Bump pnpm from 10.2.1 to 10.18.3

[dependabot]

Bumps pnpm from 10.2.1 to 10.18.3.

Release notes

Sourced from pnpm's releases.

pnpm 10.18.3

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #9646.
• Fixed EISDIR error when bin field points to a directory #9441.
• Preserve version and hasBin for variations packages #10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #10072.
• Prevent a table width error in pnpm outdated --long #10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #10057.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.18.3

Patch Changes

• Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #10060.
• Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #9362.
• Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #9646.
• Fixed EISDIR error when bin field points to a directory #9441.
• Preserve version and hasBin for variations packages #10022.
• Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #9884.
• When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #10072.
• Prevent a table width error in pnpm outdated --long #10040.
• Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #10057.

10.18.2

Patch Changes

• pnpm outdated --long should work #10040.
• Replace ndjson with split2. Reduce the bundle size of pnpm CLI #10054.
• pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #9963.
• pnpm version switching should work when the pnpm home directory is in a symlinked directory #9715.
• Fix EPIPE errors when piping output to other commands #10027.

10.18.1

Patch Changes

• Don't print a warning, when --lockfile-only is used #8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

10.18.0

Minor Changes

• Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

  Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps. Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

  Related PR: #10025.

Patch Changes

• Retry filesystem operations on EAGAIN errors #9959.
• Outdated command respects minimumReleaseAge configuration #10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #8748.
• pnpm dlx should not fail when minimumReleaseAge is set #10037.

... (truncated)

Commits

• 1bfc105 chore(release): 10.18.3
• 6089939 fix: sync bin links after injected deps sync (#10064)
• 9865167 fix(config): fix infinite loop when using pre/post install scripts and verify...
• 1b15e45 chore(release): 10.18.2
• 50a47b0 fix: handle EPIPE errors when piping output (#10051)
• 651a27a chore(release): 10.18.1
• bdbd31a chore(release): 10.18.0
• 2bfbdfc fix: errorHander.ts
• 6618431 chore(release): libs
• 0e58f87 test: skip failing test on Windows
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #122.