chore(deps): update pnpm to v10.10.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	10.7.1+sha512.2d92c86b7928dc8284f53494fb4201f983da65f0fb4f0d40baafa5cf628fa31dae3e5968f12466f17df7e97310e30f343a648baea1b9b350685dafafffdf5808 -> 10.10.0

---

Release Notes

pnpm/pnpm (pnpm)

v10.10.0

Compare Source

Minor Changes

• Allow loading the preResolution, importPackage, and fetchers hooks from local pnpmfile.

Patch Changes

• Fix cd command, when shellEmulator is true #​7838.
• Sort keys in pnpm-workspace.yaml #​9453.
• Pass the npm_package_json environment variable to the executed scripts #​9452.
• Fixed a mistake in the description of the --reporter=silent option.

v10.9.0

Compare Source

Minor Changes

• Added support for installing JSR packages. You can now install JSR packages using the following syntax:

  pnpm add jsr:<pkg_name>
  

  or with a version range:

  pnpm add jsr:<pkg_name>@&#8203;<range>
  

  For example, running:

  pnpm add jsr:@​foo/bar
  

  will add the following entry to your package.json:

  {
    "dependencies": {
      "@​foo/bar": "jsr:^0.1.2"
    }
  }

  When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions:

  {
    "dependencies": {
      "@​foo/bar": "npm:@​jsr/foo__bar@^0.1.2"
    }
  }

  Related issue: #​8941.

  Note: The @jsr scope defaults to https://npm.jsr.io/ if the @jsr:registry setting is not defined.

• Added a new setting, dangerouslyAllowAllBuilds, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to pnpm-workspace.yaml:

  neverBuiltDependencies: []

  dangerouslyAllowAllBuilds has the same effect but also allows to be set globally via:

  pnpm config set dangerouslyAllowAllBuilds true
  

  It can also be set when running a command:

  pnpm install --dangerously-allow-all-builds
  

Patch Changes

• Fix a false negative in verifyDepsBeforeRun when nodeLinker is hoisted and there is a workspace package without dependencies and node_modules directory #​9424.
• Explicitly drop verifyDepsBeforeRun support for nodeLinker: pnp. Combining verifyDepsBeforeRun and nodeLinker: pnp will now print a warning.

v10.8.1

Compare Source

Patch Changes

• Removed bright white highlighting, which didn't look good on some light themes #​9389.
• If there is no pnpm related configuration in package.json, onlyBuiltDependencies will be written to pnpm-workspace.yaml file #​9404.

v10.8.0

Compare Source

Minor Changes

• Experimental. A new hook is supported for updating configuration settings. The hook can be provided via .pnpmfile.cjs. For example:

  module.exports = {
    hooks: {
      updateConfig: (config) => ({
        ...config,
        nodeLinker: "hoisted",
      }),
    },
  };

• Now you can use the pnpm add command with the --config flag to install new configurational dependencies #​9377.

Patch Changes

• Do not hang indefinitely, when there is a glob that starts with !/ in pnpm-workspace.yaml. This fixes a regression introduced by #​9169.
• pnpm audit --fix should update the overrides in pnpm-workspace.yaml.
• pnpm link should update overrides in pnpm-workspace.yaml, not in package.json #​9365.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: dfc2adf

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (10.10.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.