Update dependency @pnpm/types to v7

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@pnpm/types	^1.7.0 -> ^7.0.0

---

Release Notes

pnpm/pnpm

v6.3.0

Compare Source

Features

• pnpm list -r --json returns the locations of workspace projects via the path field #​3432.

Bug Fixes

• save-prefix should be respected, when it is set to empty #​3414.
• skip resolution, when lockfile is up-to-date, even if some packages in the workspace are referenced through relative path #​3422.
• pnpm why: do not incorrectly include linked deps in search results #​3428.

v6.2.0

Compare Source

v6.1.0

Compare Source

Features

• New option added: enable-pre-post-scripts. When it is set to true, lifecycle scripts with pre/post prefixes are automatically executed by pnpm #​3348.

v6.0.0

Compare Source

Breaking Changes

• Node.js v10 support is dropped. At least Node.js v12.17 is required for the package to work.

• Arbitrary pre/post hooks for user-defined scripts (such as prestart) are not executed automatically #​2891.

• The lockfile version is bumped to v5.3. Changes in the new format:

  • Blank lines added between package/project entries to improve readability and decrease merge issues.
  • The resolution, engines, os, and cpu fields are now always written in a single lines, as the first keys of the package objects.
  • A new field is added to the package objects: transitivePeerDependencies.

• The layout of the virtual store directory has changed (node_modules/.pnpm) to allow keeping cache in it:

  • All packages inside the virtual store directory are on the same depth. Instead of subdirectories, one directory is used with # instead of slashes.
  • New setting added: modules-cache-max-age. The default value of the setting is 10080 (7 days in seconds). modules-cache-max-age is the time in minutes after which pnpm should remove the orphan packages from node_modules.

• pnpx does not automatically install packages. A prompt asks the user if a package should be installed, if it is not present.

  pnpx --yes tells pnpx to install any missing package.

  pnpx --no makes pnpx fail if the called packages is not installed.

• pnpmfile.js renamed to .pnpmfile.cjs in order to force CommonJS.

• .pnp.js renamed to .pnp.cjs in order to force CommonJS.

• The pnpm-prefix setting is removed. Use global-dir to specify a custom location for the globally installed packages.

• The default depth of an update is Infinity, not 0.

• The --global option should be used when linking from/to the global modules directory.

  Linking a package to the global directory:

  • pnpm v5: pnpm link
  • pnpm v6: pnpm link --global

  Linking a package from the global directory:

  • pnpm v5: pnpm link foo
  • pnpm v6: pnpm link --global foo

• pnpm's command file's extension changed to .cjs (bin/pnpm.js=>bin/pnpm.cjs).

• node-gyp updated to v8.

• prepublish is not executed on a local pnpm install. Use prepare instead.

Features

• A new command added: pnpm fetch.

  Fetch packages from a lockfile into virtual store, package manifest is ignored.
  This command is specifically designed to boost building a docker image.

• Overrides match dependencies by checking if the target range is a subset of the specified range, instead of making an exact match.

  For example, the following override will replace any version of foo that has a subrange on v2:

  "pnpm": {
    "overrides": {
      "foo@2": "2.1.0"
    }
  }

  This will override [email protected] and foo@^2.3.0 to [email protected] as both 2.2.0 and ^2.3.0 are subranges of 2.

v5.0.0

Compare Source

Major Changes

• 🚀 33% faster installation times vs pnpm v4.

  In some cases, 2 times faster than Yarn v1! (performance diff of pnpm v4 vs v5)

  action	cache	lockfile	node_modules	npm	pnpm	Yarn	Yarn PnP
  install				43.3s	17.5s	36.7s	28.6s
  install	✔	✔	✔	7s	1.5s	735ms	n/a
  install	✔	✔		18.3s	7.8s	10.5s	1.8s
  install	✔			24.8s	10.9s	22.2s	12.1s
  install		✔		23.2s	15.2s	22.4s	13.4s
  install	✔		✔	6.4s	1.8s	17.1s	n/a
  install		✔	✔	7.3s	1.5s	735ms	n/a
  install			✔	6.4s	3.1s	33.2s	n/a
  update	n/a	n/a	n/a	7s	14.5s	42.6s	27.6s

  All the benchmarks are here.

• A content-addressable filesystem is used to store packages on the disk.

  pnpm v5 uses a content-addressable filesystem to store all files from all module directories on a disk. If you depend on different versions of lodash, only the files that differ are added to the store. If lodash has 100 files, and a new version has a change only in one of those files, pnpm update will only add 1 new file to the storage.

  For more info about the structure of this new store, you can check the GitHub issue about it.

  This change was inspired by dupe-krill and the content-addressable storage of Git.

• Reduced directory nesting in the virtual store directory.

  In pnpm v4, if you installed [email protected], it was hard-linked into node_modules/.pnpm/registry.npmjs.org/foo/1.0.0/.

  In pnpm v5, it will be hard-linked into node_modules/.pnpm/[email protected]/. This new structure of the virtual store directory drastically reduces the number of directories pnpm has to create. Hence, there are fewer filesystem operations, which improves speed.

• pnpm store usages removed.

  This command was using information from the store.json files, which is not present in the new content-addressable storage anymore.

• The independent-leaves setting has been removed.

  When hoisting was off, it was possible to set the independent-leaves setting to true. When true, leaf dependencies were symlinked directly from the global store. However, we turned hoisting on by default for pnpm v4, so this feature has no future at the moment.

• The resolution-strategy setting has been removed.

  By default, the fewer-dependencies resolution strategy is used. It was possible to select a fast resolution strategy. This setting is deprecated to simplify future improvements to the resolution algorithm.

• The store and the modules directory are not locked.

  We are not using directory locks anymore. So the --no-lock option will throw an error. Some users had issues with locking. We have confidence that pnpm will never leave either node_modules or the store in a broken state,
  so we removed locking.

• git-checks is true by default.

  By default, pnpm publish will make some checks before actually publishing a new version of your package.

  The next checks will happen:

  • The current branch is your publish branch. The publish branch is master by default. This is configurable through the publish-branch setting.
  • Your working directory is clean (there are no uncommitted changes).
  • The branch is up-to-date.

  If you don't want this checks, run pnpm publish --no-git-checks or set this setting to false via a .npmrc file.

• In case of a crash, the debug file will be written to node_modules/.pnpm-debug.log (not to pnpm-debug.log as in v4 and earlier).

Minor Changes

• The link-workspace-packages setting may now be set to deep.

  When link-workspace-packages is set to deep, packages from the workspace will be linked even to subdependencies.

v4.0.0

Compare Source

Breaking Changes

• Node.js 10 or newer is required (it will probably work with Node.js 8 as well but we don't test it anymore)
• new node_modules structure.
  • all the hard linked dependencies are inside node_modules/.pnpm (#​1636, @​zkochan)
  • all the hoisted dependencies are symlinked into node_modules/.pnpm/node_modules. So application code has no access to the hoisted packages but dependencies have. (#​1998, @​zkochan)
  • the current lockfile is moved from node_modules/.pnpm-lock.yaml to node_modules/.pnpm/lock.yaml (#​2018, @​zkochan)
• shamefully-flatten renamed to shamefully-hoist. (@​zkochan)
• hoist-pattern is * by default. All packages are hoisted but application code has access only to listed dependencies. So the buggy ecosystem packages will work but pnpm will prevent users from requiring packages that are not declared in package.json. (@​zkochan)
• all globally installed packages are always hoisted. (@​zkochan)
• pnpm add fails if no packages are specified (5f73a7c, @​zkochan)
• pnpm install installs all dependencies of all workspace packages when executed inside a workspace (5f73a7c, @​zkochan)
• independent-leaves is only allowed with hoisting turned off (f3d5037, @​zkochan)
• pnpm outdated does not print details by default. To should details, use the --long flag (#​2017, @​aparajita)
• the root package.json is always included in the workspace (#​2021, @​ExE-Boss)
• the CLI fails with unknown/incompatible options (#​1645, @​zkochan)
  • fails because of unknown option: pnpm install --foo
  • fails because of incompatible option: pnpm remove foo --save-exact
  • removed legacy --*-shrinkwrap option aliases from the CLI.
• the default resolution-strategy is fewer-dependencies instead of fast (#​2042, @​zkochan)
• changes in the way packages are imported from the store (#​2043, @​zkochan):
  • package-import-method does not support reflink anymore. Use clone instead, which is a cross-platform alternative.
  • by default, pnpm will clone packages on systems that support it. If cloning is not supported, pnpm will link packages from the store. If hard links are also not supported, pnpm will copy the packages.
• new pattern matcher (#​2048, @​zkochan)
  The new pattern matcher only supports * (so you can do eslint-* or *-plugin-*). The * now also matches scopes, so *plugin matches both @eslint/plugin and eslint-plugin.

Features

• new config settings:
  • hoist: true by default. When false, pnpm will not hoist any dependencies in node_modules, preventing dependencies inside node_modules from accessing unlisted dependencies. (#​2004, @​zkochan)
  • hoist-pattern: * by default. All packages matching this pattern will be hoisted. For example, you can choose to hoist only eslint packages: hoist-pattern=eslint-*. By default, all packages are hoisted. (#​1997, #​1998, @​zkochan)
  • shamefully-hoist: same as shamefully-flatten in previous versions of pnpm. The project's code has access to hoisted dependencies. (#​2006, @​zkochan)
• pnpm outdated:
  • restyle the pnpm outdated output for readability (#​2007, @​aparajita)
    
  • pnpm outdated --no-table prints a list of outdated packages instead of a table (#​2026, @​aparajita)
    
• nicer output of the --help commands (#​2013, @​zkochan)
  
• new command: pnpm why <package> (#​2015, @​ExE-Boss)

v3.2.0

Compare Source

Features

• -L, --latest flag for update command. When used, version ranges in package.json are ignored (#​1307)

  Usage examples:

  pnpm update --latest
  pnpm multi up -L
  

• --save-peer flag (#​1064)

  Usage example:

  pnpm add webpack --save-peer
  

• optional peer dependencies (#​1486)

  Usage example. In package.json mark optional peer deps via the peerDependenciesMeta flag:

  "peerDependencies": { "webpack": "^4.0.0"  },
  "peerDependenciesMeta": { "webpack": { "optional": true } }

• at least Node.js 8.15 is required to run pnpm>=v3.2

Bug Fixes

• correct stats reporting with --independent-leaves flag (859aed1)
• transitive peer dependencies in lockfile should not be added as dependencies on named install (dec1b42)

Milestone: https://github.com/pnpm/pnpm/milestone/5

v3.1.0

Compare Source

Features

• support resolution strategies (#​1739)
  --resolution-strategy fast - the default resolution strategy. Speed is preferred over deduplication
  --resolution-strategy fewer-dependencies - already installed dependencies are preferred even if newer versions satisfy a range

Bug Fixes

• do not chown when unpacking package tarballs (#​1699)
• reinstall missing packages to node_modules (#​1134)
• depth should be 0 by default for list command (#​1652)
• when running a global command inside a workspace, ignore the workspace (0d8a7be)
• pnpm store add should read the registries of scoped packages from .npmrc (#​1737)

v3.0.0

Compare Source

Breaking Changes

• Node.js 6 and below are not supported
• pnpm's lockfile renamed from shrinkwrap.yaml to pnpm-lock.yaml
• the --scope flag is deprecated
• the -r flag is not an alias of --registry anymore. pnpm i -r === pnpm recursive install
• the specified version spec is prefered during installation. It doesn't matter what are the values of the save-exact and save-prefix configs (#​1633)
• the pnpm recursive link command is deprecated
• the link-workspace-packages config is true by default
• the shared-workspace-lockfile config is true by default
• config renames:
  • shrinkwrap -> lockfile
  • shrinkwrap-only -> lockfile-only
  • shrinkwrap-directory -> lockfile-directory
  • shared-workspace-shrinkwrap -> shared-workspace-lockfile
  • frozen-shrinkwrap -> frozen-lockfile
  • prefer-frozen-shrinkwrap -> prefer-frozen-lockfile
• dependency locations in node_modules may not contain ! in their path (#​1601)

v2.0.0

Compare Source

Breaking Changes

• Node.js 4 is not supported anymore
• the store-path config is not an alias of the store config
• directory dependencies are always prefixed with link: in shrinkwrap.yaml
• non-deprecated versions are preferred during resolution (#​1002)
• pnpm unlink is not an alias of pnpm uninstall. It is now an alias of pnpm dislink

Bug Fixes

• rebuild should not fail on linked packages (#​1155)
• pnpm recursive link adds link to proper dependency type (839f7ec)
• ignore dependencies that have the same name as the dep holder (7006aac)

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.