Skip to content

chore(deps): update pnpm to v10.30.2#44

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/minor
Open

chore(deps): update pnpm to v10.30.2#44
renovate[bot] wants to merge 1 commit intomainfrom
renovate/minor

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 16, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change Pending OpenSSF
pnpm (source) engines minor 10.28.210.30.2 10.30.3 OpenSSF Scorecard

Release Notes

pnpm/pnpm (pnpm)

v10.30.2

Compare Source

v10.30.1: pnpm 10.30.1

Compare Source

Patch Changes

  • Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #​10649.

Platinum Sponsors

Bit

Gold Sponsors

Sanity Discord Vite
SerpApi CodeRabbit Workleap
Stackblitz Nx

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

  • pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

  • Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
  • Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Bit

Gold Sponsors

Sanity Discord Vite
SerpApi CodeRabbit Workleap
Stackblitz Nx

v10.29.3

Compare Source

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

  • The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
  • Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
  • Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

  • Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

  • Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

  • Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

  • Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

  • Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

  • Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

  • Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

  • update tar to version 7.5.7 to fix security issue

    Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

  • Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

  • Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

  • pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

  • Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Bit

Gold Sponsors

Discord CodeRabbit Workleap
Stackblitz Vite

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the deps: minor label Feb 16, 2026
@renovate
Copy link
Contributor Author

renovate bot commented Feb 16, 2026
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml
 ERR_PNPM_UNSUPPORTED_ENGINE  Unsupported environment (bad pnpm and/or Node.js version)

Your pnpm version is incompatible with "/tmp/renovate/repos/github/allthingslinux/portal".

Expected version: 10.30.2
Got: 10.28.2

This is happening because the package's manifest has an engines.pnpm field specified.
To fix this issue, install the required pnpm version globally.

To install the latest version of pnpm, run "pnpm i -g pnpm".
To check your pnpm version, run "pnpm -v".

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Feb 16, 2026
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

@renovate renovate bot changed the title chore(deps): update minor chore(deps): update minor - autoclosed Feb 18, 2026
@renovate renovate bot closed this Feb 18, 2026
@renovate renovate bot deleted the renovate/minor branch February 18, 2026 02:57
@renovate renovate bot changed the title chore(deps): update minor - autoclosed chore(deps): update minor Feb 23, 2026
@renovate renovate bot reopened this Feb 23, 2026
@renovate renovate bot force-pushed the renovate/minor branch 2 times, most recently from b920e60 to 9af3fbc Compare February 23, 2026 05:12
sentry[bot]
sentry bot reviewed Feb 23, 2026
View reviewed changes
sentry[bot]
sentry bot reviewed Feb 24, 2026
View reviewed changes
package.json Outdated
"packageManager": "pnpm@10.28.2",
"engines": {
"pnpm": "10.28.2",
"pnpm": "10.30.0",
Copy link

@sentry sentry bot Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The PR description claims to update several dependencies, but these changes are missing from package.json. The packageManager version is also not updated, creating an inconsistency.
Severity: MEDIUM

Suggested Fix

Ensure the dependency versions in package.json match the versions specified in the PR description. Update @base-ui/react, dotenv, react-resizable-panels, and undici. Also, update the packageManager field to pnpm@10.30.0 to match the engines.pnpm version. Finally, run pnpm install to regenerate the pnpm-lock.yaml file.

Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L143

Potential issue: The pull request description indicates updates for four dependencies
(`@base-ui/react`, `dotenv`, `react-resizable-panels`, `undici`), but these version
changes are not reflected in the `package.json` file. The application will continue to
use the old, un-updated versions of these packages. Additionally, there is a mismatch
between the `engines.pnpm` version, which was updated to `10.30.0`, and the
`packageManager` field, which remains at `10.28.2`. This inconsistency could lead to
issues for developers. The `pnpm-lock.yaml` file also remains unchanged, confirming the
dependencies were not updated.

@renovate renovate bot force-pushed the renovate/minor branch 2 times, most recently from b219d1b to 5cb6a9e Compare March 3, 2026 01:37
@renovate
chore(deps): update pnpm to v10.30.2
867b93b 
| datasource | package | from    | to      |
| ---------- | ------- | ------- | ------- |
| npm        | pnpm    | 10.28.2 | 10.30.2 |
@renovate renovate bot force-pushed the renovate/minor branch from 5cb6a9e to 867b93b Compare March 3, 2026 20:31
@renovate renovate bot changed the title chore(deps): update minor chore(deps): update pnpm to v10.30.2 Mar 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

deps: minor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants