Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pnpm for openSUSE:Factory checked in at 2025-12-17 17:34:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pnpm (Old) and /work/SRC/openSUSE:Factory/.pnpm.new.1939 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pnpm" Wed Dec 17 17:34:13 2025 rev:50 rq:1323167 version:10.26.0 Changes: -------- --- /work/SRC/openSUSE:Factory/pnpm/pnpm.changes 2025-12-16 16:02:16.846079942 +0100 +++ /work/SRC/openSUSE:Factory/.pnpm.new.1939/pnpm.changes 2025-12-17 17:38:24.760803689 +0100 @@ -1,0 +2,31 @@ +Mon Dec 15 22:06:15 UTC 2025 - Avindra Goolcharan <[email protected]> + +- update to 10.26.0 + * Minor Changes + - Semi-breaking. Block git-hosted dependencies from running + prepare scripts unless explicitly allowed in onlyBuiltDependencies #10288. + - Semi-breaking. Compute integrity hash for HTTP tarball + dependencies when fetching, storing it in the lockfile to + prevent servers from serving altered content on subsequent installs #10287. + - Added a new setting blockExoticSubdeps that prevents the + resolution of exotic protocols in transitive dependencies. + - Added support for allowBuilds, which is a new field that + can be used instead of onlyBuiltDependencies and + ignoredBuiltDependencies. The new allowBuilds field in your + pnpm-workspace.yaml uses a map of package matchers to + explicitly allow (true) or disallow (false) script execution. + This allows for a single, easy-to-manage source of truth for + your build permissions. + * Patch Changes + - Show deprecation in table/list formats when latest version + is deprecated #8658. + - Remove the injectWorkspacePackages setting from the + lockfile on the deploy command #10294. + - Normalize the tarball URLs before saving them to the + lockfile. URLs should not contain default ports, like :80 for + http and :443 for https #10273. + - When a dependency is installed via a direct URL that + redirects to another URL and is immutable, the original URL + is normalized and saved to package.json #10197. + +------------------------------------------------------------------- Old: ---- pnpm-10.25.0.tgz New: ---- pnpm-10.26.0.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pnpm.spec ++++++ --- /var/tmp/diff_new_pack.Hz5HSh/_old 2025-12-17 17:38:25.712843700 +0100 +++ /var/tmp/diff_new_pack.Hz5HSh/_new 2025-12-17 17:38:25.716843868 +0100 @@ -23,7 +23,7 @@ %global __nodejs_provides %{nil} %global __nodejs_requires %{nil} Name: pnpm -Version: 10.25.0 +Version: 10.26.0 Release: 0 Summary: Fast, disk space efficient package manager License: MIT ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.Hz5HSh/_old 2025-12-17 17:38:25.796847230 +0100 +++ /var/tmp/diff_new_pack.Hz5HSh/_new 2025-12-17 17:38:25.800847399 +0100 @@ -1,6 +1,6 @@ -mtime: 1765629753 -commit: f829e8dc630cf7a7f6df0103f8add71ad166876aa8c65d4b53251631a4efeca4 +mtime: 1765836633 +commit: f9bc8099422e32279c3aa6ffb3fef21de5c1a05d463d28baa4798b19ea6cc5cc url: https://src.opensuse.org/nodejs/pnpm.git -revision: f829e8dc630cf7a7f6df0103f8add71ad166876aa8c65d4b53251631a4efeca4 +revision: f9bc8099422e32279c3aa6ffb3fef21de5c1a05d463d28baa4798b19ea6cc5cc projectscmsync: https://src.opensuse.org/nodejs/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2025-12-15 23:11:01.000000000 +0100 @@ -0,0 +1 @@ +.osc ++++++ pnpm-10.25.0.tgz -> pnpm-10.26.0.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/package/dist/node_modules/.modules.yaml new/package/dist/node_modules/.modules.yaml --- old/package/dist/node_modules/.modules.yaml 1985-10-26 09:15:00.000000000 +0100 +++ new/package/dist/node_modules/.modules.yaml 1985-10-26 09:15:00.000000000 +0100 @@ -16,8 +16,8 @@ [email protected]: - node_modules/agent-base [email protected]: - - node_modules/strip-ansi-cjs/node_modules/ansi-regex - node_modules/wrap-ansi-cjs/node_modules/ansi-regex + - node_modules/strip-ansi-cjs/node_modules/ansi-regex - node_modules/string-width-cjs/node_modules/ansi-regex [email protected]: - node_modules/ansi-regex @@ -196,7 +196,7 @@ nodeLinker: hoisted packageManager: [email protected] pendingBuilds: [] -prunedAt: Mon, 08 Dec 2025 15:09:48 GMT +prunedAt: Mon, 15 Dec 2025 12:09:00 GMT publicHoistPattern: [] registries: '@jsr': https://npm.jsr.io/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/package/dist/node_modules/.pnpm-workspace-state-v1.json new/package/dist/node_modules/.pnpm-workspace-state-v1.json --- old/package/dist/node_modules/.pnpm-workspace-state-v1.json 1985-10-26 09:15:00.000000000 +0100 +++ new/package/dist/node_modules/.pnpm-workspace-state-v1.json 1985-10-26 09:15:00.000000000 +0100 @@ -1,5 +1,5 @@ { - "lastValidatedTimestamp": 1765206588775, + "lastValidatedTimestamp": 1765800540629, "projects": {}, "pnpmfiles": [], "settings": { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/package/dist/pnpm.cjs new/package/dist/pnpm.cjs --- old/package/dist/pnpm.cjs 1985-10-26 09:15:00.000000000 +0100 +++ new/package/dist/pnpm.cjs 1985-10-26 09:15:00.000000000 +0100 @@ -2972,7 +2972,7 @@ var load_json_file_1 = __importDefault2(require_load_json_file()); var defaultManifest = { name: true ? "pnpm" : "pnpm", - version: true ? "10.25.0" : "0.0.0" + version: true ? "10.26.0" : "0.0.0" }; var pkgJson; if (require.main == null) { @@ -14654,7 +14654,8 @@ "dangerouslyAllowAllBuilds", "onlyBuiltDependencies", "onlyBuiltDependenciesFile", - "neverBuiltDependencies" + "neverBuiltDependencies", + "allowBuilds" ]; var hasDependencyBuildOptions = (config) => exports2.DEPS_BUILD_CONFIG_KEYS.some((key) => config[key] != null); exports2.hasDependencyBuildOptions = hasDependencyBuildOptions; @@ -15098,6 +15099,7 @@ "public-hoist-pattern": Array, "publish-branch": String, "recursive-install": Boolean, + "block-exotic-subdeps": Boolean, reporter: String, "resolution-mode": ["highest", "time-based", "lowest-direct"], "resolve-peers-from-workspace-root": Boolean, @@ -18817,6 +18819,7 @@ const settings = getOptionsFromPnpmSettings(manifestDir, { ...(0, pick_1.default)([ "allowNonAppliedPatches", + "allowBuilds", "allowUnusedPatches", "allowedDeprecatedVersions", "auditConfig", @@ -18849,7 +18852,7 @@ return settings; } function getOptionsFromPnpmSettings(manifestDir, pnpmSettings, manifest) { - const renamedKeys = ["allowNonAppliedPatches"]; + const renamedKeys = ["allowNonAppliedPatches", "allowBuilds"]; const settings = (0, omit_1.default)(renamedKeys, replaceEnvInSettings(pnpmSettings)); if (settings.overrides) { if (Object.keys(settings.overrides).length === 0) { @@ -18876,6 +18879,20 @@ if (pnpmSettings.ignorePatchFailures != null) { settings.ignorePatchFailures = pnpmSettings.ignorePatchFailures; } + if (pnpmSettings.allowBuilds) { + settings.onlyBuiltDependencies ??= []; + settings.ignoredBuiltDependencies ??= []; + for (const [packagePattern, build] of Object.entries(pnpmSettings.allowBuilds)) { + switch (build) { + case true: + settings.onlyBuiltDependencies.push(packagePattern); + break; + case false: + settings.ignoredBuiltDependencies.push(packagePattern); + break; + } + } + } return settings; } function replaceEnvInSettings(settings) { @@ -19616,6 +19633,7 @@ "public-hoist-pattern": [], "recursive-install": true, registry: npmDefaults.registry, + "block-exotic-subdeps": false, "resolution-mode": "highest", "resolve-peers-from-workspace-root": true, "save-peer": false, @@ -60438,6 +60456,22 @@ } }); +// ../resolving/npm-resolver/lib/normalizeRegistryUrl.js +var require_normalizeRegistryUrl = __commonJS({ + "../resolving/npm-resolver/lib/normalizeRegistryUrl.js"(exports2) { + "use strict"; + Object.defineProperty(exports2, "__esModule", { value: true }); + exports2.normalizeRegistryUrl = normalizeRegistryUrl; + function normalizeRegistryUrl(urlString) { + try { + return new URL(urlString).toString(); + } catch { + return urlString; + } + } + } +}); + // ../resolving/npm-resolver/lib/index.js var require_lib49 = __commonJS({ "../resolving/npm-resolver/lib/index.js"(exports2) { @@ -60476,6 +60510,7 @@ var whichVersionIsPinned_js_1 = require_whichVersionIsPinned(); var pickPackageFromMeta_js_1 = require_pickPackageFromMeta(); var trustChecks_js_1 = require_trustChecks(); + var normalizeRegistryUrl_js_1 = require_normalizeRegistryUrl(); var NoMatchingVersionError = class extends error_1.PnpmError { packageMeta; immatureVersion; @@ -60669,7 +60704,7 @@ const id = `${pickedPackage.name}@${pickedPackage.version}`; const resolution = { integrity: getIntegrity(pickedPackage.dist), - tarball: pickedPackage.dist.tarball + tarball: (0, normalizeRegistryUrl_js_1.normalizeRegistryUrl)(pickedPackage.dist.tarball) }; let normalizedBareSpecifier; if (opts.calcSpecifier) { @@ -60714,7 +60749,7 @@ const id = `${pickedPackage.name}@${pickedPackage.version}`; const resolution = { integrity: getIntegrity(pickedPackage.dist), - tarball: pickedPackage.dist.tarball + tarball: (0, normalizeRegistryUrl_js_1.normalizeRegistryUrl)(pickedPackage.dist.tarball) }; return { id, @@ -60921,16 +60956,17 @@ } if (isRepository(wantedDependency.bareSpecifier)) return null; + const normalizedBareSpecifier = new URL(wantedDependency.bareSpecifier).toString(); let resolvedUrl; - const response = await fetchFromRegistry(wantedDependency.bareSpecifier, { method: "HEAD" }); + const response = await fetchFromRegistry(normalizedBareSpecifier, { method: "HEAD" }); if (response?.headers?.get("cache-control")?.includes("immutable")) { resolvedUrl = response.url; } else { - resolvedUrl = wantedDependency.bareSpecifier; + resolvedUrl = normalizedBareSpecifier; } return { - id: resolvedUrl, - normalizedBareSpecifier: resolvedUrl, + id: normalizedBareSpecifier, + normalizedBareSpecifier, resolution: { tarball: resolvedUrl }, @@ -97053,6 +97089,13 @@ return { shouldBeBuilt: false, pkgDir }; if (opts.ignoreScripts) return { shouldBeBuilt: true, pkgDir }; + if (!opts.allowBuild?.(manifest.name, manifest.version)) { + throw new error_1.PnpmError("GIT_DEP_PREPARE_NOT_ALLOWED", `The git-hosted package "${manifest.name}@${manifest.version}" needs to execute build scripts but is not in the "onlyBuiltDependencies" allowlist.`, { + hint: `Add the package to "onlyBuiltDependencies" in your project's pnpm-workspace.yaml to allow it to run scripts. For example: +onlyBuiltDependencies: + - "${manifest.name}"` + }); + } const pm = (await (0, preferred_pm_1.default)(gitRootDir))?.name ?? "npm"; const execOpts = { depPath: `${manifest.name}@${manifest.version}`, @@ -97589,11 +97632,6 @@ function createGitFetcher(createOpts) { const allowedHosts = new Set(createOpts?.gitShallowHosts ?? []); const ignoreScripts = createOpts.ignoreScripts ?? false; - const preparePkg = prepare_package_1.preparePackage.bind(null, { - ignoreScripts: createOpts.ignoreScripts, - rawConfig: createOpts.rawConfig, - unsafePerm: createOpts.unsafePerm - }); const gitFetcher = async (cafs, resolution, opts) => { const tempLocation = await cafs.tempDir(); if (allowedHosts.size > 0 && shouldUseShallow(resolution.repo, allowedHosts)) { @@ -97606,7 +97644,12 @@ await execGit(["checkout", resolution.commit], { cwd: tempLocation }); let pkgDir; try { - const prepareResult = await preparePkg(tempLocation, resolution.path ?? ""); + const prepareResult = await (0, prepare_package_1.preparePackage)({ + allowBuild: opts.allowBuild, + ignoreScripts: createOpts.ignoreScripts, + rawConfig: createOpts.rawConfig, + unsafePerm: createOpts.unsafePerm + }, tempLocation, resolution.path ?? ""); pkgDir = prepareResult.pkgDir; if (ignoreScripts && prepareResult.shouldBeBuilt) { (0, logger_1.globalWarn)(`The git-hosted package fetched from "${resolution.repo}" has to be built but the build scripts were ignored.`); @@ -98082,7 +98125,10 @@ }, force: true }); - const { shouldBeBuilt, pkgDir } = await (0, prepare_package_1.preparePackage)(opts, tempLocation, resolution.path ?? ""); + const { shouldBeBuilt, pkgDir } = await (0, prepare_package_1.preparePackage)({ + ...opts, + allowBuild: fetcherOpts.allowBuild + }, tempLocation, resolution.path ?? ""); const files = await (0, fs_packlist_1.packlist)(pkgDir); if (!resolution.path && files.length === Object.keys(filesIndex).length) { if (!shouldBeBuilt) { @@ -108792,6 +108838,7 @@ } const pkg = manifest != null ? (0, pick_1.default)(["name", "version"], manifest) : {}; const fetchResult = ctx.fetchPackageToStore({ + allowBuild: options.allowBuild, fetchRawManifest: true, force: forceFetch, ignoreScripts: options.ignoreScripts, @@ -108805,7 +108852,11 @@ supportedArchitectures: options.supportedArchitectures }); if (!manifest) { - manifest = (await fetchResult.fetching()).bundledManifest; + const fetchedResult = await fetchResult.fetching(); + manifest = fetchedResult.bundledManifest; + if (fetchedResult.integrity && !resolution.type && !resolution.integrity) { + resolution.integrity = fetchedResult.integrity; + } } return { body: { @@ -108990,6 +109041,7 @@ } const priority = (++ctx.requestsQueue.counter % ctx.requestsQueue.concurrency === 0 ? -1 : 1) * 1e3; const fetchedPackage = await ctx.requestsQueue.add(async () => ctx.fetch(opts.pkg.id, resolution, { + allowBuild: opts.allowBuild, filesIndexFile, lockfileDir: opts.lockfileDir, readManifest: opts.fetchRawManifest, @@ -109013,9 +109065,10 @@ version: opts.pkg.version } }), { priority }); - if (isLocalTarballDep && opts.pkg.resolution.integrity) { + const integrity = opts.pkg.resolution.integrity ?? fetchedPackage.integrity; + if (isLocalTarballDep && integrity) { await fs_1.promises.mkdir(target, { recursive: true }); - await graceful_fs_1.default.writeFile(path_1.default.join(target, TARBALL_INTEGRITY_FILENAME), opts.pkg.resolution.integrity, "utf8"); + await graceful_fs_1.default.writeFile(path_1.default.join(target, TARBALL_INTEGRITY_FILENAME), integrity, "utf8"); } fetching.resolve({ files: { @@ -109024,7 +109077,8 @@ packageImportMethod: fetchedPackage.packageImportMethod, requiresBuild: fetchedPackage.requiresBuild }, - bundledManifest: fetchedPackage.manifest == null ? fetchedPackage.manifest : normalizeBundledManifest(fetchedPackage.manifest) + bundledManifest: fetchedPackage.manifest == null ? fetchedPackage.manifest : normalizeBundledManifest(fetchedPackage.manifest), + integrity }); } catch (err) { fetching.reject(err); @@ -109966,7 +110020,24 @@ if (opts.cleanupUnusedCatalogs) { shouldBeUpdated = removePackagesFromWorkspaceCatalog(manifest, opts.allProjects ?? []) || shouldBeUpdated; } - for (const [key, value] of Object.entries(opts.updatedFields ?? {})) { + const updatedFields = { ...opts.updatedFields }; + if (manifest.allowBuilds != null && (updatedFields.onlyBuiltDependencies != null || updatedFields.ignoredBuiltDependencies != null)) { + const allowBuilds = { ...manifest.allowBuilds }; + if (updatedFields.onlyBuiltDependencies != null) { + for (const pattern of updatedFields.onlyBuiltDependencies) { + allowBuilds[pattern] = true; + } + } + if (updatedFields.ignoredBuiltDependencies != null) { + for (const pattern of updatedFields.ignoredBuiltDependencies) { + allowBuilds[pattern] = false; + } + } + updatedFields.allowBuilds = allowBuilds; + delete updatedFields.onlyBuiltDependencies; + delete updatedFields.ignoredBuiltDependencies; + } + for (const [key, value] of Object.entries(updatedFields)) { if (!(0, equals_1.default)(manifest[key], value)) { shouldBeUpdated = true; if (value == null) { @@ -148889,6 +148960,7 @@ core_loggers_1.progressLogger.debug({ packageId, requester: opts.lockfileDir, status: "resolved" }); try { fetchResponse = await opts.storeController.fetchPackage({ + allowBuild: opts.allowBuild, force: false, lockfileDir: opts.lockfileDir, ignoreScripts: opts.ignoreScripts, @@ -150020,6 +150092,7 @@ } else { try { fetchResponse = opts.storeController.fetchPackage({ + allowBuild: opts.allowBuild, force: false, lockfileDir: opts.lockfileDir, ignoreScripts: opts.ignoreScripts, @@ -150416,8 +150489,10 @@ } } } + const allowBuild = (0, builder_policy_1.createAllowBuildFunction)(opts); const lockfileToDepGraphOpts = { ...opts, + allowBuild, importerIds, lockfileDir, skipped, @@ -150452,7 +150527,6 @@ } let newHoistedDependencies; let linkedToRoot = 0; - const allowBuild = (0, builder_policy_1.createAllowBuildFunction)(opts); if (opts.nodeLinker === "hoisted" && hierarchy && prevGraph) { await (0, linkHoistedModules_js_1.linkHoistedModules)(opts.storeController, graph, prevGraph, hierarchy, { allowBuild, @@ -152451,6 +152525,7 @@ wantedDependency.bareSpecifier = (0, replaceVersionInBareSpecifier_js_1.replaceVersionInBareSpecifier)(wantedDependency.bareSpecifier, options.preferredVersion); } pkgResponse = await ctx.storeController.requestPackage(wantedDependency, { + allowBuild: ctx.allowBuild, alwaysTryWorkspacePackages: ctx.linkWorkspacePackagesDepth >= options.currentDepth, currentPkg: currentPkg ? { id: currentPkg.pkgId, @@ -152513,6 +152588,12 @@ rawSpec: wantedDependency.bareSpecifier } }); + if (ctx.blockExoticSubdeps && options.currentDepth > 0 && !isNonExoticDep(pkgResponse.body.resolvedVia)) { + const error = new error_1.PnpmError("EXOTIC_SUBDEP", `Exotic dependency "${wantedDependency.alias ?? wantedDependency.bareSpecifier}" (resolved via ${pkgResponse.body.resolvedVia}) is not allowed in subdependencies when blockExoticSubdeps is enabled`); + error.prefix = options.prefix; + error.pkgsStack = getPkgsInfoFromIds(options.parentIds, ctx.resolvedPkgsById); + throw error; + } if (ctx.allPreferredVersions && pkgResponse.body.manifest?.version) { if (!ctx.allPreferredVersions[pkgResponse.body.manifest.name]) { ctx.allPreferredVersions[pkgResponse.body.manifest.name] = {}; @@ -152801,6 +152882,19 @@ const existingCatalogResolution = wantedLockfile.catalogs?.[catalogLookup.catalogName]?.[wantedDependency.alias]; return existingCatalogResolution?.specifier === catalogLookup.specifier ? existingCatalogResolution.version : void 0; } + var NON_EXOTIC_RESOLVED_VIA = /* @__PURE__ */ new Set([ + "custom-resolver", + "github.com/denoland/deno", + "github.com/oven-sh/bun", + "jsr-registry", + "local-filesystem", + "nodejs.org", + "npm-registry", + "workspace" + ]); + function isNonExoticDep(resolvedVia) { + return resolvedVia != null && NON_EXOTIC_RESOLVED_VIA.has(resolvedVia); + } } }); @@ -152826,6 +152920,7 @@ const wantedToBeSkippedPackageIds = /* @__PURE__ */ new Set(); const autoInstallPeers = opts.autoInstallPeers === true; const ctx = { + allowBuild: opts.allowBuild, autoInstallPeers, autoInstallPeersFromHighestMatch: opts.autoInstallPeersFromHighestMatch === true, allowedDeprecatedVersions: opts.allowedDeprecatedVersions, @@ -152867,7 +152962,8 @@ maximumPublishedBy: opts.minimumReleaseAge ? new Date(Date.now() - opts.minimumReleaseAge * 60 * 1e3) : void 0, publishedByExclude: opts.minimumReleaseAgeExclude ? createPackageVersionPolicyByExclude(opts.minimumReleaseAgeExclude, "minimumReleaseAgeExclude") : void 0, trustPolicy: opts.trustPolicy, - trustPolicyExclude: opts.trustPolicyExclude ? createPackageVersionPolicyByExclude(opts.trustPolicyExclude, "trustPolicyExclude") : void 0 + trustPolicyExclude: opts.trustPolicyExclude ? createPackageVersionPolicyByExclude(opts.trustPolicyExclude, "trustPolicyExclude") : void 0, + blockExoticSubdeps: opts.blockExoticSubdeps }; function createPackageVersionPolicyByExclude(patterns, key) { try { @@ -157498,7 +157594,8 @@ disallowWorkspaceCycles: false, excludeLinksFromLockfile: false, virtualStoreDirMaxLength: 120, - peersSuffixMaxLength: 1e3 + peersSuffixMaxLength: 1e3, + blockExoticSubdeps: false }; }; function extendOptions(opts) { @@ -159031,7 +159128,9 @@ if (opts.dedupe) { forgetResolutionsOfAllPrevWantedDeps(ctx.wantedLockfile); } + const allowBuild = (0, builder_policy_1.createAllowBuildFunction)(opts); let { dependenciesGraph, dependenciesByProjectId, linkedDependenciesByProjectId, updatedCatalogs, newLockfile, outdatedDependencies, peerDependencyIssuesByProjects, wantedToBeSkippedPackageIds, waitTillAllFetchingsFinish } = await (0, resolve_dependencies_1.resolveDependencies)(projects, { + allowBuild, allowedDeprecatedVersions: opts.allowedDeprecatedVersions, allowUnusedPatches: opts.allowUnusedPatches, autoInstallPeers: opts.autoInstallPeers, @@ -159077,7 +159176,8 @@ minimumReleaseAge: opts.minimumReleaseAge, minimumReleaseAgeExclude: opts.minimumReleaseAgeExclude, trustPolicy: opts.trustPolicy, - trustPolicyExclude: opts.trustPolicyExclude + trustPolicyExclude: opts.trustPolicyExclude, + blockExoticSubdeps: opts.blockExoticSubdeps }); if (!opts.include.optionalDependencies || !opts.include.devDependencies || !opts.include.dependencies) { linkedDependenciesByProjectId = (0, map_1.default)((linkedDeps) => linkedDeps.filter((linkedDep) => !(linkedDep.dev && !opts.include.devDependencies || linkedDep.optional && !opts.include.optionalDependencies || !linkedDep.dev && !linkedDep.optional && !opts.include.dependencies)), linkedDependenciesByProjectId ?? {}); @@ -159112,7 +159212,6 @@ mergeGitBranchLockfiles: opts.mergeGitBranchLockfiles }; let stats; - const allowBuild = (0, builder_policy_1.createAllowBuildFunction)(opts); let ignoredBuilds; if (!opts.lockfileOnly && !isInstallationOnlyForLockfileCheck && opts.enableModulesDir) { const result2 = await (0, link_js_1.linkPackages)(projects, dependenciesGraph, { @@ -175650,6 +175749,11 @@ // the effects of the package extensions should already be part of the package snapshots pnpmfileChecksum: void 0, // the effects of the pnpmfile should already be part of the package snapshots + settings: { + ...lockfile.settings, + injectWorkspacePackages: void 0 + // the effects of injecting workspace packages should already be part of the lockfile + }, importers: { ["."]: targetSnapshot }, @@ -176026,6 +176130,8 @@ modulesDir: void 0, confirmModulesPurge: false, frozenLockfile: true, + injectWorkspacePackages: void 0, + // the effects of injecting workspace packages should already be part of the package snapshots overrides: void 0, // the effects of the overrides should already be part of the package snapshots hooks: { @@ -179248,7 +179354,11 @@ if (change === null || diff == null) { return latestManifest.deprecated ? chalk_1.default.redBright.bold("Deprecated") : latestManifest.version; } - return (0, colorize_semver_diff_1.default)({ change, diff }); + const versionText = (0, colorize_semver_diff_1.default)({ change, diff }); + if (latestManifest.deprecated) { + return `${versionText} ${chalk_1.default.redBright("(deprecated)")}`; + } + return versionText; } function renderDetails({ latestManifest }) { if (latestManifest == null) @@ -181020,7 +181130,8 @@ const { tarballPath } = await pack.api({ ...opts, dir, - packDestination + packDestination, + dryRun: false }); await copyNpmrc({ dir, workspaceDir: opts.workspaceDir, packDestination }); const { status } = (0, run_npm_1.runNpm)(opts.npmPath, ["publish", "--ignore-scripts", path_1.default.basename(tarballPath), ...args], { @@ -181123,6 +181234,7 @@ out: String, recursive: Boolean, ...(0, pick_1.default)([ + "dry-run", "pack-destination", "pack-gzip-level", "json", @@ -181140,6 +181252,10 @@ title: "Options", list: [ { + description: "Does everything `pnpm pack` would do except actually writing the tarball to disk.", + name: "--dry-run" + }, + { description: "Directory in which `pnpm pack` will save tarballs. The default is the current working directory.", name: "--pack-destination <dir>" }, @@ -181285,20 +181401,22 @@ } } const destDir = packDestination ? path_1.default.isAbsolute(packDestination) ? packDestination : path_1.default.join(dir, packDestination ?? ".") : dir; - await fs_1.default.promises.mkdir(destDir, { recursive: true }); - await packPkg({ - destFile: path_1.default.join(destDir, tarballName), - filesMap, - modulesDir: path_1.default.join(opts.dir, "node_modules"), - packGzipLevel: opts.packGzipLevel, - manifest: publishManifest, - bins: [ - ...(await (0, package_bins_1.getBinsFromPackageManifest)(publishManifest, dir)).map(({ path: path2 }) => path2), - ...(manifest.publishConfig?.executableFiles ?? []).map((executableFile) => path_1.default.join(dir, executableFile)) - ] - }); - if (!opts.ignoreScripts) { - await _runScriptsIfPresent(["postpack"], entryManifest); + if (!opts.dryRun) { + await fs_1.default.promises.mkdir(destDir, { recursive: true }); + await packPkg({ + destFile: path_1.default.join(destDir, tarballName), + filesMap, + modulesDir: path_1.default.join(opts.dir, "node_modules"), + packGzipLevel: opts.packGzipLevel, + manifest: publishManifest, + bins: [ + ...(await (0, package_bins_1.getBinsFromPackageManifest)(publishManifest, dir)).map(({ path: path2 }) => path2), + ...(manifest.publishConfig?.executableFiles ?? []).map((executableFile) => path_1.default.join(dir, executableFile)) + ] + }); + if (!opts.ignoreScripts) { + await _runScriptsIfPresent(["postpack"], entryManifest); + } } let packedTarballPath; if (opts.dir !== destDir) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/package/dist/worker.js new/package/dist/worker.js --- old/package/dist/worker.js 1985-10-26 09:15:00.000000000 +0100 +++ new/package/dist/worker.js 1985-10-26 09:15:00.000000000 +0100 @@ -9855,7 +9855,19 @@ const { filesIndex, manifest } = cafs.addFilesFromTarball(buffer, true); const { filesIntegrity, filesMap } = processFilesIndex(filesIndex); const requiresBuild = writeFilesIndexFile(filesIndexFile, { manifest: manifest ?? {}, files: filesIntegrity }); - return { status: "success", value: { filesIndex: filesMap, manifest, requiresBuild } }; + return { + status: "success", + value: { + filesIndex: filesMap, + manifest, + requiresBuild, + integrity: integrity ?? calcIntegrity(buffer) + } + }; + } + function calcIntegrity(buffer) { + const calculatedHash = crypto.hash("sha512", buffer, "hex"); + return `sha512-${Buffer.from(calculatedHash, "hex").toString("base64")}`; } function initStore({ storeDir }) { fs_1.default.mkdirSync(storeDir, { recursive: true }); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/package/package.json new/package/package.json --- old/package/package.json 1985-10-26 09:15:00.000000000 +0100 +++ new/package/package.json 1985-10-26 09:15:00.000000000 +0100 @@ -1,6 +1,6 @@ { "name": "pnpm", - "version": "10.25.0", + "version": "10.26.0", "description": "Fast, disk space efficient package manager", "keywords": [ "pnpm",
