Skip to content

chore(deps): update pnpm to v10.21.0 #599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update pnpm to v10.21.0 #599

wants to merge 1 commit into from
+1 −1

Conversation

@ctison
Copy link
Owner

@ctison ctison commented Nov 10, 2025

This PR contains the following updates:

Package Type Update Change
pnpm (source) packageManager minor 10.20.0 -> 10.21.0

Release Notes

pnpm/pnpm (pnpm)

v10.21.0: pnpm 10.21

Compare Source

Minor Changes

  • Node.js Runtime Installation for Dependencies. Added support for automatic Node.js runtime installation for dependencies. pnpm will now install the Node.js version required by a dependency if that dependency declares a Node.js runtime in the "engines" field. For example:

    {
  "engines": {
    "runtime": {
      "name": "node",
      "version": "^24.11.0",
      "onFail": "download"
    }
  }
}

    If the package with the Node.js runtime dependency is a CLI app, pnpm will bind the CLI app to the required Node.js version. This ensures that, regardless of the globally installed Node.js instance, the CLI will use the compatible version of Node.js.

    If the package has a postinstall script, that script will be executed using the specified Node.js version.

    Related PR: #​10141

  • Added a new setting: trustPolicy.

    When set to no-downgrade, pnpm will fail installation if a package’s trust level has decreased compared to previous releases — for example, if it was previously published by a trusted publisher but now only has provenance or no trust evidence.
    This helps prevent installing potentially compromised versions of a package.

    Related issue: #​8889.

  • Added support for pnpm config get globalconfig to retrieve the global config file path #​9977.

Patch Changes

  • When a user runs pnpm update on a dependency that is not directly listed in package.json, none of the direct dependencies should be updated #​10155.
  • Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10160.
  • Setting gitBranchLockfile and related settings via pnpm-workspace.yaml should work #​9651.

Platinum Sponsors

Bit

Gold Sponsors

Discord CodeRabbit Workleap
Stackblitz Vite

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@ctison ctison self-assigned this Nov 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ctison ctison

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ctison @renovate-bot