mirrors/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-05-25 22:38:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): update npm dependencies (#37848)

Browse Source 
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [pnpm](https://pnpm.io)
([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) |
[`11.1.3` →
`11.2.1`](https://renovatebot.com/diffs/npm/pnpm/11.1.3/11.2.1) |
![age](https://developer.mend.io/api/mc/badges/age/npm/pnpm/11.2.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pnpm/11.1.3/11.2.1?slim=true)
|
| [stylelint](https://stylelint.io)
([source](https://redirect.github.com/stylelint/stylelint)) | [`17.11.1`
→
`17.12.0`](https://renovatebot.com/diffs/npm/stylelint/17.11.1/17.12.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/stylelint/17.12.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/stylelint/17.11.1/17.12.0?slim=true)
|

---

### Release Notes

<details>
<summary>pnpm/pnpm (pnpm)</summary>

###
[`v11.2.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1121)

[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.2.0...v11.2.1)

##### Patch Changes

- Mark optional subdependency snapshots of config dependencies with
`optional: true` in the env lockfile, matching how optional dependencies
are recorded elsewhere in `pnpm-lock.yaml`. Previously, snapshots for
the platform-specific subdeps pulled in via a config dep's
`optionalDependencies` were written as empty objects, which was
inconsistent with the rest of the lockfile and made it look like those
non-host platform variants were required.
- Fix `pickRegistryForPackage` returning the wrong registry for an
unscoped `npm:` alias under a scoped local name. A manifest entry like
`"@&#8203;private/foo": "npm:lodash@^1"` was routing the `lodash` fetch
through `registries["@&#8203;private"]`, even though `lodash` is
unscoped and doesn't live on that registry. The npm-alias branch now
returns the alias target's own scope (or `null` for an unscoped target,
falling through to `registries.default`) instead of leaking into the
local key's scope.
- Don't print "Installing config dependencies..." when config
dependencies are already installed and nothing needs to be fetched,
re-linked, or removed.

###
[`v11.2.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1120)

[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.1.3...v11.2.0)

##### Minor Changes

- **Experimental:** Adding
[`@pnpm/pacquet`](https://npmx.dev/package/@&#8203;pnpm/pacquet) (the
Rust port of pnpm) to `configDependencies` in `pnpm-workspace.yaml` now
delegates the materialization phase of `pnpm install` to the pacquet
binary. pnpm still owns dependency resolution; pacquet only fetches and
imports from the freshly-written lockfile. This is an opt-in preview of
the Rust install engine
[#&#8203;11723](https://redirect.github.com/pnpm/pnpm/issues/11723).

  To configure pacquet in a project, run:

  ```
  pnpm add @&#8203;pnpm/pacquet --config
  ```

You'll see changes in `pnpm-workspace.yaml` and `pnpm-lock.yaml` that
should be committed. If you experience any issues with pacquet, please
let us know by mentioning this in the GitHub issue you create.

- `configDependencies` now resolve and install one level of
`optionalDependencies` declared by the config dependency, with
`os`/`cpu`/`libc` platform filtering applied at install time. This
unlocks the esbuild/swc-style pattern where a package ships
platform-specific binaries via `optionalDependencies` — a config
dependency can now do the same and have the matching binary symlinked
next to it in the global virtual store, so
`require('pkg-platform-arch')` from inside the config dependency
resolves correctly.

The env lockfile records all platform variants regardless of host
platform, so it remains portable across machines. Each entry in a config
dependency's `optionalDependencies` must declare an exact version —
ranges and tags are rejected to keep installs reproducible.

- Implement the documented `pnpm login --scope <scope>` flag. The scope
is normalized (a leading `@` is added if missing; blank values are
ignored) and an `@<scope>:registry=<registry>` mapping is written to the
pnpm auth file alongside the auth token. Subsequent installs of
`@<scope>/*` packages then route to the chosen registry. Previously
`pnpm login --scope foo` errored with `Unknown option: 'scope'` despite
the flag being listed in the online documentation
[#&#8203;11716](https://redirect.github.com/pnpm/pnpm/issues/11716).

- `pnpm outdated` and `pnpm update --interactive` now report Node.js,
Deno, and Bun runtimes installed as project dependencies (`runtime:`
specifiers). Previously these were silently skipped.

##### Patch Changes

- Fix `cafile=<relative-path>` in `.npmrc` being read from the wrong
directory when pnpm is invoked from a different cwd (e.g. `pnpm --dir
<project> install` from a CI wrapper or monorepo script). The path is
now resolved against the directory of the `.npmrc` that declared it, not
`process.cwd()`. Before this fix the CA file silently failed to load —
the install proceeded without the configured CA and the user only saw
TLS errors against a private registry, with no log line tying back to
the wrongly resolved path
[#&#8203;11624](https://redirect.github.com/pnpm/pnpm/issues/11624).

- Fix `config.registry` getting a trailing slash appended when
`registry` is set in `.npmrc` and no `registries.default` is provided by
`pnpm-workspace.yaml`. The sync from `registries.default` to
`config.registry` introduced in
[#&#8203;11744](https://redirect.github.com/pnpm/pnpm/issues/11744) now
only fires when the workspace manifest actually contributes a different
default.

- Fix global add/update to handle minimumReleaseAge policy violations
instead of surfacing an internal resolver guardrail error.

- Fix two crashes with `injectWorkspacePackages: true` when the lockfile
has been pruned (e.g. by `turbo prune --docker`):

- `Cannot use 'in' operator to search for 'directory' in undefined`: a
peer-dependency-variant injected snapshot inherits its `resolution` from
the base `packages:` entry; when a pruner drops that base entry the
readers crash. `convertToLockfileObject` now reconstructs the directory
resolution from the `file:` depPath at load time — a single
normalization point, so every reader sees a fully-formed snapshot.
- `ERR_PNPM_ENOENT` on `node_modules/.bin/<tool>`: after
`prepare`/`postinstall`, `runLifecycleHooksConcurrently` re-imported
each injected workspace package; the `scanDir`-into-`filesMap`
workaround fed target-internal paths to the importer, which the
`makeEmptyDir` fast path
([#&#8203;11088](https://redirect.github.com/pnpm/pnpm/issues/11088))
then wiped. Drop the workaround and pass `keepModulesDir: true` so the
importer preserves the target's existing `node_modules` (bin links +
transitive deps) and source files keep their hardlinks.

- Fixed `pnpm login` and `pnpm logout` ignoring `registries.default`
from `pnpm-workspace.yaml`
[#&#8203;10099](https://redirect.github.com/pnpm/pnpm/issues/10099).

- Fix the `minimumReleaseAge` (publishedBy) maturity shortcut to be
inclusive at the cutoff. Previously, abbreviated metadata whose
`modified` field equalled the cutoff fell off the fast path and
triggered a full-metadata re-fetch (or a `MISSING_TIME` error when full
metadata wasn't permitted). Since `modified` is an upper bound on every
version's publish time, `modified == publishedBy` already implies every
version passes the per-version `<=` filter in
`filterPkgMetadataByPublishDate`, so the shortcut now accepts the
boundary case directly. Strictly `>` (was `>=`) at the rejection branch.

- Honor `publishConfig.access` when publishing packages.

</details>

<details>
<summary>stylelint/stylelint (stylelint)</summary>

###
[`v17.12.0`](https://redirect.github.com/stylelint/stylelint/blob/HEAD/CHANGELOG.md#17120---2026-05-20)

[Compare
Source](https://redirect.github.com/stylelint/stylelint/compare/17.11.1...17.12.0)

It fixes 3 bugs, including a false negative one.

- Fixed: `block-no-empty` reported range when using comments
([#&#8203;9294](https://redirect.github.com/stylelint/stylelint/pull/9294))
([@&#8203;romainmenke](https://redirect.github.com/romainmenke)).
- Fixed: `declaration-property-value-no-unknown` false negatives for
custom properties defined in reference files
([#&#8203;9292](https://redirect.github.com/stylelint/stylelint/pull/9292))
([@&#8203;romainmenke](https://redirect.github.com/romainmenke)).
- Fixed: `value-keyword-layout-mappings` false positives for
`caption-side`
([#&#8203;9293](https://redirect.github.com/stylelint/stylelint/pull/9293))
([@&#8203;romainmenke](https://redirect.github.com/romainmenke)).

</details>

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
This commit is contained in:
Giteabot
2026-05-25 11:07:48 -07:00
committed by GitHub
parent 821d3c4672
commit 1c130d2eb6
2 changed files with 26 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package.json
View File

@@ -1,6 +1,6 @@
{
"type": "module",
"packageManager": "pnpm@11.1.3",
"packageManager": "pnpm@11.2.1",
"engines": {
"node": ">= 22.18.0",
"pnpm": ">= 11.0.0"
@@ -113,7 +113,7 @@
"nolyfill": "1.0.44",
"postcss-html": "1.8.1",
"spectral-cli-bundle": "1.0.8",
"stylelint": "17.11.1",
"stylelint": "17.12.0",
"stylelint-config-recommended": "18.0.0",
"stylelint-declaration-block-no-ignored-properties": "3.0.0",
"stylelint-declaration-strict-value": "1.11.1",

48
pnpm-lock.yaml generated
View File

@@ -243,7 +243,7 @@ importers:
version: 5.10.0(eslint@10.4.0(jiti@2.7.0))
'@stylistic/stylelint-plugin':
specifier: 5.1.0
version: 5.1.0(stylelint@17.11.1(typescript@6.0.3))
version: 5.1.0(stylelint@17.12.0(typescript@6.0.3))
'@types/codemirror':
specifier: 5.60.17
version: 5.60.17
@@ -344,20 +344,20 @@ importers:
specifier: 1.0.8
version: 1.0.8
stylelint:
specifier: 17.11.1
version: 17.11.1(typescript@6.0.3)
specifier: 17.12.0
version: 17.12.0(typescript@6.0.3)
stylelint-config-recommended:
specifier: 18.0.0
version: 18.0.0(stylelint@17.11.1(typescript@6.0.3))
version: 18.0.0(stylelint@17.12.0(typescript@6.0.3))
stylelint-declaration-block-no-ignored-properties:
specifier: 3.0.0
version: 3.0.0(stylelint@17.11.1(typescript@6.0.3))
version: 3.0.0(stylelint@17.12.0(typescript@6.0.3))
stylelint-declaration-strict-value:
specifier: 1.11.1
version: 1.11.1(stylelint@17.11.1(typescript@6.0.3))
version: 1.11.1(stylelint@17.12.0(typescript@6.0.3))
stylelint-value-no-unknown-custom-properties:
specifier: 6.1.1
version: 6.1.1(stylelint@17.11.1(typescript@6.0.3))
version: 6.1.1(stylelint@17.12.0(typescript@6.0.3))
svgo:
specifier: 4.0.1
version: 4.0.1
@@ -2753,8 +2753,8 @@ packages:
fflate@0.8.2:
resolution: {integrity: sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==}
file-entry-cache@11.1.2:
resolution: {integrity: sha512-N2WFfK12gmrK1c1GXOqiAJ1tc5YE+R53zvQ+t5P8S5XhnmKYVB5eZEiLNZKDSmoG8wqqbF9EXYBBW/nef19log==}
file-entry-cache@11.1.3:
resolution: {integrity: sha512-oMbq0PD6VIiIwMF6LIa7MEwd/l9huKwmqRKXqmrkqIZv8CvRbfowL+L0ryAl8h//HfAS0zS+4SbYoRyAoA6BJA==}
file-entry-cache@8.0.0:
resolution: {integrity: sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==}
@@ -3928,8 +3928,8 @@ packages:
peerDependencies:
stylelint: '>=16'
stylelint@17.11.1:
resolution: {integrity: sha512-+smN/HqVTggUx3iuAzOi9fPh8SrH+cJWlZrYVldXoJ06orWBhZ4Ue/QEp64oei6pVrAh4w3tG+Y12Vw7MbCFRQ==}
stylelint@17.12.0:
resolution: {integrity: sha512-KIlzWXMHUvgfPUR0R7TK3H80yCIi0uoivUwf+6Az4yrHJD1Q3c1qIkh/H5Z0i/K3QXgtq/UMEkWyBUSUwnpnOg==}
engines: {node: '>=20.19.0'}
hasBin: true
@@ -5353,7 +5353,7 @@ snapshots:
estraverse: 5.3.0
picomatch: 4.0.4
'@stylistic/stylelint-plugin@5.1.0(stylelint@17.11.1(typescript@6.0.3))':
'@stylistic/stylelint-plugin@5.1.0(stylelint@17.12.0(typescript@6.0.3))':
dependencies:
'@csstools/css-parser-algorithms': 4.0.0(@csstools/css-tokenizer@4.0.0)
'@csstools/css-tokenizer': 4.0.0
@@ -5362,7 +5362,7 @@ snapshots:
postcss-selector-parser: 7.1.1
postcss-value-parser: 4.2.0
style-search: 0.1.0
stylelint: 17.11.1(typescript@6.0.3)
stylelint: 17.12.0(typescript@6.0.3)
'@swc/helpers@0.5.21':
dependencies:
@@ -7002,7 +7002,7 @@ snapshots:
fflate@0.8.2: {}
file-entry-cache@11.1.2:
file-entry-cache@11.1.3:
dependencies:
flat-cache: 6.1.22
@@ -8205,25 +8205,25 @@ snapshots:
style-search@0.1.0: {}
stylelint-config-recommended@18.0.0(stylelint@17.11.1(typescript@6.0.3)):
stylelint-config-recommended@18.0.0(stylelint@17.12.0(typescript@6.0.3)):
dependencies:
stylelint: 17.11.1(typescript@6.0.3)
stylelint: 17.12.0(typescript@6.0.3)
stylelint-declaration-block-no-ignored-properties@3.0.0(stylelint@17.11.1(typescript@6.0.3)):
stylelint-declaration-block-no-ignored-properties@3.0.0(stylelint@17.12.0(typescript@6.0.3)):
dependencies:
stylelint: 17.11.1(typescript@6.0.3)
stylelint: 17.12.0(typescript@6.0.3)
stylelint-declaration-strict-value@1.11.1(stylelint@17.11.1(typescript@6.0.3)):
stylelint-declaration-strict-value@1.11.1(stylelint@17.12.0(typescript@6.0.3)):
dependencies:
stylelint: 17.11.1(typescript@6.0.3)
stylelint: 17.12.0(typescript@6.0.3)
stylelint-value-no-unknown-custom-properties@6.1.1(stylelint@17.11.1(typescript@6.0.3)):
stylelint-value-no-unknown-custom-properties@6.1.1(stylelint@17.12.0(typescript@6.0.3)):
dependencies:
postcss-value-parser: 4.2.0
resolve: 1.22.12
stylelint: 17.11.1(typescript@6.0.3)
stylelint: 17.12.0(typescript@6.0.3)
stylelint@17.11.1(typescript@6.0.3):
stylelint@17.12.0(typescript@6.0.3):
dependencies:
'@csstools/css-calc': 3.2.0(@csstools/css-parser-algorithms@4.0.0(@csstools/css-tokenizer@4.0.0))(@csstools/css-tokenizer@4.0.0)
'@csstools/css-parser-algorithms': 4.0.0(@csstools/css-tokenizer@4.0.0)
@@ -8239,7 +8239,7 @@ snapshots:
debug: 4.4.3
fast-glob: 3.3.3
fastest-levenshtein: 1.0.16
file-entry-cache: 11.1.2
file-entry-cache: 11.1.3
global-modules: 2.0.0
globby: 16.2.0
globjoin: 0.1.4