Skip to content

chore(deps-dev): bump pnpm from 10.4.1 to 10.19.0 #476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

chore(deps-dev): bump pnpm from 10.4.1 to 10.19.0 #476

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 27, 2025
edited
Loading

Bumps pnpm from 10.4.1 to 10.19.0.

Release notes

Sourced from pnpm's releases.

pnpm 10.19

Minor Changes

  • You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

    onlyBuiltDependencies:
  - nx@21.6.4 || 21.6.5
  - esbuild@0.25.1

    Related PR: #10104.

  • Added support for exact versions in minimumReleaseAgeExclude #9985.

    You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example:

    minimumReleaseAge: 1440
minimumReleaseAgeExclude:
  - nx@21.6.5
  - webpack@4.47.0 || 5.102.1

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.19.0

Minor Changes

  • You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example:

    onlyBuiltDependencies:
  - nx@21.6.4 || 21.6.5
  - esbuild@0.25.1

    Related PR: #10104.

  • Added support for exact versions in minimumReleaseAgeExclude #9985.

    You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example:

    minimumReleaseAge: 1440
minimumReleaseAgeExclude:
  - nx@21.6.5
  - webpack@4.47.0 || 5.102.1

10.18.3

Patch Changes

  • Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #10060.
  • Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #9362.
  • Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #9646.
  • Fixed EISDIR error when bin field points to a directory #9441.
  • Preserve version and hasBin for variations packages #10022.
  • Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #9884.
  • When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #10072.
  • Prevent a table width error in pnpm outdated --long #10040.
  • Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #10057.

10.18.2

Patch Changes

  • pnpm outdated --long should work #10040.
  • Replace ndjson with split2. Reduce the bundle size of pnpm CLI #10054.
  • pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #9963.
  • pnpm version switching should work when the pnpm home directory is in a symlinked directory #9715.
  • Fix EPIPE errors when piping output to other commands #10027.

10.18.1

... (truncated)

Commits
  • 43d7b18 chore(release): 10.19.0
  • 1bfc105 chore(release): 10.18.3
  • 6089939 fix: sync bin links after injected deps sync (#10064)
  • 9865167 fix(config): fix infinite loop when using pre/post install scripts and verify...
  • 1b15e45 chore(release): 10.18.2
  • 50a47b0 fix: handle EPIPE errors when piping output (#10051)
  • 651a27a chore(release): 10.18.1
  • bdbd31a chore(release): 10.18.0
  • 2bfbdfc fix: errorHander.ts
  • 6618431 chore(release): libs
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Oct 27, 2025
@dependabot dependabot bot mentioned this pull request Oct 27, 2025
Closed
@railway-app
Copy link

railway-app bot commented Oct 27, 2025
edited
Loading

🚅 Deployed to the retroloop-pr-476 environment in retroloop

Service Status Web Updated (UTC)
app 😴 Sleeping (View Logs) Web Nov 1, 2025 at 5:53 pm

@railway-app railway-app bot temporarily deployed to app (retroloop / retroloop-pr-476) October 27, 2025 08:27 Destroyed
@codecov
Copy link

codecov bot commented Oct 27, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 10.26%. Comparing base (0b5f8c9) to head (6112314).
⚠️ Report is 63 commits behind head on dev.

Additional details and impacted files 
@@            Coverage Diff             @@
##              dev     #476      +/-   ##
==========================================
- Coverage   13.61%   10.26%   -3.35%     
==========================================
  Files         119      122       +3     
  Lines        5840     6245     +405     
  Branches      143      111      -32     
==========================================
- Hits          795      641     -154     
- Misses       5045     5604     +559

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dependabot
chore(deps-dev): bump pnpm from 10.4.1 to 10.19.0
6112314 
Bumps [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) from 10.4.1 to 10.19.0.
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Changelog](https://github.com/pnpm/pnpm/blob/main/pnpm/CHANGELOG.md)
- [Commits](https://github.com/pnpm/pnpm/commits/v10.19.0/pnpm)

---
updated-dependencies:
- dependency-name: pnpm
  dependency-version: 10.19.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/pnpm-10.19.0 branch from 92ecee1 to 6112314 Compare November 1, 2025 17:40
@railway-app railway-app bot temporarily deployed to app (retroloop / retroloop-pr-476) November 1, 2025 17:40 Destroyed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant