Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pnpm for openSUSE:Factory checked in at 2026-03-23 17:13:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pnpm (Old) and /work/SRC/openSUSE:Factory/.pnpm.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pnpm" Mon Mar 23 17:13:18 2026 rev:53 rq:1341909 version:10.32.1 Changes: -------- --- /work/SRC/openSUSE:Factory/pnpm/pnpm.changes 2026-02-03 21:32:21.590823830 +0100 +++ /work/SRC/openSUSE:Factory/.pnpm.new.8177/pnpm.changes 2026-03-23 17:14:25.504311778 +0100 @@ -1,0 +2,182 @@ +Sun Mar 15 08:32:44 UTC 2026 - Johannes Kastl <[email protected]> + +- update to 10.32.1: + * Patch Changes + - Fix a regression where pnpm-workspace.yaml without a packages + field caused all directories to be treated as workspace + projects. This broke projects that use pnpm-workspace.yaml + only for settings (e.g. minimumReleaseAge) without defining + workspace packages #10909. +- update to 10.32.0: + * Minor Changes + - Added --all flag to pnpm approve-builds that approves all + pending builds without interactive prompts #10136. + * Patch Changes + - Reverted change related to setting explicitly the npm config + file path, which caused regressions. + - Reverted fix related to lockfile-include-tarball-url. Fixes + #10915. +- update to 10.31.0: + * Minor Changes + - When pnpm updates the pnpm-workspace.yaml, comments, string + formatting, and whitespace will be preserved. + * Patch Changes + - Added -F as a short alias for the --filter option in the help + output. + - Handle undefined pkgSnapshot in pnpm why -r #10700. + - Fix headless install not being used when a project has an + injected self-referencing file: dependency that resolves to + link: in the lockfile. + - Fixed a race condition when multiple worker threads import + the same package to the global virtual store concurrently. + The rename operation now tolerates ENOTEMPTY/EEXIST errors if + another thread already completed the import. + - When lockfile-include-tarball-url is set to false, tarball + URLs are now always excluded from the lockfile. Previously, + tarball URLs could still appear for packages hosted under + non-standard URLs, making the behavior flaky and inconsistent + #6667. + - Fixed optimisticRepeatInstall skipping install when + overrides, packageExtensions, ignoredOptionalDependencies, + patchedDependencies, or peersSuffixMaxLength changed. + - Fixed pnpm patch-commit failing with "unable to access + '/.config/git/attributes': Permission denied" error in + environments where HOME is unset or non-standard (Docker + containers, CI systems). + - The issue occurred because pnpm was setting HOME and the + Windows user profile env var to empty strings to suppress + user git configuration when running git diff. This caused git + to resolve the home directory (~) as root (/), leading to + permission errors when attempting to access + /.config/git/attributes. + - Now uses GIT_CONFIG_GLOBAL: os.devNull instead, which is + git's proper mechanism for bypassing user-level configuration + without corrupting the home directory path resolution. + - Fixes #6537 + - Fix pnpm why -r --parseable missing dependents when multiple + workspace packages share the same dependency #8100. + - Fix link-workspace-packages=true incorrectly linking + workspace packages when the requested version doesn't match + the workspace package's version. Previously, on fresh + installs the version constraint is overridden to * in the + fallback resolution paths, causing any workspace package with + a matching name to be linked regardless of version #10173. + - Fixed pnpm update --interactive table breaking with long + version strings (e.g., prerelease versions like + 7.0.0-dev.20251209.1) by dynamically calculating column + widths instead of using hardcoded values #10316. + - Explicitly tell npm the path to the global rc config file. + - The parameter set by the --allow-build flag is written to + allowBuilds. + - Fix a bug in which specifying filter on pnpm-workspace.yaml + would cause pnpm to not detect any projects. + - Print help message on running pnpm dlx without arguments and + exit. + +------------------------------------------------------------------- +Mon Mar 2 08:46:56 UTC 2026 - Johannes Kastl <[email protected]> + +- update to 10.30.3: + * Patch Changes + - Fixed version switching via packageManager field failing when + pnpm is installed as a standalone executable in environments + without a system Node.js #10687. +- update to 10.30.2: + * Patch Changes + - Fix auto-installed peer dependencies ignoring overrides when + a stale version exists in the lockfile. + - Fixed "input line too long" error on Windows when running + lifecycle scripts with the global virtual store enabled + #10673. + - Update @zkochan/js-yaml to fix moderate vulnerability. +- update to 10.30.1: + * Patch Changes + - Use the /-/npm/v1/security/audits/quick endpoint as the + primary audit endpoint, falling back to + /-/npm/v1/security/audits when it fails #10649. +- update to 10.30.0: + * Minor Changes + - pnpm why now shows a reverse dependency tree. The searched + package appears at the root with its dependents as branches, + walking back to workspace roots. This replaces the previous + forward-tree output which was noisy and hard to read for + deeply nested dependencies. + * Patch Changes + - Revert pnpm why dependency pruning to prefer correctness over + memory consumption. Reverted PR: #7122. + - Optimize pnpm why and pnpm list performance in workspaces + with many importers by sharing the dependency graph and + materialization cache across all importers instead of + rebuilding them independently for each one #10596. +- update to 10.29.3: + * Patch Changes + - Fixed an out-of-memory error in pnpm list (and pnpm why) on + large dependency graphs by replacing the recursive tree + builder with a two-phase approach: a BFS dependency graph + followed by cached tree materialization. Duplicate subtrees + are now deduplicated in the output, shown as "deduped (N deps + hidden)" #10586. + - Fixed allowBuilds not working when set via .pnpmfile.cjs + #10516. + - When the enableGlobalVirtualStore option is set, the pnpm + deploy command would incorrectly create symlinks to the + global virtual store. To keep the deploy directory + self-contained, pnpm deploy now ignores this setting and + always creates a localized virtual store within the deploy + directory. + - Fixed minimumReleaseAgeExclude not being respected by pnpm + dlx #10338. +- update to 10.29.2: + * Patch Changes + - Reverted a fix shipped in v10.29.1, which caused another + issue #10571. + - Reverted fix: Fixed pnpm run -r failing with "No projects + matched the filters" when an empty pnpm-workspace.yaml exists + #10497. +- update to 10.29.1 (10.29.0 was not released): + * Minor Changes + - The pnpm dlx / pnpx command now supports the catalog: + protocol. Example: pnpm dlx shx@catalog:. + - Support configuring auditLevel in the pnpm-workspace.yaml + file #10540. + - Support bare workspace: protocol without version specifier. + It is now treated as workspace:* and resolves to the concrete + version during publish #10436. + * Patch Changes + - Fixed pnpm list --json returning incorrect paths when using + global virtual store #10187. + - Fix pnpm store path and pnpm store status using workspace + root for path resolution when storeDir is relative #10290. + - Fixed pnpm run -r failing with "No projects matched the + filters" when an empty pnpm-workspace.yaml exists #10497. + - Fixed a bug where catalogMode: strict would write the literal + string "catalog:" to pnpm-workspace.yaml instead of the + resolved version specifier when re-adding an existing catalog + dependency #10176. + - Fixed the documentation URL shown in pnpm completion --help + to point to the correct page at https://pnpm.io/completion + #10281. + - Skip local file: protocol dependencies during pnpm fetch. + This fixes an issue where pnpm fetch would fail in Docker + builds when local directory dependencies were not available + #10460. + - Fixed pnpm audit --json to respect the --audit-level setting + for both exit code and output filtering #10540. + - update tar to version 7.5.7 to fix security issue + - Updating the version of dependency tar to 7.5.7 because the + previous one have a security vulnerability reported here: + CVE-2026-24842 + - Fix pnpm audit --fix replacing reference overrides (e.g. + $foo) with concrete versions #10325. + - Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not + being converted to publicHoistPattern #10271. + - pnpm help should correctly report if the currently running + pnpm CLI is bundled with Node.js #10561. + - Add a warning when the current directory contains the PATH + delimiter character. On macOS, folder names containing + forward slashes (/) appear as colons (:) at the Unix layer. + Since colons are PATH separators in POSIX systems, this + breaks PATH injection for node_modules/.bin, causing binaries + to not be found when running commands like pnpm exec #10457. + +------------------------------------------------------------------- Old: ---- pnpm-10.28.2.tgz New: ---- pnpm-10.32.1.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pnpm.spec ++++++ --- /var/tmp/diff_new_pack.fYR3Ir/_old 2026-03-23 17:14:27.652401116 +0100 +++ /var/tmp/diff_new_pack.fYR3Ir/_new 2026-03-23 17:14:27.664401615 +0100 @@ -23,7 +23,7 @@ %global __nodejs_provides %{nil} %global __nodejs_requires %{nil} Name: pnpm -Version: 10.28.2 +Version: 10.32.1 Release: 0 Summary: Fast, disk space efficient package manager License: MIT ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.fYR3Ir/_old 2026-03-23 17:14:27.980414758 +0100 +++ /var/tmp/diff_new_pack.fYR3Ir/_new 2026-03-23 17:14:28.016416255 +0100 @@ -1,6 +1,6 @@ -mtime: 1769495846 -commit: fcb0fff18c1dc179522cd725c35d9dd0506223004997738e6173ef3f4f4b9cfa +mtime: 1773578792 +commit: 916fdd867fbcced9d73411ecb1f4ca7e2cfdb9fee5a75a1990e73db65f97665c url: https://src.opensuse.org/nodejs/pnpm.git -revision: fcb0fff18c1dc179522cd725c35d9dd0506223004997738e6173ef3f4f4b9cfa +revision: 916fdd867fbcced9d73411ecb1f4ca7e2cfdb9fee5a75a1990e73db65f97665c projectscmsync: https://src.opensuse.org/nodejs/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-03-22 23:16:47.000000000 +0100 @@ -0,0 +1 @@ +.osc ++++++ pnpm-10.28.2.tgz -> pnpm-10.32.1.tgz ++++++ ++++ 34883 lines of diff (skipped)
