From 1c130d2eb6c2aed7d8b58c5c36da95b3ad25d314 Mon Sep 17 00:00:00 2001 From: Giteabot Date: Mon, 25 May 2026 11:07:48 -0700 Subject: [PATCH] chore(deps): update npm dependencies (#37848) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [pnpm](https://pnpm.io) ([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) | [`11.1.3` → `11.2.1`](https://renovatebot.com/diffs/npm/pnpm/11.1.3/11.2.1) | ![age](https://developer.mend.io/api/mc/badges/age/npm/pnpm/11.2.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pnpm/11.1.3/11.2.1?slim=true) | | [stylelint](https://stylelint.io) ([source](https://redirect.github.com/stylelint/stylelint)) | [`17.11.1` → `17.12.0`](https://renovatebot.com/diffs/npm/stylelint/17.11.1/17.12.0) | ![age](https://developer.mend.io/api/mc/badges/age/npm/stylelint/17.12.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/stylelint/17.11.1/17.12.0?slim=true) | --- ### Release Notes
pnpm/pnpm (pnpm) ### [`v11.2.1`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1121) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v11.2.0...v11.2.1) ##### Patch Changes - Mark optional subdependency snapshots of config dependencies with `optional: true` in the env lockfile, matching how optional dependencies are recorded elsewhere in `pnpm-lock.yaml`. Previously, snapshots for the platform-specific subdeps pulled in via a config dep's `optionalDependencies` were written as empty objects, which was inconsistent with the rest of the lockfile and made it look like those non-host platform variants were required. - Fix `pickRegistryForPackage` returning the wrong registry for an unscoped `npm:` alias under a scoped local name. A manifest entry like `"@​private/foo": "npm:lodash@^1"` was routing the `lodash` fetch through `registries["@​private"]`, even though `lodash` is unscoped and doesn't live on that registry. The npm-alias branch now returns the alias target's own scope (or `null` for an unscoped target, falling through to `registries.default`) instead of leaking into the local key's scope. - Don't print "Installing config dependencies..." when config dependencies are already installed and nothing needs to be fetched, re-linked, or removed. ### [`v11.2.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1120) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v11.1.3...v11.2.0) ##### Minor Changes - **Experimental:** Adding [`@pnpm/pacquet`](https://npmx.dev/package/@​pnpm/pacquet) (the Rust port of pnpm) to `configDependencies` in `pnpm-workspace.yaml` now delegates the materialization phase of `pnpm install` to the pacquet binary. pnpm still owns dependency resolution; pacquet only fetches and imports from the freshly-written lockfile. This is an opt-in preview of the Rust install engine [#​11723](https://redirect.github.com/pnpm/pnpm/issues/11723). To configure pacquet in a project, run: ``` pnpm add @​pnpm/pacquet --config ``` You'll see changes in `pnpm-workspace.yaml` and `pnpm-lock.yaml` that should be committed. If you experience any issues with pacquet, please let us know by mentioning this in the GitHub issue you create. - `configDependencies` now resolve and install one level of `optionalDependencies` declared by the config dependency, with `os`/`cpu`/`libc` platform filtering applied at install time. This unlocks the esbuild/swc-style pattern where a package ships platform-specific binaries via `optionalDependencies` — a config dependency can now do the same and have the matching binary symlinked next to it in the global virtual store, so `require('pkg-platform-arch')` from inside the config dependency resolves correctly. The env lockfile records all platform variants regardless of host platform, so it remains portable across machines. Each entry in a config dependency's `optionalDependencies` must declare an exact version — ranges and tags are rejected to keep installs reproducible. - Implement the documented `pnpm login --scope ` flag. The scope is normalized (a leading `@` is added if missing; blank values are ignored) and an `@:registry=` mapping is written to the pnpm auth file alongside the auth token. Subsequent installs of `@/*` packages then route to the chosen registry. Previously `pnpm login --scope foo` errored with `Unknown option: 'scope'` despite the flag being listed in the online documentation [#​11716](https://redirect.github.com/pnpm/pnpm/issues/11716). - `pnpm outdated` and `pnpm update --interactive` now report Node.js, Deno, and Bun runtimes installed as project dependencies (`runtime:` specifiers). Previously these were silently skipped. ##### Patch Changes - Fix `cafile=` in `.npmrc` being read from the wrong directory when pnpm is invoked from a different cwd (e.g. `pnpm --dir install` from a CI wrapper or monorepo script). The path is now resolved against the directory of the `.npmrc` that declared it, not `process.cwd()`. Before this fix the CA file silently failed to load — the install proceeded without the configured CA and the user only saw TLS errors against a private registry, with no log line tying back to the wrongly resolved path [#​11624](https://redirect.github.com/pnpm/pnpm/issues/11624). - Fix `config.registry` getting a trailing slash appended when `registry` is set in `.npmrc` and no `registries.default` is provided by `pnpm-workspace.yaml`. The sync from `registries.default` to `config.registry` introduced in [#​11744](https://redirect.github.com/pnpm/pnpm/issues/11744) now only fires when the workspace manifest actually contributes a different default. - Fix global add/update to handle minimumReleaseAge policy violations instead of surfacing an internal resolver guardrail error. - Fix two crashes with `injectWorkspacePackages: true` when the lockfile has been pruned (e.g. by `turbo prune --docker`): - `Cannot use 'in' operator to search for 'directory' in undefined`: a peer-dependency-variant injected snapshot inherits its `resolution` from the base `packages:` entry; when a pruner drops that base entry the readers crash. `convertToLockfileObject` now reconstructs the directory resolution from the `file:` depPath at load time — a single normalization point, so every reader sees a fully-formed snapshot. - `ERR_PNPM_ENOENT` on `node_modules/.bin/`: after `prepare`/`postinstall`, `runLifecycleHooksConcurrently` re-imported each injected workspace package; the `scanDir`-into-`filesMap` workaround fed target-internal paths to the importer, which the `makeEmptyDir` fast path ([#​11088](https://redirect.github.com/pnpm/pnpm/issues/11088)) then wiped. Drop the workaround and pass `keepModulesDir: true` so the importer preserves the target's existing `node_modules` (bin links + transitive deps) and source files keep their hardlinks. - Fixed `pnpm login` and `pnpm logout` ignoring `registries.default` from `pnpm-workspace.yaml` [#​10099](https://redirect.github.com/pnpm/pnpm/issues/10099). - Fix the `minimumReleaseAge` (publishedBy) maturity shortcut to be inclusive at the cutoff. Previously, abbreviated metadata whose `modified` field equalled the cutoff fell off the fast path and triggered a full-metadata re-fetch (or a `MISSING_TIME` error when full metadata wasn't permitted). Since `modified` is an upper bound on every version's publish time, `modified == publishedBy` already implies every version passes the per-version `<=` filter in `filterPkgMetadataByPublishDate`, so the shortcut now accepts the boundary case directly. Strictly `>` (was `>=`) at the rejection branch. - Honor `publishConfig.access` when publishing packages.
stylelint/stylelint (stylelint) ### [`v17.12.0`](https://redirect.github.com/stylelint/stylelint/blob/HEAD/CHANGELOG.md#17120---2026-05-20) [Compare Source](https://redirect.github.com/stylelint/stylelint/compare/17.11.1...17.12.0) It fixes 3 bugs, including a false negative one. - Fixed: `block-no-empty` reported range when using comments ([#​9294](https://redirect.github.com/stylelint/stylelint/pull/9294)) ([@​romainmenke](https://redirect.github.com/romainmenke)). - Fixed: `declaration-property-value-no-unknown` false negatives for custom properties defined in reference files ([#​9292](https://redirect.github.com/stylelint/stylelint/pull/9292)) ([@​romainmenke](https://redirect.github.com/romainmenke)). - Fixed: `value-keyword-layout-mappings` false positives for `caption-side` ([#​9293](https://redirect.github.com/stylelint/stylelint/pull/9293)) ([@​romainmenke](https://redirect.github.com/romainmenke)).
--- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). --- package.json | 4 ++-- pnpm-lock.yaml | 48 ++++++++++++++++++++++++------------------------ 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/package.json b/package.json index a841a203248..878820ea6dc 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "type": "module", - "packageManager": "pnpm@11.1.3", + "packageManager": "pnpm@11.2.1", "engines": { "node": ">= 22.18.0", "pnpm": ">= 11.0.0" @@ -113,7 +113,7 @@ "nolyfill": "1.0.44", "postcss-html": "1.8.1", "spectral-cli-bundle": "1.0.8", - "stylelint": "17.11.1", + "stylelint": "17.12.0", "stylelint-config-recommended": "18.0.0", "stylelint-declaration-block-no-ignored-properties": "3.0.0", "stylelint-declaration-strict-value": "1.11.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 137378e886a..606251ade63 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -243,7 +243,7 @@ importers: version: 5.10.0(eslint@10.4.0(jiti@2.7.0)) '@stylistic/stylelint-plugin': specifier: 5.1.0 - version: 5.1.0(stylelint@17.11.1(typescript@6.0.3)) + version: 5.1.0(stylelint@17.12.0(typescript@6.0.3)) '@types/codemirror': specifier: 5.60.17 version: 5.60.17 @@ -344,20 +344,20 @@ importers: specifier: 1.0.8 version: 1.0.8 stylelint: - specifier: 17.11.1 - version: 17.11.1(typescript@6.0.3) + specifier: 17.12.0 + version: 17.12.0(typescript@6.0.3) stylelint-config-recommended: specifier: 18.0.0 - version: 18.0.0(stylelint@17.11.1(typescript@6.0.3)) + version: 18.0.0(stylelint@17.12.0(typescript@6.0.3)) stylelint-declaration-block-no-ignored-properties: specifier: 3.0.0 - version: 3.0.0(stylelint@17.11.1(typescript@6.0.3)) + version: 3.0.0(stylelint@17.12.0(typescript@6.0.3)) stylelint-declaration-strict-value: specifier: 1.11.1 - version: 1.11.1(stylelint@17.11.1(typescript@6.0.3)) + version: 1.11.1(stylelint@17.12.0(typescript@6.0.3)) stylelint-value-no-unknown-custom-properties: specifier: 6.1.1 - version: 6.1.1(stylelint@17.11.1(typescript@6.0.3)) + version: 6.1.1(stylelint@17.12.0(typescript@6.0.3)) svgo: specifier: 4.0.1 version: 4.0.1 @@ -2753,8 +2753,8 @@ packages: fflate@0.8.2: resolution: {integrity: sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==} - file-entry-cache@11.1.2: - resolution: {integrity: sha512-N2WFfK12gmrK1c1GXOqiAJ1tc5YE+R53zvQ+t5P8S5XhnmKYVB5eZEiLNZKDSmoG8wqqbF9EXYBBW/nef19log==} + file-entry-cache@11.1.3: + resolution: {integrity: sha512-oMbq0PD6VIiIwMF6LIa7MEwd/l9huKwmqRKXqmrkqIZv8CvRbfowL+L0ryAl8h//HfAS0zS+4SbYoRyAoA6BJA==} file-entry-cache@8.0.0: resolution: {integrity: sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==} @@ -3928,8 +3928,8 @@ packages: peerDependencies: stylelint: '>=16' - stylelint@17.11.1: - resolution: {integrity: sha512-+smN/HqVTggUx3iuAzOi9fPh8SrH+cJWlZrYVldXoJ06orWBhZ4Ue/QEp64oei6pVrAh4w3tG+Y12Vw7MbCFRQ==} + stylelint@17.12.0: + resolution: {integrity: sha512-KIlzWXMHUvgfPUR0R7TK3H80yCIi0uoivUwf+6Az4yrHJD1Q3c1qIkh/H5Z0i/K3QXgtq/UMEkWyBUSUwnpnOg==} engines: {node: '>=20.19.0'} hasBin: true @@ -5353,7 +5353,7 @@ snapshots: estraverse: 5.3.0 picomatch: 4.0.4 - '@stylistic/stylelint-plugin@5.1.0(stylelint@17.11.1(typescript@6.0.3))': + '@stylistic/stylelint-plugin@5.1.0(stylelint@17.12.0(typescript@6.0.3))': dependencies: '@csstools/css-parser-algorithms': 4.0.0(@csstools/css-tokenizer@4.0.0) '@csstools/css-tokenizer': 4.0.0 @@ -5362,7 +5362,7 @@ snapshots: postcss-selector-parser: 7.1.1 postcss-value-parser: 4.2.0 style-search: 0.1.0 - stylelint: 17.11.1(typescript@6.0.3) + stylelint: 17.12.0(typescript@6.0.3) '@swc/helpers@0.5.21': dependencies: @@ -7002,7 +7002,7 @@ snapshots: fflate@0.8.2: {} - file-entry-cache@11.1.2: + file-entry-cache@11.1.3: dependencies: flat-cache: 6.1.22 @@ -8205,25 +8205,25 @@ snapshots: style-search@0.1.0: {} - stylelint-config-recommended@18.0.0(stylelint@17.11.1(typescript@6.0.3)): + stylelint-config-recommended@18.0.0(stylelint@17.12.0(typescript@6.0.3)): dependencies: - stylelint: 17.11.1(typescript@6.0.3) + stylelint: 17.12.0(typescript@6.0.3) - stylelint-declaration-block-no-ignored-properties@3.0.0(stylelint@17.11.1(typescript@6.0.3)): + stylelint-declaration-block-no-ignored-properties@3.0.0(stylelint@17.12.0(typescript@6.0.3)): dependencies: - stylelint: 17.11.1(typescript@6.0.3) + stylelint: 17.12.0(typescript@6.0.3) - stylelint-declaration-strict-value@1.11.1(stylelint@17.11.1(typescript@6.0.3)): + stylelint-declaration-strict-value@1.11.1(stylelint@17.12.0(typescript@6.0.3)): dependencies: - stylelint: 17.11.1(typescript@6.0.3) + stylelint: 17.12.0(typescript@6.0.3) - stylelint-value-no-unknown-custom-properties@6.1.1(stylelint@17.11.1(typescript@6.0.3)): + stylelint-value-no-unknown-custom-properties@6.1.1(stylelint@17.12.0(typescript@6.0.3)): dependencies: postcss-value-parser: 4.2.0 resolve: 1.22.12 - stylelint: 17.11.1(typescript@6.0.3) + stylelint: 17.12.0(typescript@6.0.3) - stylelint@17.11.1(typescript@6.0.3): + stylelint@17.12.0(typescript@6.0.3): dependencies: '@csstools/css-calc': 3.2.0(@csstools/css-parser-algorithms@4.0.0(@csstools/css-tokenizer@4.0.0))(@csstools/css-tokenizer@4.0.0) '@csstools/css-parser-algorithms': 4.0.0(@csstools/css-tokenizer@4.0.0) @@ -8239,7 +8239,7 @@ snapshots: debug: 4.4.3 fast-glob: 3.3.3 fastest-levenshtein: 1.0.16 - file-entry-cache: 11.1.2 + file-entry-cache: 11.1.3 global-modules: 2.0.0 globby: 16.2.0 globjoin: 0.1.4