Skip to content

chore(deps): update pnpm to v10.18.3 (main) - autoclosed #2858

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): update pnpm to v10.18.3 (main) - autoclosed #2858

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 13, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
pnpm (source) 10.17.1 -> 10.18.3 age confidence

Release Notes

pnpm/pnpm (pnpm)

v10.18.3

Compare Source

Patch Changes
  • Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #​10060.
  • Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #​9362.
  • Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #​9646.
  • Fixed EISDIR error when bin field points to a directory #​9441.
  • Preserve version and hasBin for variations packages #​10022.
  • Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #​9884.
  • When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #​10072.
  • Prevent a table width error in pnpm outdated --long #​10040.
  • Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #​10057.

v10.18.2

Compare Source

Patch Changes
  • pnpm outdated --long should work #​10040.
  • Replace ndjson with split2. Reduce the bundle size of pnpm CLI #​10054.
  • pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #​9963.
  • pnpm version switching should work when the pnpm home directory is in a symlinked directory #​9715.
  • Fix EPIPE errors when piping output to other commands #​10027.

v10.18.1

Compare Source

Patch Changes
  • Don't print a warning, when --lockfile-only is used #​8320.
  • pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #​5700.
  • When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

v10.18.0

Compare Source

Minor Changes

  • Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

    Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps.
    Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

    Related PR: #​10025.

Patch Changes
  • Retry filesystem operations on EAGAIN errors #​9959.
  • Outdated command respects minimumReleaseAge configuration #​10030.
  • Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
  • Don't fail with a meaningless error when scriptShell is set to false #​8748.
  • pnpm dlx should not fail when minimumReleaseAge is set #​10037.

Configuration

📅 Schedule: Branch creation - On day 1 of the month, every 12 months ( * * 1 */12 * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate using a curated preset maintained by Sanity. View repository job log here

@vercel Vercel
Copy link

vercel bot commented Oct 13, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
next-sanity Error Error Oct 15, 2025 7:34am
next-sanity-static Error Error Oct 15, 2025 7:34am

@socket-security Socket Security
Copy link

socket-security bot commented Oct 13, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​next/​env@​15.6.0-canary.31 ⏵ 16.0.0-canary.598 -210058 -4299 -1100
Updatednext@​15.6.0-canary.31 ⏵ 16.0.0-canary.594 -610091 -998 -270 -30
Updated@​next/​bundle-analyzer@​15.6.0-canary.31 ⏵ 16.0.0-canary.510010089 -1199 -1100

View full report

@renovate renovate bot force-pushed the renovate/main-corepack branch from 6c6511a to 19393b5 Compare October 14, 2025 12:09
@renovate renovate bot changed the title chore(deps): update pnpm to v10.18.2 (main) chore(deps): update pnpm to v10.18.3 (main) Oct 14, 2025
@renovate renovate bot force-pushed the renovate/main-corepack branch from 19393b5 to d1d087e Compare October 15, 2025 07:32
@renovate renovate bot changed the title chore(deps): update pnpm to v10.18.3 (main) chore(deps): update pnpm to v10.18.3 (main) - autoclosed Oct 15, 2025
@renovate renovate bot closed this Oct 15, 2025
@renovate renovate bot deleted the renovate/main-corepack branch October 15, 2025 08:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

🤖 bot 📦 deps

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants