig.json +++ b/hooks/pnpmfile/tsconfig.json @@ -9,6 +9,9 @@ "../../__typings__/**/*.d.ts" ], "references": [ + { + "path": "../../__utils__/test-fixtures" + }, { "path": "../../crypto/hash" }, diff --git a/hooks/read-package-hook/CHANGELOG.md b/hooks/read-package-hook/CHANGELOG.md index a612b49d513..c9d2677ca6d 100644 --- a/hooks/read-package-hook/CHANGELOG.md +++ b/hooks/read-package-hook/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/hooks.read-package-hook +## 1000.0.13 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.12 ### Patch Changes diff --git a/hooks/read-package-hook/package.json b/hooks/read-package-hook/package.json index dc32f464fc8..9def70ff63a 100644 --- a/hooks/read-package-hook/package.json +++ b/hooks/read-package-hook/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/hooks.read-package-hook", - "version": "1000.0.12", + "version": "1000.0.13", "description": "Creates the default package reader hook used by pnpm", "keywords": [ "pnpm", diff --git a/hooks/types/CHANGELOG.md b/hooks/types/CHANGELOG.md index a9cc9bb72ee..68106e0f053 100644 --- a/hooks/types/CHANGELOG.md +++ b/hooks/types/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/hooks.types +## 1001.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + ## 1001.0.10 ### Patch Changes diff --git a/hooks/types/package.json b/hooks/types/package.json index f09fa9ce279..fa6ff58296c 100644 --- a/hooks/types/package.json +++ b/hooks/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/hooks.types", - "version": "1001.0.10", + "version": "1001.0.11", "description": "Types for hooks", "keywords": [ "pnpm", diff --git a/lockfile/audit/CHANGELOG.md b/lockfile/audit/CHANGELOG.md index 6981ae2bff4..4a81815cc34 100644 --- a/lockfile/audit/CHANGELOG.md +++ b/lockfile/audit/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/audit +## 1002.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.detect-dep-types@1001.0.14 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/lockfile.walker@1001.0.14 + - @pnpm/fetch@1000.2.5 + - @pnpm/read-project-manifest@1001.1.1 + ## 1002.0.10 ### Patch Changes diff --git a/lockfile/audit/package.json b/lockfile/audit/package.json index 8dd19fc8916..3405ef0e34b 100644 --- a/lockfile/audit/package.json +++ b/lockfile/audit/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/audit", - "version": "1002.0.10", + "version": "1002.0.11", "description": "Audit a lockfile", "keywords": [ "pnpm", diff --git a/lockfile/detect-dep-types/CHANGELOG.md b/lockfile/detect-dep-types/CHANGELOG.md index 3d49cc9c6e7..0ec115ea974 100644 --- a/lockfile/detect-dep-types/CHANGELOG.md +++ b/lockfile/detect-dep-types/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/lockfile.detect-dep-types +## 1001.0.14 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1001.0.13 ### Patch Changes diff --git a/lockfile/detect-dep-types/package.json b/lockfile/detect-dep-types/package.json index 2909fe5899a..c22f67c8618 100644 --- a/lockfile/detect-dep-types/package.json +++ b/lockfile/detect-dep-types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.detect-dep-types", - "version": "1001.0.13", + "version": "1001.0.14", "description": "Detect the types of dependencies", "keywords": [ "pnpm", diff --git a/lockfile/filtering/CHANGELOG.md b/lockfile/filtering/CHANGELOG.md index 006018168ef..10b1416d960 100644 --- a/lockfile/filtering/CHANGELOG.md +++ b/lockfile/filtering/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/filter-lockfile +## 1001.0.18 + +### Patch Changes + +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/lockfile.walker@1001.0.14 + - @pnpm/dependency-path@1001.1.1 + ## 1001.0.17 ### Patch Changes diff --git a/lockfile/filtering/package.json b/lockfile/filtering/package.json index 003e39d1291..03ccfd5303d 100644 --- a/lockfile/filtering/package.json +++ b/lockfile/filtering/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.filtering", - "version": "1001.0.17", + "version": "1001.0.18", "description": "Filters a lockfile", "keywords": [ "pnpm", diff --git a/lockfile/fs/CHANGELOG.md b/lockfile/fs/CHANGELOG.md index a060b2e0f27..478f2ac62db 100644 --- a/lockfile/fs/CHANGELOG.md +++ b/lockfile/fs/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/lockfile-file +## 1001.1.18 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.merger@1001.0.11 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1001.1.17 ### Patch Changes diff --git a/lockfile/fs/package.json b/lockfile/fs/package.json index 1b8cccccebc..70cbbb1d4cf 100644 --- a/lockfile/fs/package.json +++ b/lockfile/fs/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.fs", - "version": "1001.1.17", + "version": "1001.1.18", "description": "Read/write pnpm-lock.yaml files", "keywords": [ "pnpm", diff --git a/lockfile/lockfile-to-pnp/CHANGELOG.md b/lockfile/lockfile-to-pnp/CHANGELOG.md index 0590704a5b2..f4f659d42c1 100644 --- a/lockfile/lockfile-to-pnp/CHANGELOG.md +++ b/lockfile/lockfile-to-pnp/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/lockfile-to-pnp +## 1001.0.20 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1001.0.19 ### Patch Changes diff --git a/lockfile/lockfile-to-pnp/package.json b/lockfile/lockfile-to-pnp/package.json index 78e3fe95dc5..119cc573ed6 100644 --- a/lockfile/lockfile-to-pnp/package.json +++ b/lockfile/lockfile-to-pnp/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile-to-pnp", - "version": "1001.0.19", + "version": "1001.0.20", "description": "Creates a Plug'n'Play file from a pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/lockfile/merger/CHANGELOG.md b/lockfile/merger/CHANGELOG.md index ef78143fe09..713cb8040fd 100644 --- a/lockfile/merger/CHANGELOG.md +++ b/lockfile/merger/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/merge-lockfile-changes +## 1001.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + ## 1001.0.10 ### Patch Changes diff --git a/lockfile/merger/package.json b/lockfile/merger/package.json index a917a77ffee..505fef0c847 100644 --- a/lockfile/merger/package.json +++ b/lockfile/merger/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.merger", - "version": "1001.0.10", + "version": "1001.0.11", "description": "Merges lockfiles. Can automatically fix merge conflicts", "keywords": [ "pnpm", diff --git a/lockfile/plugin-commands-audit/CHANGELOG.md b/lockfile/plugin-commands-audit/CHANGELOG.md index 81558a1f3dd..b95a0d4aa9f 100644 --- a/lockfile/plugin-commands-audit/CHANGELOG.md +++ b/lockfile/plugin-commands-audit/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/plugin-commands-audit +## 1002.1.11 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/config.config-writer@1000.0.11 + - @pnpm/audit@1002.0.11 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/read-project-manifest@1001.1.1 + ## 1002.1.10 ### Patch Changes diff --git a/lockfile/plugin-commands-audit/package.json b/lockfile/plugin-commands-audit/package.json index 7613c0e4889..7b4ff308315 100644 --- a/lockfile/plugin-commands-audit/package.json +++ b/lockfile/plugin-commands-audit/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-audit", - "version": "1002.1.10", + "version": "1002.1.11", "description": "pnpm commands for dependencies audit", "keywords": [ "pnpm", diff --git a/lockfile/preferred-versions/CHANGELOG.md b/lockfile/preferred-versions/CHANGELOG.md index 1fec5ffce02..ba65c92640f 100644 --- a/lockfile/preferred-versions/CHANGELOG.md +++ b/lockfile/preferred-versions/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/lockfile.preferred-versions +## 1000.0.19 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/resolver-base@1005.0.1 + ## 1000.0.18 ### Patch Changes diff --git a/lockfile/preferred-versions/package.json b/lockfile/preferred-versions/package.json index dcf4952b600..980c0599348 100644 --- a/lockfile/preferred-versions/package.json +++ b/lockfile/preferred-versions/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.preferred-versions", - "version": "1000.0.18", + "version": "1000.0.19", "description": "Get preferred version from lockfile", "keywords": [ "pnpm", diff --git a/lockfile/pruner/CHANGELOG.md b/lockfile/pruner/CHANGELOG.md index 25f47b5df49..3770a4b969d 100644 --- a/lockfile/pruner/CHANGELOG.md +++ b/lockfile/pruner/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/prune-lockfile +## 1001.0.14 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1001.0.13 ### Patch Changes diff --git a/lockfile/pruner/package.json b/lockfile/pruner/package.json index a5724ecb8ab..26640875692 100644 --- a/lockfile/pruner/package.json +++ b/lockfile/pruner/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.pruner", - "version": "1001.0.13", + "version": "1001.0.14", "description": "Prune a pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/lockfile/settings-checker/CHANGELOG.md b/lockfile/settings-checker/CHANGELOG.md index fad87c86191..bc2b8ce6820 100644 --- a/lockfile/settings-checker/CHANGELOG.md +++ b/lockfile/settings-checker/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/lockfile.settings-checker +## 1001.0.13 + +### Patch Changes + +- @pnpm/lockfile.types@1002.0.1 +- @pnpm/crypto.hash@1000.2.0 + ## 1001.0.12 ### Patch Changes diff --git a/lockfile/settings-checker/package.json b/lockfile/settings-checker/package.json index f111cb7e471..04b7dbb4bad 100644 --- a/lockfile/settings-checker/package.json +++ b/lockfile/settings-checker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.settings-checker", - "version": "1001.0.12", + "version": "1001.0.13", "description": "Utilities to check if lockfile settings are out-of-date", "keywords": [ "pnpm", diff --git a/lockfile/types/CHANGELOG.md b/lockfile/types/CHANGELOG.md index 2ab3fce0862..bef116881b0 100644 --- a/lockfile/types/CHANGELOG.md +++ b/lockfile/types/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/lockfile-types +## 1002.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/resolver-base@1005.0.1 + ## 1002.0.0 ### Major Changes diff --git a/lockfile/types/package.json b/lockfile/types/package.json index 2519277198d..a5e25081262 100644 --- a/lockfile/types/package.json +++ b/lockfile/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.types", - "version": "1002.0.0", + "version": "1002.0.1", "description": "Types for the pnpm-lock.yaml lockfile", "keywords": [ "pnpm", diff --git a/lockfile/utils/CHANGELOG.md b/lockfile/utils/CHANGELOG.md index ead5b2510d2..d0befd182ec 100644 --- a/lockfile/utils/CHANGELOG.md +++ b/lockfile/utils/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/lockfile-utils +## 1003.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/pick-fetcher@1001.0.0 + ## 1003.0.0 ### Major Changes diff --git a/lockfile/utils/package.json b/lockfile/utils/package.json index fb90e7a30de..4b72ccfc86c 100644 --- a/lockfile/utils/package.json +++ b/lockfile/utils/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.utils", - "version": "1003.0.0", + "version": "1003.0.1", "description": "Utils for dealing with pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/lockfile/verification/CHANGELOG.md b/lockfile/verification/CHANGELOG.md index a9ca5e68713..9561e88d92d 100644 --- a/lockfile/verification/CHANGELOG.md +++ b/lockfile/verification/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/lockfile.verification +## 1001.2.6 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/get-context@1001.1.5 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/crypto.hash@1000.2.0 + ## 1001.2.5 ### Patch Changes diff --git a/lockfile/verification/package.json b/lockfile/verification/package.json index 916f9bf3275..615f1f80aa4 100644 --- a/lockfile/verification/package.json +++ b/lockfile/verification/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.verification", - "version": "1001.2.5", + "version": "1001.2.6", "description": "Checks a lockfile", "keywords": [ "pnpm", diff --git a/lockfile/walker/CHANGELOG.md b/lockfile/walker/CHANGELOG.md index c207a9ef1c1..b85099e824d 100644 --- a/lockfile/walker/CHANGELOG.md +++ b/lockfile/walker/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/lockfile-walker +## 1001.0.14 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1001.0.13 ### Patch Changes diff --git a/lockfile/walker/package.json b/lockfile/walker/package.json index 0a7ad3e9a7c..e5c68a6a324 100644 --- a/lockfile/walker/package.json +++ b/lockfile/walker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.walker", - "version": "1001.0.13", + "version": "1001.0.14", "description": "Walk over all the dependencies in a lockfile", "keywords": [ "pnpm", diff --git a/modules-mounter/daemon/CHANGELOG.md b/modules-mounter/daemon/CHANGELOG.md index 7a1b6205c1f..afdef13643d 100644 --- a/modules-mounter/daemon/CHANGELOG.md +++ b/modules-mounter/daemon/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/mount-modules +## 1001.0.30 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/store.cafs@1000.0.17 + ## 1001.0.29 ### Patch Changes diff --git a/modules-mounter/daemon/package.json b/modules-mounter/daemon/package.json index 88802cf3d46..46cee3ac5ef 100644 --- a/modules-mounter/daemon/package.json +++ b/modules-mounter/daemon/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/mount-modules", - "version": "1001.0.29", + "version": "1001.0.30", "description": "Mounts a node_modules directory with FUSE", "keywords": [ "pnpm", diff --git a/network/fetch/CHANGELOG.md b/network/fetch/CHANGELOG.md index b1c1a8e6eec..8af7fb93577 100644 --- a/network/fetch/CHANGELOG.md +++ b/network/fetch/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/fetch +## 1000.2.5 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/core-loggers@1001.0.3 + ## 1000.2.4 ### Patch Changes diff --git a/network/fetch/package.json b/network/fetch/package.json index 48d0981808a..ce9b6ff5267 100644 --- a/network/fetch/package.json +++ b/network/fetch/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetch", - "version": "1000.2.4", + "version": "1000.2.5", "description": "node-fetch with retries", "keywords": [ "pnpm", diff --git a/packages/calc-dep-state/CHANGELOG.md b/packages/calc-dep-state/CHANGELOG.md index 0e53da6f0c4..4691413457b 100644 --- a/packages/calc-dep-state/CHANGELOG.md +++ b/packages/calc-dep-state/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/calc-dep-state +## 1002.0.5 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1002.0.4 ### Patch Changes diff --git a/packages/calc-dep-state/package.json b/packages/calc-dep-state/package.json index 8be1bce4298..85ac8265a30 100644 --- a/packages/calc-dep-state/package.json +++ b/packages/calc-dep-state/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/calc-dep-state", - "version": "1002.0.4", + "version": "1002.0.5", "description": "Calculates the state of a dependency", "keywords": [ "pnpm", diff --git a/packages/core-loggers/CHANGELOG.md b/packages/core-loggers/CHANGELOG.md index 186130141ea..774c4635aa6 100644 --- a/packages/core-loggers/CHANGELOG.md +++ b/packages/core-loggers/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/core-loggers +## 1001.0.3 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1001.0.2 ### Patch Changes diff --git a/packages/core-loggers/package.json b/packages/core-loggers/package.json index 88261290f94..adb028a7d3e 100644 --- a/packages/core-loggers/package.json +++ b/packages/core-loggers/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/core-loggers", - "version": "1001.0.2", + "version": "1001.0.3", "description": "Core loggers of pnpm", "keywords": [ "pnpm", diff --git a/packages/dependency-path/CHANGELOG.md b/packages/dependency-path/CHANGELOG.md index 86086230e88..47f3956d8b7 100644 --- a/packages/dependency-path/CHANGELOG.md +++ b/packages/dependency-path/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/dependency-path +## 1001.1.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/crypto.hash@1000.2.0 + ## 1001.1.0 ### Minor Changes diff --git a/packages/dependency-path/package.json b/packages/dependency-path/package.json index 0fbdc2128cb..c517fe8c5e1 100644 --- a/packages/dependency-path/package.json +++ b/packages/dependency-path/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/dependency-path", - "version": "1001.1.0", + "version": "1001.1.1", "description": "Utilities for working with symlinked node_modules", "keywords": [ "pnpm", diff --git a/packages/make-dedicated-lockfile/CHANGELOG.md b/packages/make-dedicated-lockfile/CHANGELOG.md index 804519248ea..bb48bc64adc 100644 --- a/packages/make-dedicated-lockfile/CHANGELOG.md +++ b/packages/make-dedicated-lockfile/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/make-dedicated-lockfile +## 1000.0.24 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.pruner@1001.0.14 + - @pnpm/exportable-manifest@1000.1.4 + - @pnpm/read-project-manifest@1001.1.1 + ## 1000.0.23 ### Patch Changes diff --git a/packages/make-dedicated-lockfile/package.json b/packages/make-dedicated-lockfile/package.json index dd4a31f2f83..3d921733b4d 100644 --- a/packages/make-dedicated-lockfile/package.json +++ b/packages/make-dedicated-lockfile/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/make-dedicated-lockfile", - "version": "1000.0.23", + "version": "1000.0.24", "description": "Creates a dedicated lockfile for a subset of workspace projects", "keywords": [ "pnpm", diff --git a/packages/plugin-commands-doctor/CHANGELOG.md b/packages/plugin-commands-doctor/CHANGELOG.md index a1c7258264f..30ba304c783 100644 --- a/packages/plugin-commands-doctor/CHANGELOG.md +++ b/packages/plugin-commands-doctor/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/plugin-commands-doctor +## 1000.1.34 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + ## 1000.1.33 ### Patch Changes diff --git a/packages/plugin-commands-doctor/package.json b/packages/plugin-commands-doctor/package.json index 8471d10793e..3ad9d5ba9e4 100644 --- a/packages/plugin-commands-doctor/package.json +++ b/packages/plugin-commands-doctor/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-doctor", - "version": "1000.1.33", + "version": "1000.1.34", "description": "Commands for checks of known common issues ", "keywords": [ "pnpm", diff --git a/packages/plugin-commands-init/CHANGELOG.md b/packages/plugin-commands-init/CHANGELOG.md index 57b2b6831e8..b15d52ea58f 100644 --- a/packages/plugin-commands-init/CHANGELOG.md +++ b/packages/plugin-commands-init/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/plugin-commands-init +## 1000.2.11 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/write-project-manifest@1000.0.10 + ## 1000.2.10 ### Patch Changes diff --git a/packages/plugin-commands-init/package.json b/packages/plugin-commands-init/package.json index 415040e4cb8..9bfe66bdd02 100644 --- a/packages/plugin-commands-init/package.json +++ b/packages/plugin-commands-init/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-init", - "version": "1000.2.10", + "version": "1000.2.11", "description": "Create a package.json file", "keywords": [ "pnpm", diff --git a/packages/plugin-commands-setup/CHANGELOG.md b/packages/plugin-commands-setup/CHANGELOG.md index b0937665002..8413b70065b 100644 --- a/packages/plugin-commands-setup/CHANGELOG.md +++ b/packages/plugin-commands-setup/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/plugin-commands-setup +## 1000.1.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/cli-utils@1001.2.0 + - @pnpm/cli-meta@1000.0.10 + ## 1000.1.10 ### Patch Changes diff --git a/packages/plugin-commands-setup/package.json b/packages/plugin-commands-setup/package.json index a52d4123c6e..e9deeea6818 100644 --- a/packages/plugin-commands-setup/package.json +++ b/packages/plugin-commands-setup/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-setup", - "version": "1000.1.10", + "version": "1000.1.11", "description": "pnpm commands for setting up pnpm", "keywords": [ "pnpm", diff --git a/packages/render-peer-issues/CHANGELOG.md b/packages/render-peer-issues/CHANGELOG.md index 74d5170fde7..2721865dd4e 100644 --- a/packages/render-peer-issues/CHANGELOG.md +++ b/packages/render-peer-issues/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/render-peer-issues +## 1002.0.3 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1002.0.2 ### Patch Changes diff --git a/packages/render-peer-issues/package.json b/packages/render-peer-issues/package.json index db109e6ae7e..f0d1e01ba9d 100644 --- a/packages/render-peer-issues/package.json +++ b/packages/render-peer-issues/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/render-peer-issues", - "version": "1002.0.2", + "version": "1002.0.3", "description": "Visualizes peer dependency issues", "keywords": [ "pnpm", diff --git a/packages/types/CHANGELOG.md b/packages/types/CHANGELOG.md index 9f52dfc808c..b471b327512 100644 --- a/packages/types/CHANGELOG.md +++ b/packages/types/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/types +## 1000.8.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + ## 1000.7.0 ### Minor Changes diff --git a/packages/types/package.json b/packages/types/package.json index 770ddde71de..bc4cc8836db 100644 --- a/packages/types/package.json +++ b/packages/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/types", - "version": "1000.7.0", + "version": "1000.8.0", "description": "Basic types used by pnpm", "keywords": [ "pnpm", diff --git a/packages/types/src/options.ts b/packages/types/src/options.ts index e15201a2d30..1442efd40c7 100644 --- a/packages/types/src/options.ts +++ b/packages/types/src/options.ts @@ -1,5 +1,5 @@ import { type DependenciesField } from './misc.js' -import { type BaseManifest } from './package.js' +import { type BaseManifest, type DependencyManifest } from './package.js' export type LogBase = { level: 'debug' | 'error' @@ -14,3 +14,11 @@ export type IncludedDependencies = { } export type ReadPackageHook = (pkg: Pkg, dir?: string) => Pkg | Promise + +export interface FinderContext { + name: string + version: string + readManifest: () => DependencyManifest +} + +export type Finder = (ctx: FinderContext) => boolean | string diff --git a/patching/config/CHANGELOG.md b/patching/config/CHANGELOG.md index bb521a134c1..fde0d1128fa 100644 --- a/patching/config/CHANGELOG.md +++ b/patching/config/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/patching.config +## 1001.0.8 + +### Patch Changes + +- @pnpm/dependency-path@1001.1.1 + ## 1001.0.7 ### Patch Changes diff --git a/patching/config/package.json b/patching/config/package.json index 02e403db827..4089ef35e0e 100644 --- a/patching/config/package.json +++ b/patching/config/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/patching.config", - "version": "1001.0.7", + "version": "1001.0.8", "description": "Functions related to patching configurations", "keywords": [ "pnpm", diff --git a/patching/plugin-commands-patching/CHANGELOG.md b/patching/plugin-commands-patching/CHANGELOG.md index 40a5bdf2c26..06be70ad877 100644 --- a/patching/plugin-commands-patching/CHANGELOG.md +++ b/patching/plugin-commands-patching/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/plugin-commands-patching +## 1000.3.11 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [c182b2d] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/plugin-commands-installation@1004.6.0 + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/config.config-writer@1000.0.11 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/workspace.read-manifest@1000.2.3 + - @pnpm/crypto.hash@1000.2.0 + - @pnpm/patching.apply-patch@1000.0.6 + - @pnpm/pick-fetcher@1001.0.0 + ## 1000.3.10 ### Patch Changes diff --git a/patching/plugin-commands-patching/package.json b/patching/plugin-commands-patching/package.json index f4dceef7228..9252b286910 100644 --- a/patching/plugin-commands-patching/package.json +++ b/patching/plugin-commands-patching/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-patching", - "version": "1000.3.10", + "version": "1000.3.11", "description": "Commands for creating patches", "keywords": [ "pnpm", diff --git a/pkg-manager/client/CHANGELOG.md b/pkg-manager/client/CHANGELOG.md index 89c58fbc1bf..009d88de3ad 100644 --- a/pkg-manager/client/CHANGELOG.md +++ b/pkg-manager/client/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/client +## 1001.0.4 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/default-resolver@1002.2.4 + - @pnpm/directory-fetcher@1000.1.11 + - @pnpm/git-fetcher@1001.0.14 + - @pnpm/tarball-fetcher@1001.0.14 + - @pnpm/fetch@1000.2.5 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/node.fetcher@1001.0.3 + - @pnpm/fetching.binary-fetcher@1000.0.2 + ## 1001.0.3 ### Patch Changes diff --git a/pkg-manager/client/package.json b/pkg-manager/client/package.json index baa8a186140..06c1bffa78c 100644 --- a/pkg-manager/client/package.json +++ b/pkg-manager/client/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/client", - "version": "1001.0.3", + "version": "1001.0.4", "description": "Creates the package resolve and fetch functions", "keywords": [ "pnpm", diff --git a/pkg-manager/core/CHANGELOG.md b/pkg-manager/core/CHANGELOG.md index c5c50bfb58b..1f40d366b1b 100644 --- a/pkg-manager/core/CHANGELOG.md +++ b/pkg-manager/core/CHANGELOG.md @@ -1,5 +1,65 @@ # @pnpm/core +## 1010.1.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +### Patch Changes + +- 2ebd45a: Throw a `ABORTED_REMOVE_MODULES_DIR_NO_TTY` error if there's no TTY instead of showing the prompt to ask for confirmation to remove the modules directory and immediately exiting with code 0. +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/resolve-dependencies@1008.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/build-modules@1000.3.14 + - @pnpm/lockfile.verification@1001.2.6 + - @pnpm/headless@1004.2.4 + - @pnpm/link-bins@1000.2.2 + - @pnpm/package-requester@1006.0.1 + - @pnpm/remove-bins@1000.0.13 + - @pnpm/lockfile.filtering@1001.0.18 + - @pnpm/normalize-registries@1000.1.3 + - @pnpm/symlink-dependency@1000.0.11 + - @pnpm/hooks.read-package-hook@1000.0.13 + - @pnpm/hooks.types@1001.0.11 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile-to-pnp@1001.0.20 + - @pnpm/lockfile.preferred-versions@1000.0.19 + - @pnpm/lockfile.pruner@1001.0.14 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/lockfile.walker@1001.0.14 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/get-context@1001.1.5 + - @pnpm/hoist@1002.0.4 + - @pnpm/modules-cleaner@1001.0.20 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/crypto.hash@1000.2.0 + - @pnpm/lockfile.settings-checker@1001.0.13 + - @pnpm/pkg-manager.direct-dep-linker@1000.0.11 + - @pnpm/patching.config@1001.0.8 + ## 1010.0.2 ### Patch Changes diff --git a/pkg-manager/core/package.json b/pkg-manager/core/package.json index 85807d4574f..f9f1393beb2 100644 --- a/pkg-manager/core/package.json +++ b/pkg-manager/core/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/core", - "version": "1010.0.2", + "version": "1010.1.0", "description": "Fast, disk space efficient installation engine", "keywords": [ "pnpm", diff --git a/pkg-manager/core/src/install/extendInstallOptions.ts b/pkg-manager/core/src/install/extendInstallOptions.ts index bde62bb2eed..a78f4797b2d 100644 --- a/pkg-manager/core/src/install/extendInstallOptions.ts +++ b/pkg-manager/core/src/install/extendInstallOptions.ts @@ -165,6 +165,8 @@ export interface StrictInstallOptions { returnListOfDepsRequiringBuild?: boolean injectWorkspacePackages?: boolean ci?: boolean + minimumReleaseAge?: number + minimumReleaseAgeExclude?: string[] } export type InstallOptions = diff --git a/pkg-manager/core/src/install/index.ts b/pkg-manager/core/src/install/index.ts index e793c288a21..d19cdab2386 100644 --- a/pkg-manager/core/src/install/index.ts +++ b/pkg-manager/core/src/install/index.ts @@ -1179,6 +1179,8 @@ const _installInContext: InstallFunction = async (projects, ctx, opts) => { supportedArchitectures: opts.supportedArchitectures, peersSuffixMaxLength: opts.peersSuffixMaxLength, injectWorkspacePackages: opts.injectWorkspacePackages, + minimumReleaseAge: opts.minimumReleaseAge, + minimumReleaseAgeExclude: opts.minimumReleaseAgeExclude, } ) if (!opts.include.optionalDependencies || !opts.include.devDependencies || !opts.include.dependencies) { diff --git a/pkg-manager/core/src/install/validateModules.ts b/pkg-manager/core/src/install/validateModules.ts index 6eb58069a19..2ac3052f9f3 100644 --- a/pkg-manager/core/src/install/validateModules.ts +++ b/pkg-manager/core/src/install/validateModules.ts @@ -149,6 +149,11 @@ async function purgeModulesDirsOfImporters ( importers: ImporterToPurge[] ): Promise { if (opts.confirmModulesPurge ?? true) { + if (!process.stdin.isTTY) { + throw new PnpmError('ABORTED_REMOVE_MODULES_DIR_NO_TTY', 'Aborted removal of modules directory due to no TTY', { + hint: 'If you are running pnpm in CI, set the CI environment variable to "true".', + }) + } const confirmed = await enquirer.prompt<{ question: boolean }>({ type: 'confirm', name: 'question', diff --git a/pkg-manager/core/test/install/minimumReleaseAge.ts b/pkg-manager/core/test/install/minimumReleaseAge.ts new file mode 100644 index 00000000000..be43134189d --- /dev/null +++ b/pkg-manager/core/test/install/minimumReleaseAge.ts @@ -0,0 +1,24 @@ +import { prepareEmpty } from '@pnpm/prepare' +import { addDependenciesToPackage } from '@pnpm/core' +import { testDefaults } from '../utils/index.js' + +const isOdd011ReleaseDate = new Date(2016, 11, 7 - 2) // 0.1.1 was released at 2016-12-07T07:18:01.205Z +const diff = Date.now() - isOdd011ReleaseDate.getTime() +const minimumReleaseAge = diff / (60 * 1000) // converting to minutes + +test('minimumReleaseAge prevents installation of versions that do not meet the required publish date cutoff', async () => { + prepareEmpty() + + const { updatedManifest: manifest } = await addDependenciesToPackage({}, ['is-odd@0.1'], testDefaults({ minimumReleaseAge })) + + expect(manifest.dependencies!['is-odd']).toEqual('~0.1.0') +}) + +test('minimumReleaseAge is ignored for packages in the minimumReleaseAgeExclude array', async () => { + prepareEmpty() + + const opts = testDefaults({ minimumReleaseAge, minimumReleaseAgeExclude: ['is-odd'] }) + const { updatedManifest: manifest } = await addDependenciesToPackage({}, ['is-odd@0.1'], opts) + + expect(manifest.dependencies!['is-odd']).toEqual('~0.1.2') +}) diff --git a/pkg-manager/direct-dep-linker/CHANGELOG.md b/pkg-manager/direct-dep-linker/CHANGELOG.md index 851d7db92c6..f40fb11a74c 100644 --- a/pkg-manager/direct-dep-linker/CHANGELOG.md +++ b/pkg-manager/direct-dep-linker/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/pkg-manager.direct-dep-linker +## 1000.0.11 + +### Patch Changes + +- @pnpm/symlink-dependency@1000.0.11 +- @pnpm/core-loggers@1001.0.3 + ## 1000.0.10 ### Patch Changes diff --git a/pkg-manager/direct-dep-linker/package.json b/pkg-manager/direct-dep-linker/package.json index f2328017eb3..6b0f1cf88c7 100644 --- a/pkg-manager/direct-dep-linker/package.json +++ b/pkg-manager/direct-dep-linker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/pkg-manager.direct-dep-linker", - "version": "1000.0.10", + "version": "1000.0.11", "description": "Fast installation using only pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/pkg-manager/get-context/CHANGELOG.md b/pkg-manager/get-context/CHANGELOG.md index 08b0b082408..f343e4af51d 100644 --- a/pkg-manager/get-context/CHANGELOG.md +++ b/pkg-manager/get-context/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/get-context +## 1001.1.5 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/read-projects-context@1000.0.21 + - @pnpm/resolver-base@1005.0.1 + ## 1001.1.4 ### Patch Changes diff --git a/pkg-manager/get-context/package.json b/pkg-manager/get-context/package.json index 3b2f3a5cc3c..df7a5786cdf 100644 --- a/pkg-manager/get-context/package.json +++ b/pkg-manager/get-context/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/get-context", - "version": "1001.1.4", + "version": "1001.1.5", "description": "Gets context information about a project", "keywords": [ "pnpm", diff --git a/pkg-manager/headless/CHANGELOG.md b/pkg-manager/headless/CHANGELOG.md index c93abe8dada..9690e6ef556 100644 --- a/pkg-manager/headless/CHANGELOG.md +++ b/pkg-manager/headless/CHANGELOG.md @@ -1,5 +1,39 @@ # @pnpm/headless +## 1004.2.4 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/types@1000.8.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/build-modules@1000.3.14 + - @pnpm/link-bins@1000.2.2 + - @pnpm/package-requester@1006.0.1 + - @pnpm/deps.graph-builder@1002.2.4 + - @pnpm/lockfile.filtering@1001.0.18 + - @pnpm/symlink-dependency@1000.0.11 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile-to-pnp@1001.0.20 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/hoist@1002.0.4 + - @pnpm/modules-cleaner@1001.0.20 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/real-hoist@1001.0.17 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/pkg-manager.direct-dep-linker@1000.0.11 + - @pnpm/patching.config@1001.0.8 + ## 1004.2.3 ### Patch Changes diff --git a/pkg-manager/headless/package.json b/pkg-manager/headless/package.json index b1aef6f1657..1e7217cc5fe 100644 --- a/pkg-manager/headless/package.json +++ b/pkg-manager/headless/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/headless", - "version": "1004.2.3", + "version": "1004.2.4", "description": "Fast installation using only pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/pkg-manager/hoist/CHANGELOG.md b/pkg-manager/hoist/CHANGELOG.md index f74ad957999..ddb597f3424 100644 --- a/pkg-manager/hoist/CHANGELOG.md +++ b/pkg-manager/hoist/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/hoist +## 1002.0.4 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/link-bins@1000.2.2 + - @pnpm/core-loggers@1001.0.3 + ## 1002.0.3 ### Patch Changes diff --git a/pkg-manager/hoist/package.json b/pkg-manager/hoist/package.json index be82811c50e..152d21f0630 100644 --- a/pkg-manager/hoist/package.json +++ b/pkg-manager/hoist/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/hoist", - "version": "1002.0.3", + "version": "1002.0.4", "description": "Hoists dependencies in a node_modules created by pnpm", "keywords": [ "pnpm", diff --git a/pkg-manager/link-bins/CHANGELOG.md b/pkg-manager/link-bins/CHANGELOG.md index 9a5c42efec1..b378493ea23 100644 --- a/pkg-manager/link-bins/CHANGELOG.md +++ b/pkg-manager/link-bins/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/link-bins +## 1000.2.2 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/package-bins@1000.0.10 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/read-project-manifest@1001.1.1 + ## 1000.2.1 ### Patch Changes diff --git a/pkg-manager/link-bins/package.json b/pkg-manager/link-bins/package.json index 25161042dbb..4d48ab2dca6 100644 --- a/pkg-manager/link-bins/package.json +++ b/pkg-manager/link-bins/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/link-bins", - "version": "1000.2.1", + "version": "1000.2.2", "description": "Link bins to node_modules/.bin", "keywords": [ "pnpm", diff --git a/pkg-manager/modules-cleaner/CHANGELOG.md b/pkg-manager/modules-cleaner/CHANGELOG.md index 719f115af7b..4230de0576a 100644 --- a/pkg-manager/modules-cleaner/CHANGELOG.md +++ b/pkg-manager/modules-cleaner/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/modules-cleaner +## 1001.0.20 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/remove-bins@1000.0.13 + - @pnpm/lockfile.filtering@1001.0.18 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/store-controller-types@1004.0.2 + ## 1001.0.19 ### Patch Changes diff --git a/pkg-manager/modules-cleaner/package.json b/pkg-manager/modules-cleaner/package.json index 925affe6ac0..436b199639e 100644 --- a/pkg-manager/modules-cleaner/package.json +++ b/pkg-manager/modules-cleaner/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/modules-cleaner", - "version": "1001.0.19", + "version": "1001.0.20", "description": "Exports util functions to clean up node_modules", "keywords": [ "pnpm", diff --git a/pkg-manager/modules-yaml/CHANGELOG.md b/pkg-manager/modules-yaml/CHANGELOG.md index c33e9da69b5..71810d62ab2 100644 --- a/pkg-manager/modules-yaml/CHANGELOG.md +++ b/pkg-manager/modules-yaml/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/modules-yaml +## 1000.3.5 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.3.4 ### Patch Changes diff --git a/pkg-manager/modules-yaml/package.json b/pkg-manager/modules-yaml/package.json index 34962e6ada7..8228c7f2cf8 100644 --- a/pkg-manager/modules-yaml/package.json +++ b/pkg-manager/modules-yaml/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/modules-yaml", - "version": "1000.3.4", + "version": "1000.3.5", "description": "Reads/writes `node_modules/.modules.yaml`", "keywords": [ "pnpm", diff --git a/pkg-manager/package-bins/CHANGELOG.md b/pkg-manager/package-bins/CHANGELOG.md index 1c5f5a319a0..8585e3bfd11 100644 --- a/pkg-manager/package-bins/CHANGELOG.md +++ b/pkg-manager/package-bins/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/package-bins +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/pkg-manager/package-bins/package.json b/pkg-manager/package-bins/package.json index 19a7794843d..499147f272a 100644 --- a/pkg-manager/package-bins/package.json +++ b/pkg-manager/package-bins/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/package-bins", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Returns bins of a package", "keywords": [ "pnpm", diff --git a/pkg-manager/package-requester/CHANGELOG.md b/pkg-manager/package-requester/CHANGELOG.md index 4eb3c90a5ef..c780ff9bc77 100644 --- a/pkg-manager/package-requester/CHANGELOG.md +++ b/pkg-manager/package-requester/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/package-requester +## 1006.0.1 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/types@1000.8.0 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/store.cafs@1000.0.17 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/pick-fetcher@1001.0.0 + ## 1006.0.0 ### Major Changes diff --git a/pkg-manager/package-requester/package.json b/pkg-manager/package-requester/package.json index e447c6cc847..0d59daaf160 100644 --- a/pkg-manager/package-requester/package.json +++ b/pkg-manager/package-requester/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/package-requester", - "version": "1006.0.0", + "version": "1006.0.1", "description": "Concurrent downloader of npm-compatible packages", "keywords": [ "pnpm", diff --git a/pkg-manager/plugin-commands-installation/CHANGELOG.md b/pkg-manager/plugin-commands-installation/CHANGELOG.md index a9b8a1888d1..dca0cc60861 100644 --- a/pkg-manager/plugin-commands-installation/CHANGELOG.md +++ b/pkg-manager/plugin-commands-installation/CHANGELOG.md @@ -1,5 +1,58 @@ # @pnpm/plugin-commands-installation +## 1004.6.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +### Patch Changes + +- c182b2d: `cleanupUnusedCatalogs` configuration should be applied when removing a dependency package. +- Updated dependencies [e792927] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [2ebd45a] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/core@1010.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/pnpmfile@1002.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/config.deps-installer@1000.0.12 + - @pnpm/plugin-commands-rebuild@1002.0.25 + - @pnpm/outdated@1001.0.29 + - @pnpm/workspace.pkgs-graph@1000.0.19 + - @pnpm/deps.status@1003.0.7 + - @pnpm/plugin-commands-env@1000.0.36 + - @pnpm/workspace.state@1002.0.3 + - @pnpm/config.config-writer@1000.0.11 + - @pnpm/pick-registry-for-package@1000.0.10 + - @pnpm/dedupe.check@1001.0.11 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/get-context@1001.1.5 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/write-project-manifest@1000.0.10 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/package-store@1002.0.10 + - @pnpm/filter-workspace-packages@1000.0.35 + - @pnpm/workspace.find-packages@1000.0.35 + - @pnpm/workspace.manifest-writer@1001.0.1 + - @pnpm/sort-packages@1000.0.10 + ## 1004.5.1 ### Patch Changes diff --git a/pkg-manager/plugin-commands-installation/package.json b/pkg-manager/plugin-commands-installation/package.json index 07078bd58ab..56edc0a63a0 100644 --- a/pkg-manager/plugin-commands-installation/package.json +++ b/pkg-manager/plugin-commands-installation/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-installation", - "version": "1004.5.1", + "version": "1004.6.0", "description": "Commands for installation", "keywords": [ "pnpm", diff --git a/pkg-manager/plugin-commands-installation/src/remove.ts b/pkg-manager/plugin-commands-installation/src/remove.ts index 1269700fb0b..41006f31605 100644 --- a/pkg-manager/plugin-commands-installation/src/remove.ts +++ b/pkg-manager/plugin-commands-installation/src/remove.ts @@ -9,6 +9,7 @@ import { type Config, getOptionsFromRootManifest, types as allTypes } from '@pnp import { PnpmError } from '@pnpm/error' import { arrayOfWorkspacePackagesToMap } from '@pnpm/get-context' import { findWorkspacePackages } from '@pnpm/workspace.find-packages' +import { updateWorkspaceManifest } from '@pnpm/workspace.manifest-writer' import { getAllDependenciesFromManifest } from '@pnpm/manifest-utils' import { createOrConnectStoreController, type CreateStoreControllerOptions } from '@pnpm/store-connection-manager' import { type DependenciesField, type ProjectRootDir } from '@pnpm/types' @@ -150,6 +151,7 @@ export async function handler ( | 'workspaceDir' | 'workspacePackagePatterns' | 'sharedWorkspaceLockfile' + | 'cleanupUnusedCatalogs' > & { recursive?: boolean pnpmfile: string[] @@ -215,4 +217,8 @@ export async function handler ( removeOpts ) await writeProjectManifest(mutationResult.updatedProject.manifest) + await updateWorkspaceManifest(opts.workspaceDir ?? opts.dir, { + cleanupUnusedCatalogs: opts.cleanupUnusedCatalogs, + allProjects: opts.allProjects, + }) } diff --git a/pkg-manager/plugin-commands-installation/test/add.ts b/pkg-manager/plugin-commands-installation/test/add.ts index dae4f92e434..1c9c0a362c9 100644 --- a/pkg-manager/plugin-commands-installation/test/add.ts +++ b/pkg-manager/plugin-commands-installation/test/add.ts @@ -400,6 +400,21 @@ test('add: fail trying to install @pnpm/exe', async () => { expect(err.code).toBe('ERR_PNPM_GLOBAL_PNPM_INSTALL') }) +test('minimumReleaseAge makes install fail if there is no version that was published before the cutoff', async () => { + prepareEmpty() + + const isOdd011ReleaseDate = new Date(2016, 11, 7 - 2) // 0.1.1 was released at 2016-12-07T07:18:01.205Z + const diff = Date.now() - isOdd011ReleaseDate.getTime() + const minimumReleaseAge = diff / (60 * 1000) // converting to minutes + + await expect(add.handler({ + ...DEFAULT_OPTIONS, + dir: path.resolve('project'), + minimumReleaseAge, + linkWorkspacePackages: false, + }, ['is-odd@0.1.1'])).rejects.toThrow('No matching version found') +}) + describeOnLinuxOnly('filters optional dependencies based on pnpm.supportedArchitectures.libc', () => { test.each([ ['glibc', '@pnpm.e2e+only-linux-x64-glibc@1.0.0', '@pnpm.e2e+only-linux-x64-musl@1.0.0'], diff --git a/pkg-manager/read-projects-context/CHANGELOG.md b/pkg-manager/read-projects-context/CHANGELOG.md index 2de654a38f7..6974bbe0a70 100644 --- a/pkg-manager/read-projects-context/CHANGELOG.md +++ b/pkg-manager/read-projects-context/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/read-projects-context +## 1000.0.21 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/normalize-registries@1000.1.3 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/modules-yaml@1000.3.5 + ## 1000.0.20 ### Patch Changes diff --git a/pkg-manager/read-projects-context/package.json b/pkg-manager/read-projects-context/package.json index 4c10e2360a7..50b6f030b41 100644 --- a/pkg-manager/read-projects-context/package.json +++ b/pkg-manager/read-projects-context/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/read-projects-context", - "version": "1000.0.20", + "version": "1000.0.21", "description": "Reads the current state of projects from modules manifest", "keywords": [ "pnpm", diff --git a/pkg-manager/real-hoist/CHANGELOG.md b/pkg-manager/real-hoist/CHANGELOG.md index 1bb41cf7f5f..82a135bcb72 100644 --- a/pkg-manager/real-hoist/CHANGELOG.md +++ b/pkg-manager/real-hoist/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/real-hoist +## 1001.0.17 + +### Patch Changes + +- @pnpm/lockfile.utils@1003.0.1 +- @pnpm/dependency-path@1001.1.1 + ## 1001.0.16 ### Patch Changes diff --git a/pkg-manager/real-hoist/package.json b/pkg-manager/real-hoist/package.json index 75ba0706613..f79fe85870f 100644 --- a/pkg-manager/real-hoist/package.json +++ b/pkg-manager/real-hoist/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/real-hoist", - "version": "1001.0.16", + "version": "1001.0.17", "description": "Hoists dependencies in a node_modules created by pnpm", "keywords": [ "pnpm", diff --git a/pkg-manager/remove-bins/CHANGELOG.md b/pkg-manager/remove-bins/CHANGELOG.md index 85c396d22c5..82be2f261f9 100644 --- a/pkg-manager/remove-bins/CHANGELOG.md +++ b/pkg-manager/remove-bins/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/remove-bins +## 1000.0.13 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/package-bins@1000.0.10 + ## 1000.0.12 ### Patch Changes diff --git a/pkg-manager/remove-bins/package.json b/pkg-manager/remove-bins/package.json index 2e643c45937..99185072a8c 100644 --- a/pkg-manager/remove-bins/package.json +++ b/pkg-manager/remove-bins/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/remove-bins", - "version": "1000.0.12", + "version": "1000.0.13", "description": "Remove bins from .bin", "keywords": [ "pnpm", diff --git a/pkg-manager/resolve-dependencies/CHANGELOG.md b/pkg-manager/resolve-dependencies/CHANGELOG.md index 8752137298d..36f8d355139 100644 --- a/pkg-manager/resolve-dependencies/CHANGELOG.md +++ b/pkg-manager/resolve-dependencies/CHANGELOG.md @@ -1,5 +1,43 @@ # @pnpm/resolve-dependencies +## 1008.1.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.preferred-versions@1000.0.19 + - @pnpm/lockfile.pruner@1001.0.14 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/pick-fetcher@1001.0.0 + - @pnpm/patching.config@1001.0.8 + ## 1008.0.2 ### Patch Changes diff --git a/pkg-manager/resolve-dependencies/package.json b/pkg-manager/resolve-dependencies/package.json index 15dc3936ce5..4d87687bd71 100644 --- a/pkg-manager/resolve-dependencies/package.json +++ b/pkg-manager/resolve-dependencies/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolve-dependencies", - "version": "1008.0.2", + "version": "1008.1.0", "description": "Resolves dependency graph of a package", "keywords": [ "pnpm", diff --git a/pkg-manager/resolve-dependencies/src/resolveDependencies.ts b/pkg-manager/resolve-dependencies/src/resolveDependencies.ts index 830155e6038..89cbc0fe0d8 100644 --- a/pkg-manager/resolve-dependencies/src/resolveDependencies.ts +++ b/pkg-manager/resolve-dependencies/src/resolveDependencies.ts @@ -176,6 +176,8 @@ export interface ResolutionContext { workspacePackages?: WorkspacePackages missingPeersOfChildrenByPkgId: Record hoistPeers?: boolean + maximumPublishedBy?: Date + minimumReleaseAgeExclude?: string[] } export interface MissingPeerInfo { @@ -485,6 +487,9 @@ async function resolveDependenciesOfImporters ( time = result.newTime } } + if (ctx.maximumPublishedBy && (publishedBy == null || publishedBy > ctx.maximumPublishedBy)) { + publishedBy = ctx.maximumPublishedBy + } const pkgAddressesByImportersWithoutPeers = await Promise.all(zipWith(async (importer, { pkgAddresses, postponedResolutionsQueue, postponedPeersResolutionQueue }) => { const newPreferredVersions = Object.create(importer.preferredVersions) as PreferredVersions const currentParentPkgAliases: Record = {} @@ -589,6 +594,7 @@ async function resolveDependenciesOfImporterDependency ( parentPkgAliases: importer.parentPkgAliases, pickLowestVersion: pickLowestVersion && !importer.updatePackageManifest, pinnedVersion: importer.pinnedVersion, + publishedBy: ctx.maximumPublishedBy, }, extendedWantedDep ) @@ -1299,6 +1305,17 @@ async function resolveDependency ( if (!options.updateRequested && options.preferredVersion != null) { wantedDependency.bareSpecifier = replaceVersionInBareSpecifier(wantedDependency.bareSpecifier, options.preferredVersion) } + let publishedBy: Date | undefined + if ( + options.publishedBy && + ( + ctx.minimumReleaseAgeExclude == null || + wantedDependency.alias == null || + !ctx.minimumReleaseAgeExclude.includes(wantedDependency.alias) + ) + ) { + publishedBy = options.publishedBy + } pkgResponse = await ctx.storeController.requestPackage(wantedDependency, { alwaysTryWorkspacePackages: ctx.linkWorkspacePackagesDepth >= options.currentDepth, currentPkg: currentPkg @@ -1312,7 +1329,7 @@ async function resolveDependency ( expectedPkg: currentPkg, defaultTag: ctx.defaultTag, ignoreScripts: ctx.ignoreScripts, - publishedBy: options.publishedBy, + publishedBy, pickLowestVersion: options.pickLowestVersion, downloadPriority: -options.currentDepth, lockfileDir: ctx.lockfileDir, diff --git a/pkg-manager/resolve-dependencies/src/resolveDependencyTree.ts b/pkg-manager/resolve-dependencies/src/resolveDependencyTree.ts index 7fc8c10a5e4..92f1975c064 100644 --- a/pkg-manager/resolve-dependencies/src/resolveDependencyTree.ts +++ b/pkg-manager/resolve-dependencies/src/resolveDependencyTree.ts @@ -133,6 +133,8 @@ export interface ResolveDependenciesOptions { workspacePackages: WorkspacePackages supportedArchitectures?: SupportedArchitectures peersSuffixMaxLength: number + minimumReleaseAge?: number + minimumReleaseAgeExclude?: string[] } export interface ResolveDependencyTreeResult { @@ -193,6 +195,8 @@ export async function resolveDependencyTree ( missingPeersOfChildrenByPkgId: {}, hoistPeers: autoInstallPeers || opts.dedupePeerDependents, allPeerDepNames: new Set(), + maximumPublishedBy: opts.minimumReleaseAge ? new Date(Date.now() - opts.minimumReleaseAge * 60 * 1000) : undefined, + minimumReleaseAgeExclude: opts.minimumReleaseAgeExclude, } const resolveArgs: ImporterToResolve[] = importers.map((importer) => { diff --git a/pkg-manifest/exportable-manifest/CHANGELOG.md b/pkg-manifest/exportable-manifest/CHANGELOG.md index 551c42f9db7..a357c3cf5b6 100644 --- a/pkg-manifest/exportable-manifest/CHANGELOG.md +++ b/pkg-manifest/exportable-manifest/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/exportable-manifest +## 1000.1.4 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + ## 1000.1.3 ### Patch Changes diff --git a/pkg-manifest/exportable-manifest/package.json b/pkg-manifest/exportable-manifest/package.json index a5456fb8610..77f2408efed 100644 --- a/pkg-manifest/exportable-manifest/package.json +++ b/pkg-manifest/exportable-manifest/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exportable-manifest", - "version": "1000.1.3", + "version": "1000.1.4", "description": "Creates an exportable manifest", "keywords": [ "pnpm", diff --git a/pkg-manifest/manifest-utils/CHANGELOG.md b/pkg-manifest/manifest-utils/CHANGELOG.md index a14c375b1b6..b1a56d4b93c 100644 --- a/pkg-manifest/manifest-utils/CHANGELOG.md +++ b/pkg-manifest/manifest-utils/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/manifest-utils +## 1001.0.4 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/core-loggers@1001.0.3 + ## 1001.0.3 ### Patch Changes diff --git a/pkg-manifest/manifest-utils/package.json b/pkg-manifest/manifest-utils/package.json index 80760db5d76..3058092875e 100644 --- a/pkg-manifest/manifest-utils/package.json +++ b/pkg-manifest/manifest-utils/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/manifest-utils", - "version": "1001.0.3", + "version": "1001.0.4", "description": "Utils for dealing with package manifest", "keywords": [ "pnpm", diff --git a/pkg-manifest/read-package-json/CHANGELOG.md b/pkg-manifest/read-package-json/CHANGELOG.md index 16822380448..16e29a76028 100644 --- a/pkg-manifest/read-package-json/CHANGELOG.md +++ b/pkg-manifest/read-package-json/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/read-package-json +## 1000.1.0 + +### Minor Changes + +- e792927: Implemented `readPackageJsonSync`. + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.11 ### Patch Changes diff --git a/pkg-manifest/read-package-json/package.json b/pkg-manifest/read-package-json/package.json index c55d7b927c4..ec7f4cf2b67 100644 --- a/pkg-manifest/read-package-json/package.json +++ b/pkg-manifest/read-package-json/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/read-package-json", - "version": "1000.0.11", + "version": "1000.1.0", "description": "Read a package.json", "keywords": [ "pnpm", diff --git a/pkg-manifest/read-package-json/src/index.ts b/pkg-manifest/read-package-json/src/index.ts index 71b5fe4c945..b2144991d0c 100644 --- a/pkg-manifest/read-package-json/src/index.ts +++ b/pkg-manifest/read-package-json/src/index.ts @@ -4,6 +4,17 @@ import { type PackageManifest } from '@pnpm/types' import loadJsonFile from 'load-json-file' import normalizePackageData from 'normalize-package-data' +export function readPackageJsonSync (pkgPath: string): PackageManifest { + try { + const manifest = loadJsonFile.sync(pkgPath) + normalizePackageData(manifest) + return manifest + } catch (err: any) { // eslint-disable-line + if (err.code) throw err + throw new PnpmError('BAD_PACKAGE_JSON', `${pkgPath}: ${err.message as string}`) + } +} + export async function readPackageJson (pkgPath: string): Promise { try { const manifest = await loadJsonFile(pkgPath) @@ -15,6 +26,10 @@ export async function readPackageJson (pkgPath: string): Promise { return readPackageJson(path.join(pkgPath, 'package.json')) } diff --git a/pkg-manifest/read-project-manifest/CHANGELOG.md b/pkg-manifest/read-project-manifest/CHANGELOG.md index 67df2c798cd..132d1e6040e 100644 --- a/pkg-manifest/read-project-manifest/CHANGELOG.md +++ b/pkg-manifest/read-project-manifest/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/read-project-manifest +## 1001.1.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/write-project-manifest@1000.0.10 + ## 1001.1.0 ### Minor Changes diff --git a/pkg-manifest/read-project-manifest/package.json b/pkg-manifest/read-project-manifest/package.json index 97d9cd069a7..875cd75eea1 100644 --- a/pkg-manifest/read-project-manifest/package.json +++ b/pkg-manifest/read-project-manifest/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/read-project-manifest", - "version": "1001.1.0", + "version": "1001.1.1", "description": "Read a project manifest (called package.json in most cases)", "keywords": [ "pnpm", diff --git a/pkg-manifest/write-project-manifest/CHANGELOG.md b/pkg-manifest/write-project-manifest/CHANGELOG.md index 0b03a981c19..10b52b3d6cf 100644 --- a/pkg-manifest/write-project-manifest/CHANGELOG.md +++ b/pkg-manifest/write-project-manifest/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/write-project-manifest +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/pkg-manifest/write-project-manifest/package.json b/pkg-manifest/write-project-manifest/package.json index 00b0faafcc0..e7d2b06e23f 100644 --- a/pkg-manifest/write-project-manifest/package.json +++ b/pkg-manifest/write-project-manifest/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/write-project-manifest", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Write a project manifest (called package.json in most cases)", "keywords": [ "pnpm", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index b3b947ebd78..3edb5caff3b 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -73,14 +73,14 @@ catalogs: specifier: ^2.0.3 version: 2.0.3 '@pnpm/nopt': - specifier: ^0.2.1 - version: 0.2.1 + specifier: ^0.3.1 + version: 0.3.1 '@pnpm/npm-conf': specifier: 3.0.0 version: 3.0.0 '@pnpm/npm-lifecycle': - specifier: ^1000.0.4 - version: 1000.0.4 + specifier: ^1001.0.0 + version: 1001.0.0 '@pnpm/npm-package-arg': specifier: ^2.0.0 version: 2.0.0 @@ -1539,7 +1539,7 @@ importers: version: link:../../workspace/find-workspace-dir '@pnpm/nopt': specifier: 'catalog:' - version: 0.2.1 + version: 0.3.1 didyoumean2: specifier: 'catalog:' version: 6.0.1 @@ -1567,7 +1567,7 @@ importers: version: link:../../workspace/find-workspace-dir '@pnpm/nopt': specifier: 'catalog:' - version: 0.2.1 + version: 0.3.1 '@pnpm/parse-cli-args': specifier: workspace:^ version: link:../../cli/parse-cli-args @@ -2578,7 +2578,7 @@ importers: version: link:../../pkg-manager/link-bins '@pnpm/npm-lifecycle': specifier: 'catalog:' - version: 1000.0.4(typanion@3.14.0) + version: 1001.0.0(typanion@3.14.0) '@pnpm/read-package-json': specifier: workspace:* version: link:../../pkg-manifest/read-package-json @@ -3444,6 +3444,9 @@ importers: '@pnpm/pnpmfile': specifier: workspace:* version: 'link:' + '@pnpm/test-fixtures': + specifier: workspace:* + version: link:../../__utils__/test-fixtures hooks/read-package-hook: dependencies: @@ -6389,7 +6392,7 @@ importers: version: link:../pkg-manager/modules-yaml '@pnpm/nopt': specifier: 'catalog:' - version: 0.2.1 + version: 0.3.1 '@pnpm/parse-cli-args': specifier: workspace:* version: link:../cli/parse-cli-args @@ -9867,6 +9870,10 @@ packages: resolution: {integrity: sha512-xb9dfSGi1qfUKY3r4Zy9JdC9+ZeaDxwfE7HrrGIEsBVY1hvIn6ntbR7A97z3nk44yX7vwbINNf9sizTp0WEtEw==} engines: {node: '>=18.12'} + '@pnpm/constants@1001.3.0': + resolution: {integrity: sha512-ZFRekNHbDlu//67Byg+mG8zmtmCsfBhNsg1wKBLRtF7VjH+Q5TDGMX0+8aJYSikQDuzM2FOhvQcDwyjILKshJQ==} + engines: {node: '>=18.12'} + '@pnpm/core-loggers@1000.1.4': resolution: {integrity: sha512-cmmEk1YuqCfF1RWqHyEDczp2RSd/Sn4np/9iaSd5TISlY0lFCc8A2CKQvkOf2E7N2kpXf/dS7W0Vb3PzW/5w2Q==} engines: {node: '>=18.12'} @@ -9939,6 +9946,10 @@ packages: resolution: {integrity: sha512-2SfE4FFL73rE1WVIoESbqlj4sLy5nWW4M/RVdHvCRJPjlQHa9MH7m7CVJM204lz6I+eHoB+E7rL3zmpJR5wYnQ==} engines: {node: '>=18.12'} + '@pnpm/error@1000.0.4': + resolution: {integrity: sha512-22mG/Mq4u2r7gr2+XY5j4GlN7J4Mg4WiCfT9flvsUc1uZecShocv6WkyoA20qs14M64f6I+aaWB6b6xsDiITlg==} + engines: {node: '>=18.12'} + '@pnpm/exec.pkg-requires-build@1000.0.8': resolution: {integrity: sha512-8Mx71nPcUEJpLVzl4k/+Yu5Mir8JLg4oWEImkMfLKd9orU/F7A5FIHTeLw4RAnK0MummjmXPwj8UMQgOxkq2eA==} engines: {node: '>=18.12'} @@ -10103,9 +10114,9 @@ packages: resolution: {integrity: sha512-eYwrzhKUBGFdq78rJStGjaHTUHA2VH+Avr//CVx/T+EJkI7hnFmOy6YghvcB2clj8HpO4V8tXRNuFNfRX08ayw==} engines: {node: ^10.17 || >=12.3} - '@pnpm/nopt@0.2.1': - resolution: {integrity: sha512-zkgDE6q3Y6KeZPjqXCk/hRQ2t6iw9JXbdnYZghwpe/HR73e4VmV5JZ5QSFypmSd5Sx4+gjNfAqME5BVAOBCk9g==} - engines: {node: '>=6'} + '@pnpm/nopt@0.3.1': + resolution: {integrity: sha512-5XP6EwsFv8+CtaNJD/pog3CkiwCgux8/edLHV+lgz94g5n65dlwo+jQk+053RPq8vK8ODP9ajZB0oNOp7Fxdvw==} + engines: {node: '>=18.12'} hasBin: true '@pnpm/npm-conf@3.0.0': @@ -10116,6 +10127,10 @@ packages: resolution: {integrity: sha512-sN7dG1UV7jZvMgH2C/qtvriq4PsDkJQekuAHWO3DCw4n9Ef5Edv5nNoyg5I288FFzDsEV963HpyVOqB7x94DNw==} engines: {node: '>=18.12'} + '@pnpm/npm-lifecycle@1001.0.0': + resolution: {integrity: sha512-5jW/GNLdZMiw+PJ8FYSvOghoApSjsORNIro2fj8j6NHAqJxJjcHekC5/NsKaawoI5LAkU/XDDVjNC71Yz+uS1w==} + engines: {node: '>=18.12'} + '@pnpm/npm-package-arg@2.0.0': resolution: {integrity: sha512-429x8dFMgxZoeYUTUPAMC09IeM5yQ86X1LyYEQF1P4uyvhLSCh44QKkiprX9qdwBsV9QxjeNad2QoDZy1RSeRw==} engines: {node: '>=18.12'} @@ -13940,8 +13955,8 @@ packages: engines: {node: ^18.17.0 || >=20.5.0} hasBin: true - node-gyp@11.2.0: - resolution: {integrity: sha512-T0S1zqskVUSxcsSTkAsLc7xCycrRYmtDHadDinzocrThjyQCn5kMlEBSj6H4qDbgsIOSLmmlRIeb0lZXj+UArA==} + node-gyp@11.4.2: + resolution: {integrity: sha512-3gD+6zsrLQH7DyYOUIutaauuXrcyxeTPyQuZQCQoNPZMHMMS5m4y0xclNpvYzoK3VNzuyxT6eF4mkIL4WSZ1eQ==} engines: {node: ^18.17.0 || >=20.5.0} hasBin: true @@ -17347,6 +17362,8 @@ snapshots: '@pnpm/constants@1001.1.0': {} + '@pnpm/constants@1001.3.0': {} + '@pnpm/core-loggers@1000.1.4(@pnpm/logger@1001.0.0)': dependencies: '@pnpm/logger': 1001.0.0 @@ -17481,6 +17498,10 @@ snapshots: dependencies: '@pnpm/constants': 1001.1.0 + '@pnpm/error@1000.0.4': + dependencies: + '@pnpm/constants': 1001.3.0 + '@pnpm/exec.pkg-requires-build@1000.0.8': dependencies: '@pnpm/types': 1000.6.0 @@ -17749,7 +17770,7 @@ snapshots: '@pnpm/network.proxy-agent@2.0.3': dependencies: - '@pnpm/error': 1000.0.2 + '@pnpm/error': 1000.0.4 http-proxy-agent: 7.0.2 https-proxy-agent: 7.0.6 lru-cache: 7.18.3 @@ -17764,7 +17785,7 @@ snapshots: transitivePeerDependencies: - domexception - '@pnpm/nopt@0.2.1': + '@pnpm/nopt@0.3.1': dependencies: abbrev: 1.1.1 @@ -17780,7 +17801,23 @@ snapshots: '@pnpm/error': 1000.0.2 '@yarnpkg/fslib': 3.1.2 '@yarnpkg/shell': 4.0.0(typanion@3.14.0) - node-gyp: 11.2.0 + node-gyp: 11.4.2 + resolve-from: 5.0.0 + slide: 1.1.6 + uid-number: 0.0.6 + umask: 1.1.0 + which: 4.0.0 + transitivePeerDependencies: + - supports-color + - typanion + + '@pnpm/npm-lifecycle@1001.0.0(typanion@3.14.0)': + dependencies: + '@pnpm/byline': 1.0.0 + '@pnpm/error': 1000.0.4 + '@yarnpkg/fslib': 3.1.2 + '@yarnpkg/shell': 4.0.0(typanion@3.14.0) + node-gyp: 11.4.2 resolve-from: 5.0.0 slide: 1.1.6 uid-number: 0.0.6 @@ -17836,11 +17873,11 @@ snapshots: '@pnpm/os.env.path-extender-posix@2.1.0': dependencies: - '@pnpm/error': 1000.0.2 + '@pnpm/error': 1000.0.4 '@pnpm/os.env.path-extender-windows@2.0.3': dependencies: - '@pnpm/error': 1000.0.2 + '@pnpm/error': 1000.0.4 safe-execa: 0.1.4 string.prototype.matchall: 4.0.12 @@ -22597,7 +22634,7 @@ snapshots: - supports-color optional: true - node-gyp@11.2.0: + node-gyp@11.4.2: dependencies: env-paths: 2.2.1 exponential-backoff: 3.1.2 diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index c275f5b9879..bc7b3626cde 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -69,9 +69,9 @@ catalog: '@pnpm/logger': '>=1001.0.0 <1002.0.0' '@pnpm/meta-updater': 2.0.6 '@pnpm/network.agent': ^2.0.3 - '@pnpm/nopt': ^0.2.1 + '@pnpm/nopt': ^0.3.1 '@pnpm/npm-conf': 3.0.0 - '@pnpm/npm-lifecycle': ^1000.0.4 + '@pnpm/npm-lifecycle': ^1001.0.0 '@pnpm/npm-package-arg': ^2.0.0 '@pnpm/os.env.path-extender': ^2.0.3 '@pnpm/patch-package': 0.0.1 diff --git a/pnpm/CHANGELOG.md b/pnpm/CHANGELOG.md index 3bbf57ceb37..c899fe48630 100644 --- a/pnpm/CHANGELOG.md +++ b/pnpm/CHANGELOG.md @@ -1,5 +1,104 @@ # pnpm +## 10.16.0 + +### Minor Changes + +- There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +- Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + + In the past, `pnpm list` and `pnpm why` could only search for dependencies by **name** (and optionally version). For example: + + ``` + pnpm why minimist + ``` + + prints the chain of dependencies to any installed instance of `minimist`: + + ``` + verdaccio 5.20.1 + ├─┬ handlebars 4.7.7 + │ └── minimist 1.2.8 + └─┬ mv 2.1.1 + └─┬ mkdirp 0.5.6 + └── minimist 1.2.8 + ``` + + What if we want to search by **other properties** of a dependency, not just its name? For instance, find all packages that have `react@17` in their peer dependencies? + + This is now possible with "finder functions". Finder functions can be declared in `.pnpmfile.cjs` and invoked with the `--find-by=` flag when running `pnpm list` or `pnpm why`. + + Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our `.pnpmfile.cjs`: + + ```js + module.exports = { + finders: { + react17: (ctx) => { + return ctx.readManifest().peerDependencies?.react === "^17.0.0"; + }, + }, + }; + ``` + + Now we can use this finder function by running: + + ``` + pnpm why --find-by=react17 + ``` + + pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph. + + ``` + @apollo/client 4.0.4 + ├── @graphql-typed-document-node/core 3.2.0 + └── graphql-tag 2.12.6 + ``` + + It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder: + + ```js + module.exports = { + finders: { + react17: (ctx) => { + const manifest = ctx.readManifest(); + if (manifest.peerDependencies?.react === "^17.0.0") { + return `license: ${manifest.license}`; + } + return false; + }, + }, + }; + ``` + + Every matched package will also print out the license from its `package.json`: + + ``` + @apollo/client 4.0.4 + ├── @graphql-typed-document-node/core 3.2.0 + │ license: MIT + └── graphql-tag 2.12.6 + license: MIT + ``` + +### Patch Changes + +- Fix deprecation warning printed when executing pnpm with Node.js 24 [#9529](https://github.com/pnpm/pnpm/issues/9529). +- Throw an error if `nodeVersion` is not set to an exact semver version [#9934](https://github.com/pnpm/pnpm/issues/9934). +- `pnpm publish` should be able to publish a `.tar.gz` file [#9927](https://github.com/pnpm/pnpm/pull/9927). +- Canceling a running process with Ctrl-C should make `pnpm run` return a non-zero exit code [#9626](https://github.com/pnpm/pnpm/issues/9626). + ## 10.15.1 ### Patch Changes diff --git a/pnpm/artifacts/exe/package.json b/pnpm/artifacts/exe/package.json index 09e3e5ea948..8bdb49ae4ba 100644 --- a/pnpm/artifacts/exe/package.json +++ b/pnpm/artifacts/exe/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exe", - "version": "10.15.1", + "version": "10.16.0", "description": "Fast, disk space efficient package manager", "keywords": [ "pnpm", diff --git a/pnpm/artifacts/linux-arm64/package.json b/pnpm/artifacts/linux-arm64/package.json index 1b995d569f0..d773021a71f 100644 --- a/pnpm/artifacts/linux-arm64/package.json +++ b/pnpm/artifacts/linux-arm64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/linux-arm64", - "version": "10.15.1", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/artifacts/linux-x64/package.json b/pnpm/artifacts/linux-x64/package.json index 6a20abd17f8..f509e59885b 100644 --- a/pnpm/artifacts/linux-x64/package.json +++ b/pnpm/artifacts/linux-x64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/linux-x64", - "version": "10.15.1", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/artifacts/macos-arm64/package.json b/pnpm/artifacts/macos-arm64/package.json index bfdd71f402d..74c3ef90359 100644 --- a/pnpm/artifacts/macos-arm64/package.json +++ b/pnpm/artifacts/macos-arm64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/macos-arm64", - "version": "10.15.1", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/artifacts/macos-x64/package.json b/pnpm/artifacts/macos-x64/package.json index a8798e52c98..c45aaa708f4 100644 --- a/pnpm/artifacts/macos-x64/package.json +++ b/pnpm/artifacts/macos-x64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/macos-x64", - "version": "10.15.1", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/artifacts/win-arm64/package.json b/pnpm/artifacts/win-arm64/package.json index 0709582e60c..35293398d6d 100644 --- a/pnpm/artifacts/win-arm64/package.json +++ b/pnpm/artifacts/win-arm64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/win-arm64", - "version": "10.15.1", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/artifacts/win-x64/package.json b/pnpm/artifacts/win-x64/package.json index f865759de7e..2d615211f8e 100644 --- a/pnpm/artifacts/win-x64/package.json +++ b/pnpm/artifacts/win-x64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/win-x64", - "version": "10.15.1", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/dev/CHANGELOG.md b/pnpm/dev/CHANGELOG.md index 1042c668f14..ca143f4c812 100644 --- a/pnpm/dev/CHANGELOG.md +++ b/pnpm/dev/CHANGELOG.md @@ -1,5 +1,12 @@ # pd +## 1000.0.3 + +### Patch Changes + +- @pnpm/workspace.find-packages@1000.0.35 +- @pnpm/workspace.read-manifest@1000.2.3 + ## 1000.0.2 ### Patch Changes diff --git a/pnpm/dev/package.json b/pnpm/dev/package.json index d854dd66f06..2daea15e984 100644 --- a/pnpm/dev/package.json +++ b/pnpm/dev/package.json @@ -1,6 +1,6 @@ { "name": "pd", - "version": "1000.0.2", + "version": "1000.0.3", "bin": "pd.js", "private": true, "scripts": { diff --git a/pnpm/package.json b/pnpm/package.json index cebee477b61..a05655dbf9b 100644 --- a/pnpm/package.json +++ b/pnpm/package.json @@ -1,6 +1,6 @@ { "name": "pnpm", - "version": "10.15.1", + "version": "10.16.0", "description": "Fast, disk space efficient package manager", "keywords": [ "pnpm", diff --git a/pnpm/test/list.ts b/pnpm/test/list.ts index 0f297f6939e..dacaff292c6 100644 --- a/pnpm/test/list.ts +++ b/pnpm/test/list.ts @@ -1,6 +1,7 @@ -import { preparePackages } from '@pnpm/prepare' +import fs from 'fs' +import { prepare, preparePackages } from '@pnpm/prepare' import { sync as writeYamlFile } from 'write-yaml-file' -import { execPnpmSync } from './utils/index.js' +import { execPnpm, execPnpmSync } from './utils/index.js' test('ls --filter=not-exist --json should prints an empty array (#9672)', async () => { preparePackages([ @@ -21,3 +22,23 @@ test('ls --filter=not-exist --json should prints an empty array (#9672)', async const { stdout } = execPnpmSync(['ls', '--filter=project-that-does-not-exist', '--json'], { expectSuccess: true }) expect(JSON.parse(stdout.toString())).toStrictEqual([]) }) + +test('ls should load a finder from .pnpmfile.cjs', async () => { + prepare() + const pnpmfile = ` +module.exports = { finders: { hasPeerA } } +function hasPeerA (context) { + const manifest = context.readManifest() + if (manifest?.peerDependencies?.['@pnpm.e2e/peer-a'] == null) { + return false + } + return \`@pnpm.e2e/peer-a@$\{manifest.peerDependencies['@pnpm.e2e/peer-a']}\` +} +` + fs.writeFileSync('.pnpmfile.cjs', pnpmfile, 'utf8') + await execPnpm(['add', 'is-positive@1.0.0', '@pnpm.e2e/abc@1.0.0']) + const result = execPnpmSync(['list', '--find-by=hasPeerA']) + expect(result.stdout.toString()).toMatch(`dependencies: +@pnpm.e2e/abc 1.0.0 + @pnpm.e2e/peer-a@^1.0.0`) +}) diff --git a/releasing/plugin-commands-deploy/CHANGELOG.md b/releasing/plugin-commands-deploy/CHANGELOG.md index 964b8b83fc6..ee0bb4212aa 100644 --- a/releasing/plugin-commands-deploy/CHANGELOG.md +++ b/releasing/plugin-commands-deploy/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/plugin-commands-deploy +## 1002.0.4 + +### Patch Changes + +- Updated dependencies [c182b2d] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/plugin-commands-installation@1004.6.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/directory-fetcher@1000.1.11 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/fs.indexed-pkg-importer@1000.1.12 + ## 1002.0.3 ### Patch Changes diff --git a/releasing/plugin-commands-deploy/package.json b/releasing/plugin-commands-deploy/package.json index ee3d73fa9c6..839a03fd59e 100644 --- a/releasing/plugin-commands-deploy/package.json +++ b/releasing/plugin-commands-deploy/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-deploy", - "version": "1002.0.3", + "version": "1002.0.4", "description": "Commands for deploy", "keywords": [ "pnpm", diff --git a/releasing/plugin-commands-deploy/src/deploy.ts b/releasing/plugin-commands-deploy/src/deploy.ts index a26edd0dc1f..d9ec4bf4fbf 100644 --- a/releasing/plugin-commands-deploy/src/deploy.ts +++ b/releasing/plugin-commands-deploy/src/deploy.ts @@ -82,7 +82,11 @@ export type DeployOptions = export async function handler (opts: DeployOptions, params: string[]): Promise { if (!opts.workspaceDir) { - throw new PnpmError('CANNOT_DEPLOY', 'A deploy is only possible from inside a workspace') + let hint: string | undefined + if (opts.rootProjectManifest?.scripts?.['deploy'] != null) { + hint = 'Maybe you wanted to invoke "pnpm run deploy"' + } + throw new PnpmError('CANNOT_DEPLOY', 'A deploy is only possible from inside a workspace', { hint }) } const selectedProjects = Object.values(opts.selectedProjectsGraph ?? {}) if (selectedProjects.length === 0) { diff --git a/releasing/plugin-commands-publishing/CHANGELOG.md b/releasing/plugin-commands-publishing/CHANGELOG.md index 5930a5c046f..3e518643053 100644 --- a/releasing/plugin-commands-publishing/CHANGELOG.md +++ b/releasing/plugin-commands-publishing/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/plugin-commands-publishing +## 1000.2.11 + +### Patch Changes + +- d021669: `pnpm publish` should be able to publish a `.tar.gz` file [#9927](https://github.com/pnpm/pnpm/pull/9927). +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/plugin-commands-env@1000.0.36 + - @pnpm/pick-registry-for-package@1000.0.10 + - @pnpm/client@1001.0.4 + - @pnpm/package-bins@1000.0.10 + - @pnpm/exportable-manifest@1000.1.4 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/sort-packages@1000.0.10 + ## 1000.2.10 ### Patch Changes diff --git a/releasing/plugin-commands-publishing/package.json b/releasing/plugin-commands-publishing/package.json index ea6e467bd76..f8fd59d014a 100644 --- a/releasing/plugin-commands-publishing/package.json +++ b/releasing/plugin-commands-publishing/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-publishing", - "version": "1000.2.10", + "version": "1000.2.11", "description": "The pack and publish commands of pnpm", "keywords": [ "pnpm", diff --git a/releasing/plugin-commands-publishing/src/publish.ts b/releasing/plugin-commands-publishing/src/publish.ts index 5b213aa9075..735cc7ce709 100644 --- a/releasing/plugin-commands-publishing/src/publish.ts +++ b/releasing/plugin-commands-publishing/src/publish.ts @@ -206,7 +206,7 @@ Do you want to continue?`, } } - if (dirInParams?.endsWith('.tgz')) { + if (dirInParams != null && (dirInParams.endsWith('.tgz') || dirInParams?.endsWith('.tar.gz'))) { const { status } = runNpm(opts.npmPath, ['publish', dirInParams, ...args]) return { exitCode: status ?? 0 } } diff --git a/resolving/bun-resolver/CHANGELOG.md b/resolving/bun-resolver/CHANGELOG.md index 21efc0d9dbe..97ebd9f2e88 100644 --- a/resolving/bun-resolver/CHANGELOG.md +++ b/resolving/bun-resolver/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/resolving.bun-resolver +## 1000.0.3 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/worker@1000.1.12 + - @pnpm/node.fetcher@1001.0.3 + - @pnpm/fetching.binary-fetcher@1000.0.2 + ## 1000.0.2 ### Patch Changes diff --git a/resolving/bun-resolver/package.json b/resolving/bun-resolver/package.json index 209b935c90d..3eaccd6d81e 100644 --- a/resolving/bun-resolver/package.json +++ b/resolving/bun-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.bun-resolver", - "version": "1000.0.2", + "version": "1000.0.3", "description": "Resolves the Bun runtime", "keywords": [ "pnpm", diff --git a/resolving/default-resolver/CHANGELOG.md b/resolving/default-resolver/CHANGELOG.md index af1ec91d1dc..f4a2cc2a410 100644 --- a/resolving/default-resolver/CHANGELOG.md +++ b/resolving/default-resolver/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/default-resolver +## 1002.2.4 + +### Patch Changes + +- Updated dependencies [38e2599] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/resolving.bun-resolver@1000.0.3 + - @pnpm/resolving.deno-resolver@1000.0.3 + - @pnpm/node.resolver@1001.0.1 + - @pnpm/local-resolver@1002.1.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/git-resolver@1001.1.4 + - @pnpm/tarball-resolver@1002.1.3 + ## 1002.2.3 ### Patch Changes diff --git a/resolving/default-resolver/package.json b/resolving/default-resolver/package.json index f01bf274a0f..acdb189643a 100644 --- a/resolving/default-resolver/package.json +++ b/resolving/default-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/default-resolver", - "version": "1002.2.3", + "version": "1002.2.4", "description": "pnpm's default package resolver", "keywords": [ "pnpm", diff --git a/resolving/deno-resolver/CHANGELOG.md b/resolving/deno-resolver/CHANGELOG.md index c2090bfc666..12efcd436f3 100644 --- a/resolving/deno-resolver/CHANGELOG.md +++ b/resolving/deno-resolver/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/resolving.deno-resolver +## 1000.0.3 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/worker@1000.1.12 + - @pnpm/node.fetcher@1001.0.3 + - @pnpm/fetching.binary-fetcher@1000.0.2 + ## 1000.0.2 ### Patch Changes diff --git a/resolving/deno-resolver/package.json b/resolving/deno-resolver/package.json index f3e033f7f54..90822b92b57 100644 --- a/resolving/deno-resolver/package.json +++ b/resolving/deno-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.deno-resolver", - "version": "1000.0.2", + "version": "1000.0.3", "description": "Resolves the Deno runtime", "keywords": [ "pnpm", diff --git a/resolving/git-resolver/CHANGELOG.md b/resolving/git-resolver/CHANGELOG.md index 7782f701f9a..e1a262512f5 100644 --- a/resolving/git-resolver/CHANGELOG.md +++ b/resolving/git-resolver/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/git-resolver +## 1001.1.4 + +### Patch Changes + +- @pnpm/fetch@1000.2.5 +- @pnpm/resolver-base@1005.0.1 + ## 1001.1.3 ### Patch Changes diff --git a/resolving/git-resolver/package.json b/resolving/git-resolver/package.json index 628a4a89206..867b1aa1089 100644 --- a/resolving/git-resolver/package.json +++ b/resolving/git-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/git-resolver", - "version": "1001.1.3", + "version": "1001.1.4", "description": "Resolver for git-hosted packages", "keywords": [ "pnpm", diff --git a/resolving/local-resolver/CHANGELOG.md b/resolving/local-resolver/CHANGELOG.md index 6a5398c50d7..69b72ba2583 100644 --- a/resolving/local-resolver/CHANGELOG.md +++ b/resolving/local-resolver/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/local-resolver +## 1002.1.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/crypto.hash@1000.2.0 + ## 1002.1.0 ### Minor Changes diff --git a/resolving/local-resolver/package.json b/resolving/local-resolver/package.json index b1d3f28385b..9c5dc454e33 100644 --- a/resolving/local-resolver/package.json +++ b/resolving/local-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/local-resolver", - "version": "1002.1.0", + "version": "1002.1.1", "description": "Resolver for local packages", "keywords": [ "pnpm", diff --git a/resolving/npm-resolver/CHANGELOG.md b/resolving/npm-resolver/CHANGELOG.md index 4a1cb03bc36..39063df42ff 100644 --- a/resolving/npm-resolver/CHANGELOG.md +++ b/resolving/npm-resolver/CHANGELOG.md @@ -1,5 +1,31 @@ # @pnpm/npm-resolver +## 1004.2.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/pick-registry-for-package@1000.0.10 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/crypto.hash@1000.2.0 + ## 1004.1.3 ### Patch Changes diff --git a/resolving/npm-resolver/package.json b/resolving/npm-resolver/package.json index 9b724687fc5..16a98dca06c 100644 --- a/resolving/npm-resolver/package.json +++ b/resolving/npm-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/npm-resolver", - "version": "1004.1.3", + "version": "1004.2.0", "description": "Resolver for npm-hosted packages", "keywords": [ "pnpm", diff --git a/resolving/npm-resolver/src/index.ts b/resolving/npm-resolver/src/index.ts index 9b236d916d1..854bd6ffd5d 100644 --- a/resolving/npm-resolver/src/index.ts +++ b/resolving/npm-resolver/src/index.ts @@ -75,6 +75,7 @@ export interface ResolverFactoryOptions { registries: Registries saveWorkspaceProtocol?: boolean | 'rolling' preserveAbsolutePaths?: boolean + strictPublishedByCheck?: boolean } export interface NpmResolveResult extends ResolveResult { @@ -132,6 +133,7 @@ export function createNpmResolver ( offline: opts.offline, preferOffline: opts.preferOffline, cacheDir: opts.cacheDir, + strictPublishedByCheck: opts.strictPublishedByCheck, }), registries: opts.registries, saveWorkspaceProtocol: opts.saveWorkspaceProtocol, diff --git a/resolving/npm-resolver/src/pickPackage.ts b/resolving/npm-resolver/src/pickPackage.ts index d5874e0a91d..c762ed17492 100644 --- a/resolving/npm-resolver/src/pickPackage.ts +++ b/resolving/npm-resolver/src/pickPackage.ts @@ -25,6 +25,10 @@ export interface PackageMeta { cachedAt?: number } +export interface PackageMetaWithTime extends PackageMeta { + time: PackageMetaTime +} + export type PackageMetaTime = Record & { unpublished?: { time: string @@ -90,6 +94,15 @@ export interface PickPackageOptions { updateToLatest?: boolean } +function pickPackageFromMetaUsingTimeStrict ( + spec: RegistryPackageSpec, + preferredVersionSelectors: VersionSelectors | undefined, + meta: PackageMeta, + publishedBy?: Date +): PackageInRegistry | null { + return pickPackageFromMeta(pickVersionByVersionRange, spec, preferredVersionSelectors, meta, publishedBy) +} + function pickPackageFromMetaUsingTime ( spec: RegistryPackageSpec, preferredVersionSelectors: VersionSelectors | undefined, @@ -98,7 +111,7 @@ function pickPackageFromMetaUsingTime ( ): PackageInRegistry | null { const pickedPackage = pickPackageFromMeta(pickVersionByVersionRange, spec, preferredVersionSelectors, meta, publishedBy) if (pickedPackage) return pickedPackage - return pickPackageFromMeta(pickLowestVersionByVersionRange, spec, preferredVersionSelectors, meta, publishedBy) + return pickPackageFromMeta(pickLowestVersionByVersionRange, spec, preferredVersionSelectors, meta) } export async function pickPackage ( @@ -110,6 +123,7 @@ export async function pickPackage ( offline?: boolean preferOffline?: boolean filterMetadata?: boolean + strictPublishedByCheck?: boolean }, spec: RegistryPackageSpec, opts: PickPackageOptions @@ -117,7 +131,7 @@ export async function pickPackage ( opts = opts || {} let _pickPackageFromMeta = opts.publishedBy - ? pickPackageFromMetaUsingTime + ? (ctx.strictPublishedByCheck ? pickPackageFromMetaUsingTimeStrict : pickPackageFromMetaUsingTime) : (pickPackageFromMeta.bind(null, opts.pickLowestVersion ? pickLowestVersionByVersionRange : pickVersionByVersionRange)) if (opts.updateToLatest) { @@ -186,11 +200,17 @@ export async function pickPackage ( if (opts.publishedBy) { metaCachedInStore = metaCachedInStore ?? await limit(async () => loadMeta(pkgMirror)) if (metaCachedInStore?.cachedAt && new Date(metaCachedInStore.cachedAt) >= opts.publishedBy) { - const pickedPackage = _pickPackageFromMeta(spec, opts.preferredVersionSelectors, metaCachedInStore, opts.publishedBy) - if (pickedPackage) { - return { - meta: metaCachedInStore, - pickedPackage, + try { + const pickedPackage = _pickPackageFromMeta(spec, opts.preferredVersionSelectors, metaCachedInStore, opts.publishedBy) + if (pickedPackage) { + return { + meta: metaCachedInStore, + pickedPackage, + } + } + } catch (err) { + if (ctx.strictPublishedByCheck) { + throw err } } } diff --git a/resolving/npm-resolver/src/pickPackageFromMeta.ts b/resolving/npm-resolver/src/pickPackageFromMeta.ts index 744f1a5c6e6..bd30a8cee6d 100644 --- a/resolving/npm-resolver/src/pickPackageFromMeta.ts +++ b/resolving/npm-resolver/src/pickPackageFromMeta.ts @@ -1,16 +1,19 @@ import { PnpmError } from '@pnpm/error' +import { globalWarn } from '@pnpm/logger' import { type VersionSelectors } from '@pnpm/resolver-base' import semver from 'semver' import util from 'util' import { type RegistryPackageSpec } from './parseBareSpecifier.js' -import { type PackageInRegistry, type PackageMeta } from './pickPackage.js' +import { type PackageInRegistry, type PackageMeta, type PackageMetaWithTime } from './pickPackage.js' -export type PickVersionByVersionRange = ( - meta: PackageMeta, - versionRange: string, - preferredVerSels?: VersionSelectors, +export interface PickVersionByVersionRangeOptions { + meta: PackageMeta + versionRange: string + preferredVersionSelectors?: VersionSelectors publishedBy?: Date -) => string | null +} + +export type PickVersionByVersionRange = (options: PickVersionByVersionRangeOptions) => string | null export function pickPackageFromMeta ( pickVersionByVersionRangeFn: PickVersionByVersionRange, @@ -19,6 +22,10 @@ export function pickPackageFromMeta ( meta: PackageMeta, publishedBy?: Date ): PackageInRegistry | null { + if (publishedBy) { + assertMetaHasTime(meta) + meta = filterMetaByPublishedDate(meta, publishedBy) + } if ((!meta.versions || Object.keys(meta.versions).length === 0) && !publishedBy) { // Unfortunately, the npm registry doesn't return the time field in the abbreviated metadata. // So we won't always know if the package was unpublished. @@ -37,7 +44,12 @@ export function pickPackageFromMeta ( version = meta['dist-tags'][spec.fetchSpec] break case 'range': - version = pickVersionByVersionRangeFn(meta, spec.fetchSpec, preferredVersionSelectors, publishedBy) + version = pickVersionByVersionRangeFn({ + meta, + versionRange: spec.fetchSpec, + preferredVersionSelectors, + publishedBy, + }) break } if (!version) return null @@ -67,6 +79,12 @@ export function pickPackageFromMeta ( } } +function assertMetaHasTime (meta: PackageMeta): asserts meta is PackageMetaWithTime { + if (meta.time == null) { + throw new PnpmError('MISSING_TIME', `The metadata of ${meta.name} is missing the "time" field`) + } +} + const semverRangeCache = new Map() // This is a performance optimization; working with string-ish semver @@ -95,12 +113,10 @@ function semverSatisfiesLoose (version: string, range: string): boolean { } export function pickLowestVersionByVersionRange ( - meta: PackageMeta, - versionRange: string, - preferredVerSels?: VersionSelectors + { meta, versionRange, preferredVersionSelectors }: PickVersionByVersionRangeOptions ): string | null { - if (preferredVerSels != null && Object.keys(preferredVerSels).length > 0) { - const prioritizedPreferredVersions = prioritizePreferredVersions(meta, versionRange, preferredVerSels) + if (preferredVersionSelectors != null && Object.keys(preferredVersionSelectors).length > 0) { + const prioritizedPreferredVersions = prioritizePreferredVersions(meta, versionRange, preferredVersionSelectors) for (const preferredVersions of prioritizedPreferredVersions) { const preferredVersion = semver.minSatisfying(preferredVersions, versionRange, true) if (preferredVersion) { @@ -114,16 +130,11 @@ export function pickLowestVersionByVersionRange ( return semver.minSatisfying(Object.keys(meta.versions), versionRange, true) } -export function pickVersionByVersionRange ( - meta: PackageMeta, - versionRange: string, - preferredVerSels?: VersionSelectors, - publishedBy?: Date -): string | null { - let latest: string | undefined = meta['dist-tags'].latest +export function pickVersionByVersionRange ({ meta, versionRange, preferredVersionSelectors }: PickVersionByVersionRangeOptions): string | null { + const latest: string | undefined = meta['dist-tags'].latest - if (preferredVerSels != null && Object.keys(preferredVerSels).length > 0) { - const prioritizedPreferredVersions = prioritizePreferredVersions(meta, versionRange, preferredVerSels) + if (preferredVersionSelectors != null && Object.keys(preferredVersionSelectors).length > 0) { + const prioritizedPreferredVersions = prioritizePreferredVersions(meta, versionRange, preferredVersionSelectors) for (const preferredVersions of prioritizedPreferredVersions) { if (preferredVersions.includes(latest) && semverSatisfiesLoose(latest, versionRange)) { return latest @@ -135,16 +146,7 @@ export function pickVersionByVersionRange ( } } - let versions = Object.keys(meta.versions) - if (publishedBy) { - if (meta.time == null) { - throw new PnpmError('MISSING_TIME', `The metadata of ${meta.name} is missing the "time" field`) - } - versions = versions.filter(version => new Date(meta.time![version]) <= publishedBy) - if (!versions.includes(latest)) { - latest = undefined - } - } + const versions = Object.keys(meta.versions) if (latest && (versionRange === '*' || semverSatisfiesLoose(latest, versionRange))) { // Not using semver.satisfies in case of * because it does not select beta versions. // E.g.: 1.0.0-beta.1. See issue: https://github.com/pnpm/pnpm/issues/865 @@ -225,3 +227,58 @@ class PreferredVersionsPrioritizer { .map((weight) => versionsByWeight[parseInt(weight, 10)]) } } + +function filterMetaByPublishedDate (meta: PackageMetaWithTime, publishedBy: Date): PackageMeta { + const versionsWithinDate: PackageMeta['versions'] = {} + for (const version in meta.versions) { + if (!Object.hasOwn(meta.versions, version)) continue + const timeStr = meta.time[version] + if (timeStr && new Date(timeStr) <= publishedBy) { + versionsWithinDate[version] = meta.versions[version] + } + } + + const distTagsWithinDate: PackageMeta['dist-tags'] = {} + const allDistTags = meta['dist-tags'] ?? {} + for (const tag in allDistTags) { + if (!Object.hasOwn(allDistTags, tag)) continue + const distTagVersion = allDistTags[tag] + if (versionsWithinDate[distTagVersion]) { + distTagsWithinDate[tag] = distTagVersion + continue + } + // Repopulate the tag to the highest version available within date that has the same major as the original tag's version + let originalSemVer: semver.SemVer | null = null + try { + originalSemVer = new semver.SemVer(distTagVersion, true) + } catch { + continue + } + const originalMajor = originalSemVer.major + let bestVersion: string | undefined + const originalMajorPrefix = `${originalMajor}.` + for (const candidate in versionsWithinDate) { + if (!Object.hasOwn(versionsWithinDate, candidate) || !candidate.startsWith(originalMajorPrefix)) continue + if (!bestVersion) { + bestVersion = candidate + } else { + try { + if (semver.gt(candidate, bestVersion, true)) { + bestVersion = candidate + } + } catch (err) { + globalWarn(`Failed to compare semver versions ${candidate} and ${bestVersion} from packument of ${meta.name}, skipping candidate version.`) + } + } + } + if (bestVersion) { + distTagsWithinDate[tag] = bestVersion + } + } + + return { + ...meta, + versions: versionsWithinDate, + 'dist-tags': distTagsWithinDate, + } +} diff --git a/resolving/npm-resolver/test/distTagsByDate.test.ts b/resolving/npm-resolver/test/distTagsByDate.test.ts new file mode 100644 index 00000000000..647ee8b1f04 --- /dev/null +++ b/resolving/npm-resolver/test/distTagsByDate.test.ts @@ -0,0 +1,115 @@ +import { createFetchFromRegistry } from '@pnpm/fetch' +import { createNpmResolver } from '@pnpm/npm-resolver' +import { type Registries } from '@pnpm/types' +import nock from 'nock' +import tempy from 'tempy' + +const registries: Registries = { + default: 'https://registry.npmjs.org/', +} + +const fetch = createFetchFromRegistry({}) +const getAuthHeader = () => undefined +const createResolveFromNpm = createNpmResolver.bind(null, fetch, getAuthHeader) + +afterEach(() => { + nock.cleanAll() + nock.disableNetConnect() +}) + +beforeEach(() => { + nock.enableNetConnect() +}) + +test('repopulate dist-tag to highest same-major version within the date cutoff', async () => { + const name = 'dist-tag-date' + const meta = { + name, + versions: { + '3.0.0': { + name, + version: '3.0.0', + dist: { tarball: `https://registry.npmjs.org/${name}/-/${name}-3.0.0.tgz` }, + }, + '3.1.0': { + name, + version: '3.1.0', + dist: { tarball: `https://registry.npmjs.org/${name}/-/${name}-3.1.0.tgz` }, + }, + '3.2.0': { + name, + version: '3.2.0', + dist: { tarball: `https://registry.npmjs.org/${name}/-/${name}-3.2.0.tgz` }, + }, + '2.9.9': { + name, + version: '2.9.9', + dist: { tarball: `https://registry.npmjs.org/${name}/-/${name}-2.9.9.tgz` }, + }, + }, + 'dist-tags': { + latest: '3.2.0', + }, + time: { + '2.9.9': '2020-01-01T00:00:00.000Z', + '3.0.0': '2020-02-01T00:00:00.000Z', + '3.1.0': '2020-03-01T00:00:00.000Z', + '3.2.0': '2020-05-01T00:00:00.000Z', + }, + } + + // Cutoff before 3.2.0, so latest must be remapped to 3.1.0 (same major 3) + const cutoff = new Date('2020-04-01T00:00:00.000Z') + + nock(registries.default) + .get(`/${name}`) + .reply(200, meta) + + const cacheDir = tempy.directory() + const { resolveFromNpm } = createResolveFromNpm({ + cacheDir, + fullMetadata: true, + registries, + }) + + const res = await resolveFromNpm({ alias: name, bareSpecifier: 'latest' }, { + publishedBy: cutoff, + }) + + expect(res!.id).toBe(`${name}@3.1.0`) +}) + +test('keep dist-tag if original version is within the date cutoff', async () => { + const name = 'dist-tag-date-keep' + const meta = { + name, + versions: { + '1.0.0': { + name, + version: '1.0.0', + dist: { tarball: `https://registry.npmjs.org/${name}/-/${name}-1.0.0.tgz` }, + }, + }, + 'dist-tags': { latest: '1.0.0' }, + time: { '1.0.0': '2020-01-01T00:00:00.000Z' }, + } + + const cutoff = new Date('2020-02-01T00:00:00.000Z') + + nock(registries.default) + .get(`/${name}`) + .reply(200, meta) + + const cacheDir = tempy.directory() + const { resolveFromNpm } = createResolveFromNpm({ + cacheDir, + fullMetadata: true, + registries, + }) + + const res = await resolveFromNpm({ alias: name, bareSpecifier: 'latest' }, { + publishedBy: cutoff, + }) + + expect(res!.id).toBe(`${name}@1.0.0`) +}) diff --git a/resolving/resolver-base/CHANGELOG.md b/resolving/resolver-base/CHANGELOG.md index d8313735dcf..26f32be8ebc 100644 --- a/resolving/resolver-base/CHANGELOG.md +++ b/resolving/resolver-base/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/resolver-base +## 1005.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1005.0.0 ### Major Changes diff --git a/resolving/resolver-base/package.json b/resolving/resolver-base/package.json index 3dbd42570c0..f065bfb6ef8 100644 --- a/resolving/resolver-base/package.json +++ b/resolving/resolver-base/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolver-base", - "version": "1005.0.0", + "version": "1005.0.1", "description": "Types for pnpm-compatible resolvers", "keywords": [ "pnpm", diff --git a/resolving/tarball-resolver/CHANGELOG.md b/resolving/tarball-resolver/CHANGELOG.md index 9bf7f186c6d..77a9ab4fb23 100644 --- a/resolving/tarball-resolver/CHANGELOG.md +++ b/resolving/tarball-resolver/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/tarball-resolver +## 1002.1.3 + +### Patch Changes + +- @pnpm/resolver-base@1005.0.1 + ## 1002.1.2 ### Patch Changes diff --git a/resolving/tarball-resolver/package.json b/resolving/tarball-resolver/package.json index 244c2605d56..64f1f091742 100644 --- a/resolving/tarball-resolver/package.json +++ b/resolving/tarball-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/tarball-resolver", - "version": "1002.1.2", + "version": "1002.1.3", "description": "Resolver for tarball dependencies", "keywords": [ "pnpm", diff --git a/reviewing/dependencies-hierarchy/CHANGELOG.md b/reviewing/dependencies-hierarchy/CHANGELOG.md index 63bee233058..495f37397d0 100644 --- a/reviewing/dependencies-hierarchy/CHANGELOG.md +++ b/reviewing/dependencies-hierarchy/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/reviewing.dependencies-hierarchy +## 1001.1.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/normalize-registries@1000.1.3 + - @pnpm/lockfile.detect-dep-types@1001.0.14 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/modules-yaml@1000.3.5 + ## 1001.0.19 ### Patch Changes diff --git a/reviewing/dependencies-hierarchy/package.json b/reviewing/dependencies-hierarchy/package.json index 9774effa94e..c819abb10fb 100644 --- a/reviewing/dependencies-hierarchy/package.json +++ b/reviewing/dependencies-hierarchy/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/reviewing.dependencies-hierarchy", - "version": "1001.0.19", + "version": "1001.1.0", "description": "Creates a dependencies hierarchy for a symlinked `node_modules`", "keywords": [ "pnpm", diff --git a/reviewing/dependencies-hierarchy/src/PackageNode.ts b/reviewing/dependencies-hierarchy/src/PackageNode.ts index ed4e8b59498..929963f187b 100644 --- a/reviewing/dependencies-hierarchy/src/PackageNode.ts +++ b/reviewing/dependencies-hierarchy/src/PackageNode.ts @@ -12,4 +12,5 @@ export interface PackageNode { resolved?: string searched?: true version: string + searchMessage?: string } diff --git a/reviewing/dependencies-hierarchy/src/buildDependenciesHierarchy.ts b/reviewing/dependencies-hierarchy/src/buildDependenciesHierarchy.ts index 2ebdf73cb12..26c9bb1d709 100644 --- a/reviewing/dependencies-hierarchy/src/buildDependenciesHierarchy.ts +++ b/reviewing/dependencies-hierarchy/src/buildDependenciesHierarchy.ts @@ -11,13 +11,12 @@ import { detectDepTypes } from '@pnpm/lockfile.detect-dep-types' import { readModulesManifest } from '@pnpm/modules-yaml' import { normalizeRegistries } from '@pnpm/normalize-registries' import { readModulesDir } from '@pnpm/read-modules-dir' -import { safeReadPackageJsonFromDir } from '@pnpm/read-package-json' -import { type DependenciesField, DEPENDENCIES_FIELDS, type Registries } from '@pnpm/types' +import { safeReadPackageJsonFromDir, readPackageJsonFromDirSync } from '@pnpm/read-package-json' +import { type DependenciesField, type Finder, DEPENDENCIES_FIELDS, type Registries } from '@pnpm/types' import normalizePath from 'normalize-path' import realpathMissing from 'realpath-missing' import resolveLinkTarget from 'resolve-link-target' import { type PackageNode } from './PackageNode.js' -import { type SearchFunction } from './types.js' import { getTree } from './getTree.js' import { getTreeNodeChildId } from './getTreeNodeChildId.js' import { getPkgInfo } from './getPkgInfo.js' @@ -38,7 +37,7 @@ export async function buildDependenciesHierarchy ( include?: { [dependenciesField in DependenciesField]: boolean } registries?: Registries onlyProjects?: boolean - search?: SearchFunction + search?: Finder lockfileDir: string modulesDir?: string virtualStoreDirMaxLength: number @@ -109,7 +108,7 @@ async function dependenciesHierarchyForPackage ( include: { [dependenciesField in DependenciesField]: boolean } registries: Registries onlyProjects?: boolean - search?: SearchFunction + search?: Finder skipped: Set lockfileDir: string modulesDir?: string @@ -152,7 +151,7 @@ async function dependenciesHierarchyForPackage ( result[dependenciesField] = [] for (const alias in topDeps) { const ref = topDeps[alias] - const packageInfo = getPkgInfo({ + const { pkgInfo: packageInfo, readManifest } = getPkgInfo({ alias, currentPackages: currentLockfile.packages ?? {}, depTypes, @@ -166,7 +165,11 @@ async function dependenciesHierarchyForPackage ( virtualStoreDirMaxLength: opts.virtualStoreDirMaxLength, }) let newEntry: PackageNode | null = null - const matchedSearched = opts.search?.(packageInfo) + const matchedSearched = opts.search?.({ + name: packageInfo.name, + version: packageInfo.version, + readManifest, + }) const nodeId = getTreeNodeChildId({ parentId, dep: { alias, ref }, @@ -192,6 +195,9 @@ async function dependenciesHierarchyForPackage ( if (newEntry != null) { if (matchedSearched) { newEntry.searched = true + if (typeof matchedSearched === 'string') { + newEntry.searchMessage = matchedSearched + } } result[dependenciesField]!.push(newEntry) } @@ -219,11 +225,18 @@ async function dependenciesHierarchyForPackage ( path: pkgPath, version, } - const matchedSearched = opts.search?.(pkg) + const matchedSearched = opts.search?.({ + name: pkg.name, + version: pkg.version, + readManifest: () => readPackageJsonFromDirSync(pkgPath), + }) if ((opts.search != null) && !matchedSearched) return const newEntry: PackageNode = pkg if (matchedSearched) { newEntry.searched = true + if (typeof matchedSearched === 'string') { + newEntry.searchMessage = matchedSearched + } } result.unsavedDependencies = result.unsavedDependencies ?? [] result.unsavedDependencies.push(newEntry) diff --git a/reviewing/dependencies-hierarchy/src/createPackagesSearcher.ts b/reviewing/dependencies-hierarchy/src/createPackagesSearcher.ts index 0014b7f64e4..e25b0f64bfe 100644 --- a/reviewing/dependencies-hierarchy/src/createPackagesSearcher.ts +++ b/reviewing/dependencies-hierarchy/src/createPackagesSearcher.ts @@ -1,13 +1,31 @@ import { createMatcher } from '@pnpm/matcher' import npa from '@pnpm/npm-package-arg' -import { type SearchFunction } from './types.js' +import { type FinderContext, type Finder } from '@pnpm/types' import semver from 'semver' -export function createPackagesSearcher (queries: string[]): SearchFunction { - const searchers: SearchFunction[] = queries +export function createPackagesSearcher (queries: string[], finders?: Finder[]): Finder { + const searchers: Finder[] = queries .map(parseSearchQuery) .map((packageSelector) => search.bind(null, packageSelector)) - return (pkg) => searchers.some((search) => search(pkg)) + return (pkg) => { + if (searchers.length > 0 && searchers.some((search) => search(pkg))) { + return true + } + if (finders == null) return false + const messages: string[] = [] + let found = false + for (const finder of finders) { + const result = finder(pkg) + if (result) { + found = true + if (typeof result === 'string') { + messages.push(result) + } + } + } + if (messages.length) return messages.join('\n') + return found + } } type MatchFunction = (entry: string) => boolean @@ -17,15 +35,15 @@ function search ( matchName: MatchFunction matchVersion?: MatchFunction }, - pkg: { name: string, version: string } + { name, version }: FinderContext ): boolean { - if (!packageSelector.matchName(pkg.name)) { + if (!packageSelector.matchName(name)) { return false } if (packageSelector.matchVersion == null) { return true } - return !pkg.version.startsWith('link:') && packageSelector.matchVersion(pkg.version) + return !version.startsWith('link:') && packageSelector.matchVersion(version) } interface ParsedSearchQuery { diff --git a/reviewing/dependencies-hierarchy/src/getPkgInfo.ts b/reviewing/dependencies-hierarchy/src/getPkgInfo.ts index eba590ad6a6..7ed5de78c6b 100644 --- a/reviewing/dependencies-hierarchy/src/getPkgInfo.ts +++ b/reviewing/dependencies-hierarchy/src/getPkgInfo.ts @@ -9,8 +9,9 @@ import { pkgSnapshotToResolution, } from '@pnpm/lockfile.utils' import { type DepTypes, DepType } from '@pnpm/lockfile.detect-dep-types' -import { type Registries } from '@pnpm/types' +import { type DependencyManifest, type Registries } from '@pnpm/types' import { depPathToFilename, refToRelative } from '@pnpm/dependency-path' +import { readPackageJsonFromDirSync } from '@pnpm/read-package-json' import normalizePath from 'normalize-path' export interface GetPkgInfoOpts { @@ -40,7 +41,7 @@ export interface GetPkgInfoOpts { readonly rewriteLinkVersionDir?: string } -export function getPkgInfo (opts: GetPkgInfoOpts): PackageInfo { +export function getPkgInfo (opts: GetPkgInfoOpts): { pkgInfo: PackageInfo, readManifest: () => DependencyManifest } { let name!: string let version: string let resolved: string | undefined @@ -107,7 +108,10 @@ export function getPkgInfo (opts: GetPkgInfoOpts): PackageInfo { } else if (depType === DepType.ProdOnly) { packageInfo.dev = false } - return packageInfo + return { + pkgInfo: packageInfo, + readManifest: () => readPackageJsonFromDirSync(fullPackagePath), + } } interface PackageInfo { diff --git a/reviewing/dependencies-hierarchy/src/getTree.ts b/reviewing/dependencies-hierarchy/src/getTree.ts index 291b55a2c94..88c8d3b41e5 100644 --- a/reviewing/dependencies-hierarchy/src/getTree.ts +++ b/reviewing/dependencies-hierarchy/src/getTree.ts @@ -1,8 +1,7 @@ import path from 'path' import { type PackageSnapshots, type ProjectSnapshot } from '@pnpm/lockfile.fs' import { type DepTypes } from '@pnpm/lockfile.detect-dep-types' -import { type Registries } from '@pnpm/types' -import { type SearchFunction } from './types.js' +import { type Finder, type Registries } from '@pnpm/types' import { type PackageNode } from './PackageNode.js' import { getPkgInfo } from './getPkgInfo.js' import { getTreeNodeChildId } from './getTreeNodeChildId.js' @@ -16,7 +15,7 @@ interface GetTreeOpts { excludePeerDependencies?: boolean lockfileDir: string onlyProjects?: boolean - search?: SearchFunction + search?: Finder skipped: Set registries: Registries importers: Record @@ -127,7 +126,7 @@ function getTreeHelper ( for (const alias in deps) { const ref = deps[alias] - const packageInfo = getPkgInfo({ + const { pkgInfo: packageInfo, readManifest } = getPkgInfo({ alias, currentPackages: opts.currentPackages, depTypes: opts.depTypes, @@ -142,7 +141,11 @@ function getTreeHelper ( virtualStoreDirMaxLength: opts.virtualStoreDirMaxLength, }) let circular: boolean - const matchedSearched = opts.search?.(packageInfo) + const matchedSearched = opts.search?.({ + name: packageInfo.name, + version: packageInfo.version, + readManifest, + }) let newEntry: PackageNode | null = null const nodeId = getTreeNodeChildId({ parentId, @@ -210,6 +213,9 @@ function getTreeHelper ( } if (matchedSearched) { newEntry.searched = true + if (typeof matchedSearched === 'string') { + newEntry.searchMessage = matchedSearched + } } if (!newEntry.isPeer || !opts.excludePeerDependencies || newEntry.dependencies?.length) { resultDependencies.push(newEntry) diff --git a/reviewing/dependencies-hierarchy/src/index.ts b/reviewing/dependencies-hierarchy/src/index.ts index ac6d0bad2d9..525b73f68f0 100644 --- a/reviewing/dependencies-hierarchy/src/index.ts +++ b/reviewing/dependencies-hierarchy/src/index.ts @@ -1,4 +1,3 @@ export { buildDependenciesHierarchy, type DependenciesHierarchy } from './buildDependenciesHierarchy.js' export { type PackageNode } from './PackageNode.js' -export { type SearchFunction } from './types.js' export { createPackagesSearcher } from './createPackagesSearcher.js' diff --git a/reviewing/dependencies-hierarchy/src/types.ts b/reviewing/dependencies-hierarchy/src/types.ts deleted file mode 100644 index e5862213146..00000000000 --- a/reviewing/dependencies-hierarchy/src/types.ts +++ /dev/null @@ -1 +0,0 @@ -export type SearchFunction = (pkg: { name: string, version: string }) => boolean diff --git a/reviewing/dependencies-hierarchy/test/createPackagesSearcher.spec.ts b/reviewing/dependencies-hierarchy/test/createPackagesSearcher.spec.ts index 0dc7c824c97..6d6436f5aaa 100644 --- a/reviewing/dependencies-hierarchy/test/createPackagesSearcher.spec.ts +++ b/reviewing/dependencies-hierarchy/test/createPackagesSearcher.spec.ts @@ -1,25 +1,44 @@ +import { type DependencyManifest } from '@pnpm/types' import { createPackagesSearcher } from '../lib/createPackagesSearcher.js' test('packages searcher', () => { { const search = createPackagesSearcher(['rimraf@*']) - expect(search({ name: 'rimraf', version: '1.0.0' })).toBeTruthy() - expect(search({ name: 'express', version: '1.0.0' })).not.toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '1.0.0' }))).toBeTruthy() + expect(search(mockContext({ name: 'express', version: '1.0.0' }))).not.toBeTruthy() } { const search = createPackagesSearcher(['rim*']) - expect(search({ name: 'rimraf', version: '1.0.0' })).toBeTruthy() - expect(search({ name: 'express', version: '1.0.0' })).not.toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '1.0.0' }))).toBeTruthy() + expect(search(mockContext({ name: 'express', version: '1.0.0' }))).not.toBeTruthy() } { const search = createPackagesSearcher(['rim*@2']) - expect(search({ name: 'rimraf', version: '2.0.0' })).toBeTruthy() - expect(search({ name: 'rimraf', version: '1.0.0' })).not.toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '2.0.0' }))).toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '1.0.0' }))).not.toBeTruthy() } { const search = createPackagesSearcher(['minimatch', 'once@1.4']) - expect(search({ name: 'minimatch', version: '2.0.0' })).toBeTruthy() - expect(search({ name: 'once', version: '1.4.1' })).toBeTruthy() - expect(search({ name: 'rimraf', version: '1.0.0' })).not.toBeTruthy() + expect(search(mockContext({ name: 'minimatch', version: '2.0.0' }))).toBeTruthy() + expect(search(mockContext({ name: 'once', version: '1.4.1' }))).toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '1.0.0' }))).not.toBeTruthy() } }) + +test('package searcher with 2 finders', () => { + const search = createPackagesSearcher([], [ + (ctx) => ctx.name === 'once', + (ctx) => ctx.name === 'rimraf', + ]) + expect(search(mockContext({ name: 'minimatch', version: '2.0.0' }))).toBeFalsy() + expect(search(mockContext({ name: 'once', version: '1.4.1' }))).toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '1.0.0' }))).toBeTruthy() +}) + +function mockContext (manifest: DependencyManifest) { + return { + name: manifest.name, + version: manifest.version, + readManifest: () => manifest, + } +} diff --git a/reviewing/license-scanner/CHANGELOG.md b/reviewing/license-scanner/CHANGELOG.md index e2a71b91c08..b0fa9351934 100644 --- a/reviewing/license-scanner/CHANGELOG.md +++ b/reviewing/license-scanner/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/license-scanner +## 1001.0.24 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/types@1000.8.0 + - @pnpm/directory-fetcher@1000.1.11 + - @pnpm/lockfile.detect-dep-types@1001.0.14 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/lockfile.walker@1001.0.14 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/store.cafs@1000.0.17 + ## 1001.0.23 ### Patch Changes diff --git a/reviewing/license-scanner/package.json b/reviewing/license-scanner/package.json index ee6c3b25f03..799ce67c90f 100644 --- a/reviewing/license-scanner/package.json +++ b/reviewing/license-scanner/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/license-scanner", - "version": "1001.0.23", + "version": "1001.0.24", "description": "Check for licenses packages", "keywords": [ "pnpm", diff --git a/reviewing/list/CHANGELOG.md b/reviewing/list/CHANGELOG.md index 65d3d335b12..71e51c43ddb 100644 --- a/reviewing/list/CHANGELOG.md +++ b/reviewing/list/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/list +## 1000.1.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/reviewing.dependencies-hierarchy@1001.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + ## 1000.0.22 ### Patch Changes diff --git a/reviewing/list/package.json b/reviewing/list/package.json index a80fa6195c7..505214c5d01 100644 --- a/reviewing/list/package.json +++ b/reviewing/list/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/list", - "version": "1000.0.22", + "version": "1000.1.0", "description": "List installed packages in a symlinked `node_modules`", "keywords": [ "pnpm", diff --git a/reviewing/list/src/index.ts b/reviewing/list/src/index.ts index fdb6421f3ee..8559a01d48e 100644 --- a/reviewing/list/src/index.ts +++ b/reviewing/list/src/index.ts @@ -1,6 +1,6 @@ import path from 'path' import { safeReadProjectManifestOnly } from '@pnpm/read-project-manifest' -import { type DependenciesField, type Registries } from '@pnpm/types' +import { type DependenciesField, type Registries, type Finder } from '@pnpm/types' import { type PackageNode, buildDependenciesHierarchy, type DependenciesHierarchy, createPackagesSearcher } from '@pnpm/reviewing.dependencies-hierarchy' import { renderJson } from './renderJson.js' import { renderParseable } from './renderParseable.js' @@ -66,9 +66,10 @@ export async function searchForPackages ( registries?: Registries modulesDir?: string virtualStoreDirMaxLength: number + finders?: Finder[] } ): Promise { - const search = createPackagesSearcher(packages) + const search = createPackagesSearcher(packages, opts.finders) return Promise.all( Object.entries(await buildDependenciesHierarchy(projectPaths, { @@ -110,6 +111,7 @@ export async function listForPackages ( registries?: Registries modulesDir?: string virtualStoreDirMaxLength: number + finders?: Finder[] } ): Promise { const opts = { ...DEFAULTS, ...maybeOpts } @@ -143,6 +145,7 @@ export async function list ( showExtraneous?: boolean modulesDir?: string virtualStoreDirMaxLength: number + finders?: Finder[] } ): Promise { const opts = { ...DEFAULTS, ...maybeOpts } diff --git a/reviewing/list/src/renderTree.ts b/reviewing/list/src/renderTree.ts index ccec55c2456..34923e70e9d 100644 --- a/reviewing/list/src/renderTree.ts +++ b/reviewing/list/src/renderTree.ts @@ -114,12 +114,17 @@ export async function toArchyTree ( return Promise.all( sortPackages(entryNodes).map(async (node) => { const nodes = await toArchyTree(getPkgColor, node.dependencies ?? [], opts) + const labelLines: string[] = [ + printLabel(getPkgColor, node), + ] + if (node.searchMessage) { + labelLines.push(node.searchMessage) + } if (opts.long) { const pkg = await getPkgInfo(node) - const labelLines = [ - printLabel(getPkgColor, node), - pkg.description, - ] + if (pkg.description) { + labelLines.push(pkg.description) + } if (pkg.repository) { labelLines.push(pkg.repository) } @@ -129,14 +134,9 @@ export async function toArchyTree ( if (pkg.path) { labelLines.push(pkg.path) } - - return { - label: labelLines.join('\n'), - nodes, - } } return { - label: printLabel(getPkgColor, node), + label: labelLines.join('\n'), nodes, } }) diff --git a/reviewing/outdated/CHANGELOG.md b/reviewing/outdated/CHANGELOG.md index 92ff7cf9e90..ae063f74e38 100644 --- a/reviewing/outdated/CHANGELOG.md +++ b/reviewing/outdated/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/outdated +## 1001.0.29 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + - @pnpm/pick-registry-for-package@1000.0.10 + - @pnpm/hooks.read-package-hook@1000.0.13 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/client@1001.0.4 + - @pnpm/manifest-utils@1001.0.4 + ## 1001.0.28 ### Patch Changes diff --git a/reviewing/outdated/package.json b/reviewing/outdated/package.json index 80b8614f008..413ccc308d9 100644 --- a/reviewing/outdated/package.json +++ b/reviewing/outdated/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/outdated", - "version": "1001.0.28", + "version": "1001.0.29", "description": "Check for outdated packages", "keywords": [ "pnpm", diff --git a/reviewing/plugin-commands-licenses/CHANGELOG.md b/reviewing/plugin-commands-licenses/CHANGELOG.md index ba0e5168b21..7154b7205b3 100644 --- a/reviewing/plugin-commands-licenses/CHANGELOG.md +++ b/reviewing/plugin-commands-licenses/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/plugin-commands-licenses +## 1000.0.37 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/license-scanner@1001.0.24 + - @pnpm/lockfile.fs@1001.1.18 + ## 1000.0.36 ### Patch Changes diff --git a/reviewing/plugin-commands-licenses/package.json b/reviewing/plugin-commands-licenses/package.json index a5df3548805..5941774d499 100644 --- a/reviewing/plugin-commands-licenses/package.json +++ b/reviewing/plugin-commands-licenses/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-licenses", - "version": "1000.0.36", + "version": "1000.0.37", "description": "The licenses command of pnpm", "keywords": [ "pnpm", diff --git a/reviewing/plugin-commands-listing/CHANGELOG.md b/reviewing/plugin-commands-listing/CHANGELOG.md index 98bd6b6c79e..770ed8f3100 100644 --- a/reviewing/plugin-commands-listing/CHANGELOG.md +++ b/reviewing/plugin-commands-listing/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/plugin-commands-listing +## 1000.1.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/list@1000.1.0 + - @pnpm/cli-utils@1001.2.0 + ## 1000.0.35 ### Patch Changes diff --git a/reviewing/plugin-commands-listing/package.json b/reviewing/plugin-commands-listing/package.json index dc553a650b5..319ed2af19d 100644 --- a/reviewing/plugin-commands-listing/package.json +++ b/reviewing/plugin-commands-listing/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-listing", - "version": "1000.0.35", + "version": "1000.1.0", "description": "The list and why commands of pnpm", "keywords": [ "pnpm", diff --git a/reviewing/plugin-commands-listing/src/list.ts b/reviewing/plugin-commands-listing/src/list.ts index 0453a11b593..baadbe73a59 100644 --- a/reviewing/plugin-commands-listing/src/list.ts +++ b/reviewing/plugin-commands-listing/src/list.ts @@ -1,8 +1,9 @@ +import { PnpmError } from '@pnpm/error' import { docsUrl } from '@pnpm/cli-utils' import { FILTERING, OPTIONS, UNIVERSAL_OPTIONS } from '@pnpm/common-cli-options-help' import { type Config, types as allTypes } from '@pnpm/config' import { list, listForPackages } from '@pnpm/list' -import { type IncludedDependencies } from '@pnpm/types' +import { type Finder, type IncludedDependencies } from '@pnpm/types' import pick from 'ramda/src/pick' import renderHelp from 'render-help' import { listRecursive } from './recursive.js' @@ -32,6 +33,7 @@ export const cliOptionsTypes = (): Record => ({ 'exclude-peers': Boolean, 'only-projects': Boolean, recursive: Boolean, + 'find-by': [String, Array], }) export const shorthands: Record = { @@ -124,6 +126,7 @@ export type ListCommandOptions = Pick + findBy?: string[] } ): Promise { + const finders: Finder[] = [] + if (opts.findBy) { + for (const finderName of opts.findBy) { + if (opts.finders?.[finderName] == null) { + throw new PnpmError('FINDER_NOT_FOUND', `No finder with name ${finderName} is found`) + } + finders.push(opts.finders[finderName]) + } + } const listOpts = { alwaysPrintRootPackage: opts.alwaysPrintRootPackage, depth: opts.depth ?? 0, @@ -192,8 +207,9 @@ export async function render ( showExtraneous: false, modulesDir: opts.modulesDir, virtualStoreDirMaxLength: opts.virtualStoreDirMaxLength, + finders, } - return (params.length > 0) + return (params.length > 0) || listOpts.finders.length > 0 ? listForPackages(params, prefixes, listOpts) : list(prefixes, listOpts) } diff --git a/reviewing/plugin-commands-listing/src/why.ts b/reviewing/plugin-commands-listing/src/why.ts index 8cdd3774934..7833a03132c 100644 --- a/reviewing/plugin-commands-listing/src/why.ts +++ b/reviewing/plugin-commands-listing/src/why.ts @@ -25,6 +25,7 @@ export const cliOptionsTypes = (): Record => ({ ...rcOptionsTypes(), 'exclude-peers': Boolean, recursive: Boolean, + 'find-by': [String, Array], }) export const shorthands: Record = { @@ -103,8 +104,8 @@ export async function handler ( opts: ListCommandOptions, params: string[] ): Promise { - if (params.length === 0) { - throw new PnpmError('MISSING_PACKAGE_NAME', '`pnpm why` requires the package name') + if (params.length === 0 && opts.findBy == null) { + throw new PnpmError('MISSING_PACKAGE_NAME', '`pnpm why` requires the package name or --find-by=') } return list({ ...opts, diff --git a/reviewing/plugin-commands-listing/test/recursive.ts b/reviewing/plugin-commands-listing/test/recursive.ts index a83381ac2a4..b9df81d1102 100644 --- a/reviewing/plugin-commands-listing/test/recursive.ts +++ b/reviewing/plugin-commands-listing/test/recursive.ts @@ -260,5 +260,5 @@ test('`pnpm recursive why` should fail if no package name was provided', async ( } expect(err.code).toBe('ERR_PNPM_MISSING_PACKAGE_NAME') - expect(err.message).toBe('`pnpm why` requires the package name') + expect(err.message).toMatch('`pnpm why` requires the package name') }) diff --git a/reviewing/plugin-commands-outdated/CHANGELOG.md b/reviewing/plugin-commands-outdated/CHANGELOG.md index 4ee79fcb248..a063973f46d 100644 --- a/reviewing/plugin-commands-outdated/CHANGELOG.md +++ b/reviewing/plugin-commands-outdated/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/plugin-commands-outdated +## 1000.0.37 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/default-resolver@1002.2.4 + - @pnpm/outdated@1001.0.29 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/modules-yaml@1000.3.5 + ## 1000.0.36 ### Patch Changes diff --git a/reviewing/plugin-commands-outdated/package.json b/reviewing/plugin-commands-outdated/package.json index 4acf8a31959..ca0db51cfc5 100644 --- a/reviewing/plugin-commands-outdated/package.json +++ b/reviewing/plugin-commands-outdated/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-outdated", - "version": "1000.0.36", + "version": "1000.0.37", "description": "The outdated command of pnpm", "keywords": [ "pnpm", diff --git a/store/cafs/CHANGELOG.md b/store/cafs/CHANGELOG.md index 6e769ceed67..b8e06c2091c 100644 --- a/store/cafs/CHANGELOG.md +++ b/store/cafs/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/store.cafs +## 1000.0.17 + +### Patch Changes + +- @pnpm/fetcher-base@1001.0.1 +- @pnpm/store-controller-types@1004.0.2 + ## 1000.0.16 ### Patch Changes diff --git a/store/cafs/package.json b/store/cafs/package.json index 789188e7c5b..9062c554bda 100644 --- a/store/cafs/package.json +++ b/store/cafs/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store.cafs", - "version": "1000.0.16", + "version": "1000.0.17", "description": "A content-addressable filesystem for the packages storage", "keywords": [ "pnpm", diff --git a/store/create-cafs-store/CHANGELOG.md b/store/create-cafs-store/CHANGELOG.md index b5d11dd018f..35573c29622 100644 --- a/store/create-cafs-store/CHANGELOG.md +++ b/store/create-cafs-store/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/create-cafs-store +## 1000.0.18 + +### Patch Changes + +- @pnpm/exec.pkg-requires-build@1000.0.10 +- @pnpm/fetcher-base@1001.0.1 +- @pnpm/store.cafs@1000.0.17 +- @pnpm/store-controller-types@1004.0.2 +- @pnpm/fs.indexed-pkg-importer@1000.1.12 + ## 1000.0.17 ### Patch Changes diff --git a/store/create-cafs-store/package.json b/store/create-cafs-store/package.json index cd125a6d151..3643e5a7589 100644 --- a/store/create-cafs-store/package.json +++ b/store/create-cafs-store/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/create-cafs-store", - "version": "1000.0.17", + "version": "1000.0.18", "description": "Create a CAFS store controller", "keywords": [ "pnpm", diff --git a/store/package-store/CHANGELOG.md b/store/package-store/CHANGELOG.md index 029d3d18125..ffeed524fe7 100644 --- a/store/package-store/CHANGELOG.md +++ b/store/package-store/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/package-store +## 1002.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/package-requester@1006.0.1 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/store.cafs@1000.0.17 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/create-cafs-store@1000.0.18 + ## 1002.0.9 ### Patch Changes diff --git a/store/package-store/package.json b/store/package-store/package.json index 93179994818..f037b97b275 100644 --- a/store/package-store/package.json +++ b/store/package-store/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/package-store", - "version": "1002.0.9", + "version": "1002.0.10", "description": "A storage for packages", "keywords": [ "pnpm", diff --git a/store/plugin-commands-server/CHANGELOG.md b/store/plugin-commands-server/CHANGELOG.md index 455409b5d55..75700d33648 100644 --- a/store/plugin-commands-server/CHANGELOG.md +++ b/store/plugin-commands-server/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/plugin-commands-server +## 1000.0.36 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/server@1001.0.10 + ## 1000.0.35 ### Patch Changes diff --git a/store/plugin-commands-server/package.json b/store/plugin-commands-server/package.json index f8866237968..0e206abe0f9 100644 --- a/store/plugin-commands-server/package.json +++ b/store/plugin-commands-server/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-server", - "version": "1000.0.35", + "version": "1000.0.36", "description": "Commands for controlling the store server", "keywords": [ "pnpm", diff --git a/store/plugin-commands-store-inspecting/CHANGELOG.md b/store/plugin-commands-store-inspecting/CHANGELOG.md index d0da4aad9cf..d129f7b6531 100644 --- a/store/plugin-commands-store-inspecting/CHANGELOG.md +++ b/store/plugin-commands-store-inspecting/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/plugin-commands-store-inspecting +## 1000.0.33 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/client@1001.0.4 + - @pnpm/store.cafs@1000.0.17 + ## 1000.0.32 ### Patch Changes diff --git a/store/plugin-commands-store-inspecting/package.json b/store/plugin-commands-store-inspecting/package.json index ad611a7e369..683960d4b39 100644 --- a/store/plugin-commands-store-inspecting/package.json +++ b/store/plugin-commands-store-inspecting/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-store-inspecting", - "version": "1000.0.32", + "version": "1000.0.33", "description": "The inspecting store commands of pnpm", "keywords": [ "pnpm", diff --git a/store/plugin-commands-store/CHANGELOG.md b/store/plugin-commands-store/CHANGELOG.md index 4e363498c1d..dfd3fb102af 100644 --- a/store/plugin-commands-store/CHANGELOG.md +++ b/store/plugin-commands-store/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/plugin-commands-store +## 1000.0.37 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/normalize-registries@1000.1.3 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/get-context@1001.1.5 + - @pnpm/store.cafs@1000.0.17 + - @pnpm/store-controller-types@1004.0.2 + ## 1000.0.36 ### Patch Changes diff --git a/store/plugin-commands-store/package.json b/store/plugin-commands-store/package.json index 2aab30e6a9a..74abfd96fb8 100644 --- a/store/plugin-commands-store/package.json +++ b/store/plugin-commands-store/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-store", - "version": "1000.0.36", + "version": "1000.0.37", "description": "Commands for controlling the store", "keywords": [ "pnpm", diff --git a/store/server/CHANGELOG.md b/store/server/CHANGELOG.md index 0598e53a304..518d15bf1a4 100644 --- a/store/server/CHANGELOG.md +++ b/store/server/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/server +## 1001.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/fetch@1000.2.5 + - @pnpm/store-controller-types@1004.0.2 + ## 1001.0.9 ### Patch Changes diff --git a/store/server/package.json b/store/server/package.json index d7802659372..04f57d93f0c 100644 --- a/store/server/package.json +++ b/store/server/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/server", - "version": "1001.0.9", + "version": "1001.0.10", "description": "A pnpm installer server", "keywords": [ "pnpm", diff --git a/store/store-connection-manager/CHANGELOG.md b/store/store-connection-manager/CHANGELOG.md index 7b0ea861065..603c230a857 100644 --- a/store/store-connection-manager/CHANGELOG.md +++ b/store/store-connection-manager/CHANGELOG.md @@ -1,5 +1,32 @@ # @pnpm/store-connection-manager +## 1002.1.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/client@1001.0.4 + - @pnpm/package-store@1002.0.10 + - @pnpm/server@1001.0.10 + ## 1002.0.11 ### Patch Changes diff --git a/store/store-connection-manager/package.json b/store/store-connection-manager/package.json index 413c3dc2360..c8156f2f0a0 100644 --- a/store/store-connection-manager/package.json +++ b/store/store-connection-manager/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store-connection-manager", - "version": "1002.0.11", + "version": "1002.1.0", "description": "Create a direct pnpm store controller or connect to a running store server", "keywords": [ "pnpm", diff --git a/store/store-connection-manager/src/createNewStoreController.ts b/store/store-connection-manager/src/createNewStoreController.ts index 4e8ef5eed96..4909bb9dab1 100644 --- a/store/store-connection-manager/src/createNewStoreController.ts +++ b/store/store-connection-manager/src/createNewStoreController.ts @@ -29,6 +29,7 @@ export type CreateNewStoreControllerOptions = CreateResolverOptions & Pick { - const fullMetadata = opts.fetchFullMetadata ?? (opts.resolutionMode === 'time-based' && !opts.registrySupportsTimeField) + const fullMetadata = opts.fetchFullMetadata ?? ((opts.resolutionMode === 'time-based' || Boolean(opts.minimumReleaseAge)) && !opts.registrySupportsTimeField) const { resolve, fetchers, clearResolutionCache } = createClient({ customFetchers: opts.hooks?.fetchers, userConfig: opts.userConfig, @@ -94,6 +95,7 @@ export async function createNewStoreController ( includeOnlyPackageFiles: !opts.deployAllFiles, saveWorkspaceProtocol: opts.saveWorkspaceProtocol, preserveAbsolutePaths: opts.preserveAbsolutePaths, + strictPublishedByCheck: Boolean(opts.minimumReleaseAge), }) await fs.mkdir(opts.storeDir, { recursive: true }) return { diff --git a/store/store-controller-types/CHANGELOG.md b/store/store-controller-types/CHANGELOG.md index 0fe7d6b3e7c..6b2c05c821b 100644 --- a/store/store-controller-types/CHANGELOG.md +++ b/store/store-controller-types/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/store-controller-types +## 1004.0.2 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/resolver-base@1005.0.1 + ## 1004.0.1 ### Patch Changes diff --git a/store/store-controller-types/package.json b/store/store-controller-types/package.json index 8ebed00d147..666d22fa333 100644 --- a/store/store-controller-types/package.json +++ b/store/store-controller-types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store-controller-types", - "version": "1004.0.1", + "version": "1004.0.2", "description": "Types for the store controller", "keywords": [ "pnpm", diff --git a/testing/temp-store/CHANGELOG.md b/testing/temp-store/CHANGELOG.md index 156f1656f1d..209c0a9d809 100644 --- a/testing/temp-store/CHANGELOG.md +++ b/testing/temp-store/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/testing.temp-store +## 1000.0.15 + +### Patch Changes + +- @pnpm/client@1001.0.4 +- @pnpm/package-store@1002.0.10 +- @pnpm/store-controller-types@1004.0.2 + ## 1000.0.14 ### Patch Changes diff --git a/testing/temp-store/package.json b/testing/temp-store/package.json index d649cd5e3de..05e3a802dbc 100644 --- a/testing/temp-store/package.json +++ b/testing/temp-store/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/testing.temp-store", - "version": "1000.0.14", + "version": "1000.0.15", "description": "A temporary store for testing purposes", "keywords": [ "pnpm", diff --git a/tools/plugin-commands-self-updater/CHANGELOG.md b/tools/plugin-commands-self-updater/CHANGELOG.md index 3b38605a007..c9b0ad2a8b3 100644 --- a/tools/plugin-commands-self-updater/CHANGELOG.md +++ b/tools/plugin-commands-self-updater/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/tools.plugin-commands-self-updater +## 1000.1.23 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/link-bins@1000.2.2 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/client@1001.0.4 + - @pnpm/read-project-manifest@1001.1.1 + ## 1000.1.22 ### Patch Changes diff --git a/tools/plugin-commands-self-updater/package.json b/tools/plugin-commands-self-updater/package.json index e7480ae3fe5..443d4e052e2 100644 --- a/tools/plugin-commands-self-updater/package.json +++ b/tools/plugin-commands-self-updater/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/tools.plugin-commands-self-updater", - "version": "1000.1.22", + "version": "1000.1.23", "description": "A command for updating pnpm itself", "keywords": [ "pnpm", diff --git a/worker/CHANGELOG.md b/worker/CHANGELOG.md index a5e17c23347..71f2b15f7e1 100644 --- a/worker/CHANGELOG.md +++ b/worker/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/worker +## 1000.1.12 + +### Patch Changes + +- @pnpm/exec.pkg-requires-build@1000.0.10 +- @pnpm/symlink-dependency@1000.0.11 +- @pnpm/store.cafs@1000.0.17 +- @pnpm/cafs-types@1000.0.0 +- @pnpm/fs.hard-link-dir@1000.0.1 +- @pnpm/create-cafs-store@1000.0.18 + ## 1000.1.11 ### Patch Changes diff --git a/worker/package.json b/worker/package.json index b7f86858dec..9475fa8a92e 100644 --- a/worker/package.json +++ b/worker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/worker", - "version": "1000.1.11", + "version": "1000.1.12", "description": "A worker for extracting package taralls to the store", "keywords": [ "pnpm", diff --git a/workspace/filter-packages-from-dir/CHANGELOG.md b/workspace/filter-packages-from-dir/CHANGELOG.md index 925e15d1bf1..d336164cc0e 100644 --- a/workspace/filter-packages-from-dir/CHANGELOG.md +++ b/workspace/filter-packages-from-dir/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/workspace.filter-packages-from-dir +## 1000.0.35 + +### Patch Changes + +- @pnpm/filter-workspace-packages@1000.0.35 +- @pnpm/workspace.find-packages@1000.0.35 +- @pnpm/workspace.read-manifest@1000.2.3 + ## 1000.0.34 ### Patch Changes diff --git a/workspace/filter-packages-from-dir/package.json b/workspace/filter-packages-from-dir/package.json index e2f7e9a8f1d..68c4bee3477 100644 --- a/workspace/filter-packages-from-dir/package.json +++ b/workspace/filter-packages-from-dir/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.filter-packages-from-dir", - "version": "1000.0.34", + "version": "1000.0.35", "description": "Filters packages in a directory", "keywords": [ "pnpm", diff --git a/workspace/filter-workspace-packages/CHANGELOG.md b/workspace/filter-workspace-packages/CHANGELOG.md index 8ffa74f0a1f..9d997f4b8bc 100644 --- a/workspace/filter-workspace-packages/CHANGELOG.md +++ b/workspace/filter-workspace-packages/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/filter-workspace-packages +## 1000.0.35 + +### Patch Changes + +- @pnpm/workspace.pkgs-graph@1000.0.19 +- @pnpm/workspace.find-packages@1000.0.35 + ## 1000.0.34 ### Patch Changes diff --git a/workspace/filter-workspace-packages/package.json b/workspace/filter-workspace-packages/package.json index 4d2d7dd379d..2c7fc00614f 100644 --- a/workspace/filter-workspace-packages/package.json +++ b/workspace/filter-workspace-packages/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/filter-workspace-packages", - "version": "1000.0.34", + "version": "1000.0.35", "description": "Filters packages in a workspace", "keywords": [ "pnpm", diff --git a/workspace/find-packages/CHANGELOG.md b/workspace/find-packages/CHANGELOG.md index 4e2be732517..fecaaddb551 100644 --- a/workspace/find-packages/CHANGELOG.md +++ b/workspace/find-packages/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/find-workspace-packages +## 1000.0.35 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/fs.find-packages@1000.0.14 + ## 1000.0.34 ### Patch Changes diff --git a/workspace/find-packages/package.json b/workspace/find-packages/package.json index d6865cc4de5..1e32c52f75f 100644 --- a/workspace/find-packages/package.json +++ b/workspace/find-packages/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.find-packages", - "version": "1000.0.34", + "version": "1000.0.35", "description": "Finds packages inside a workspace", "keywords": [ "pnpm", diff --git a/workspace/injected-deps-syncer/CHANGELOG.md b/workspace/injected-deps-syncer/CHANGELOG.md index bea0f09a6f8..9145bd9c4e0 100644 --- a/workspace/injected-deps-syncer/CHANGELOG.md +++ b/workspace/injected-deps-syncer/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/workspace.injected-deps-syncer +## 1000.0.12 + +### Patch Changes + +- @pnpm/directory-fetcher@1000.1.11 +- @pnpm/modules-yaml@1000.3.5 + ## 1000.0.11 ### Patch Changes diff --git a/workspace/injected-deps-syncer/package.json b/workspace/injected-deps-syncer/package.json index 7641109a880..516e3a0c5a5 100644 --- a/workspace/injected-deps-syncer/package.json +++ b/workspace/injected-deps-syncer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.injected-deps-syncer", - "version": "1000.0.11", + "version": "1000.0.12", "description": "Update all injected replica of a workspace package", "keywords": [ "pnpm", diff --git a/workspace/manifest-writer/CHANGELOG.md b/workspace/manifest-writer/CHANGELOG.md index 5f2755e65af..83bd69e903a 100644 --- a/workspace/manifest-writer/CHANGELOG.md +++ b/workspace/manifest-writer/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/workspace.manifest-writer +## 1001.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/workspace.read-manifest@1000.2.3 + ## 1001.0.0 ### Major Changes diff --git a/workspace/manifest-writer/package.json b/workspace/manifest-writer/package.json index 4bf21a7f32c..febe846ca07 100644 --- a/workspace/manifest-writer/package.json +++ b/workspace/manifest-writer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.manifest-writer", - "version": "1001.0.0", + "version": "1001.0.1", "description": "Updates the workspace manifest file", "keywords": [ "pnpm", diff --git a/workspace/pkgs-graph/CHANGELOG.md b/workspace/pkgs-graph/CHANGELOG.md index f312819261d..446211e8362 100644 --- a/workspace/pkgs-graph/CHANGELOG.md +++ b/workspace/pkgs-graph/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/workspace.pkgs-graph +## 1000.0.19 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + ## 1000.0.18 ### Patch Changes diff --git a/workspace/pkgs-graph/package.json b/workspace/pkgs-graph/package.json index d7335d900b3..c2c78253011 100644 --- a/workspace/pkgs-graph/package.json +++ b/workspace/pkgs-graph/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.pkgs-graph", - "version": "1000.0.18", + "version": "1000.0.19", "description": "Create a graph from an array of packages", "keywords": [ "pnpm", diff --git a/workspace/read-manifest/CHANGELOG.md b/workspace/read-manifest/CHANGELOG.md index dc9c2dbcb9f..51119e8df1f 100644 --- a/workspace/read-manifest/CHANGELOG.md +++ b/workspace/read-manifest/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/workspace.read-manifest +## 1000.2.3 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.2.2 ### Patch Changes diff --git a/workspace/read-manifest/package.json b/workspace/read-manifest/package.json index 5041dd9b0c4..64c398c33d9 100644 --- a/workspace/read-manifest/package.json +++ b/workspace/read-manifest/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.read-manifest", - "version": "1000.2.2", + "version": "1000.2.3", "description": "Reads a workspace manifest file", "keywords": [ "pnpm", diff --git a/workspace/sort-packages/CHANGELOG.md b/workspace/sort-packages/CHANGELOG.md index 7b3fbc3b4fd..e909b5df7e6 100644 --- a/workspace/sort-packages/CHANGELOG.md +++ b/workspace/sort-packages/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/sort-packages +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/workspace/sort-packages/package.json b/workspace/sort-packages/package.json index 2b25bfc99f8..8ddf36df36c 100644 --- a/workspace/sort-packages/package.json +++ b/workspace/sort-packages/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/sort-packages", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Sort packages", "keywords": [ "pnpm", diff --git a/workspace/state/CHANGELOG.md b/workspace/state/CHANGELOG.md index 0e93225d151..8750c30d41d 100644 --- a/workspace/state/CHANGELOG.md +++ b/workspace/state/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/workspace.state +## 1002.0.3 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + ## 1002.0.2 ### Patch Changes diff --git a/workspace/state/package.json b/workspace/state/package.json index 6029910e9d6..6fbb15c5037 100644 --- a/workspace/state/package.json +++ b/workspace/state/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.state", - "version": "1002.0.2", + "version": "1002.0.3", "description": "Track the list of actual paths of workspace packages in a cache", "keywords": [ "pnpm",