chore(deps): update pnpm to v10.24.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	10.20.0 -> 10.24.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

pnpm/pnpm (pnpm)

v10.24.0

Compare Source

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:is-odd@3.0.1) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

v10.22.0: pnpm 10.22

Compare Source

Minor Changes

• Added support for trustPolicyExclude #​10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - chokidar@4.0.3
    - webpack@4.47.0 || 5.102.1

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10179.

Platinum Sponsors

Gold Sponsors

v10.21.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - "before 8am on wednesday" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for rspack canceled.

Name	Link
🔨 Latest commit	ce390fc
🔍 Latest deploy log	https://app.netlify.com/projects/rspack/deploys/692ab2851bce34000846fc2e

[github-actions]

Rsdoctor Bundle Diff Analysis

📁 rspack

Path: ../rstack-examples/rsdoctor/rspack/dist/rsdoctor-data.json

⚠️ No baseline data found - Unable to perform comparison analysis

Metric	Current	Baseline	Change
📊 Total Size	230.8 KB	-	-
📄 JavaScript	230.1 KB	-	-
🎨 CSS	381.0 B	-	-
🌐 HTML	328.0 B	-	-
📁 Other Assets	0 B	-	-

Generated by Rsdoctor GitHub Action

[github-actions]

📦 Binary Size-limit

Comparing ce390fc to test: bump rstest to show relevant running tests (#12323) by 9aoy

🙈 Size remains the same at 47.69MB

[codspeed-hq]

CodSpeed Performance Report

Merging #12328 will not alter performance

_{Comparing renovate/pnpm-10.x (ce390fc) with main (5838590)}

Summary

✅ 17 untouched