Skip to content

build: update pnpm to v10.29.2 (21.1.x) #32756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
angular-robot wants to merge 1 commit into
base: 21.1.x
Choose a base branch
from
Open

build: update pnpm to v10.29.2 (21.1.x) #32756

angular-robot wants to merge 1 commit into from

Conversation

@angular-robot
Copy link
Contributor

@angular-robot angular-robot commented Feb 9, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pnpm (source) 10.28.210.29.2 age adoption passing confidence

Release Notes

pnpm/pnpm (pnpm)

v10.29.2: pnpm 10.29.2

Compare Source

Patch Changes
  • Reverted a fix shipped in v10.29.1, which caused another issue #​10571.
    Reverted fix: Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.
Platinum Sponsors
Bit
Gold Sponsors
Discord CodeRabbit Workleap
Stackblitz Vite

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes
  • The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
  • Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
  • Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.
Patch Changes

  • Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

  • Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

  • Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

  • Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

  • Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

  • Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

  • Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

  • update tar to version 7.5.7 to fix security issue

    Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

  • Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

  • Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

  • pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

  • Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors
Bit
Gold Sponsors
Discord CodeRabbit Workleap
Stackblitz Vite
  • If you want to rebase/retry this PR, check this box

@angular-robot angular-robot added action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project target: automation This PR is targeted to only merge into the branch defined in Github [bot use only] labels Feb 9, 2026
@pullapprove pullapprove bot requested review from mmalerba and ok7sai February 9, 2026 06:27
@angular-robot
build: update pnpm to v10.29.2
1e9bcfd 
See associated pull request for more information.
@angular-robot angular-robot changed the title build: update pnpm to v10.29.1 (21.1.x) build: update pnpm to v10.29.2 (21.1.x) Feb 10, 2026
@angular-robot angular-robot force-pushed the ng-renovate/21.1.x-pnpm-10-x branch from d629952 to 1e9bcfd Compare February 10, 2026 02:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mmalerba mmalerba mmalerba approved these changes

@ok7sai ok7sai Awaiting requested review from ok7sai

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project target: automation This PR is targeted to only merge into the branch defined in Github [bot use only]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@angular-robot @mmalerba