[PR #686] [MERGED] chore(deps): update pnpm to v10.9.0 #8621

New Issue

GiteaMirror · 2026-04-23T08:18:59-05:00

GiteaMirror commented

2026-04-23 08:18:59 -05:00

📋 Pull Request Information

Original PR: https://github.com/go-vikunja/vikunja/pull/686
Author: @renovate[bot]
Created: 4/21/2025
Status: ✅ Merged
Merged: 4/21/2025
Merged by: @kolaente

Base: main ← Head: renovate/pnpm-10.x

📝 Commits (1)

d2eb6c5 chore(deps): update pnpm to v10.9.0

📊 Changes

2 files changed (+2 additions, -2 deletions)

View changed files

📝 desktop/package.json (+1 -1)
📝 frontend/package.json (+1 -1)

📄 Description

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	`10.8.1` -> `10.9.0`

Release Notes

pnpm/pnpm (pnpm)

`v10.9.0`

Compare Source

Minor Changes

Added support for installing JSR packages. You can now install JSR packages using the following syntax:
```
pnpm add jsr:<pkg_name>
```
or with a version range:
```
pnpm add jsr:<pkg_name>@&#8203;<range>
```
For example, running:
```
pnpm add jsr:@&#8203;foo/bar
```
will add the following entry to your package.json:
```
{
  "dependencies": {
    "@&#8203;foo/bar": "jsr:^0.1.2"
  }
}
```
When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions:
```
{
  "dependencies": {
    "@&#8203;foo/bar": "npm:@&#8203;jsr/foo__bar@^0.1.2"
  }
}
```
Related issue: #8941.

Note: The @jsr scope defaults to https://npm.jsr.io/ if the @jsr:registry setting is not defined.
Added a new setting, dangerouslyAllowAllBuilds, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to pnpm-workspace.yaml:
```
neverBuiltDependencies: []
```
dangerouslyAllowAllBuilds has the same effect but also allows to be set globally via:
```
pnpm config set dangerouslyAllowAllBuilds true
```
It can also be set when running a command:
```
pnpm install --dangerously-allow-all-builds
```

Patch Changes

Fix a false negative in verifyDepsBeforeRun when nodeLinker is hoisted and there is a workspace package without dependencies and node_modules directory #9424.
Explicitly drop verifyDepsBeforeRun support for nodeLinker: pnp. Combining verifyDepsBeforeRun and nodeLinker: pnp will now print a warning.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-vikunja/vikunja/pull/686 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 4/21/2025 **Status:** ✅ Merged **Merged:** 4/21/2025 **Merged by:** [@kolaente](https://github.com/kolaente) **Base:** `main` ← **Head:** `renovate/pnpm-10.x` --- ### 📝 Commits (1) - [`d2eb6c5`](https://github.com/go-vikunja/vikunja/commit/d2eb6c59180b44fece3940a55a83325e3c376e41) chore(deps): update pnpm to v10.9.0 ### 📊 Changes **2 files changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `desktop/package.json` (+1 -1) 📝 `frontend/package.json` (+1 -1) </details> ### 📄 Description This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [pnpm](https://pnpm.io) ([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) | [`10.8.1` -> `10.9.0`](https://renovatebot.com/diffs/npm/pnpm/10.8.1/10.9.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/pnpm/10.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/pnpm/10.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/pnpm/10.8.1/10.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pnpm/10.8.1/10.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>pnpm/pnpm (pnpm)</summary> ### [`v10.9.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1090) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v10.8.1...v10.9.0) ##### Minor Changes - **Added support for installing JSR packages.** You can now install JSR packages using the following syntax: pnpm add jsr:<pkg_name> or with a version range: pnpm add jsr:<pkg_name>@<range> For example, running: pnpm add jsr:@foo/bar will add the following entry to your `package.json`: ```json { "dependencies": { "@foo/bar": "jsr:^0.1.2" } } ``` When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions: ```json { "dependencies": { "@foo/bar": "npm:@jsr/foo__bar@^0.1.2" } } ``` Related issue: [#8941](https://redirect.github.com/pnpm/pnpm/issues/8941). Note: The `@jsr` scope defaults to <https://npm.jsr.io/> if the `@jsr:registry` setting is not defined. - Added a new setting, `dangerouslyAllowAllBuilds`, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to `pnpm-workspace.yaml`: ```yaml neverBuiltDependencies: [] ``` `dangerouslyAllowAllBuilds` has the same effect but also allows to be set globally via: pnpm config set dangerouslyAllowAllBuilds true It can also be set when running a command: pnpm install --dangerously-allow-all-builds ##### Patch Changes - Fix a false negative in `verifyDepsBeforeRun` when `nodeLinker` is `hoisted` and there is a workspace package without dependencies and `node_modules` directory [#9424](https://redirect.github.com/pnpm/pnpm/issues/9424). - Explicitly drop `verifyDepsBeforeRun` support for `nodeLinker: pnp`. Combining `verifyDepsBeforeRun` and `nodeLinker: pnp` will now print a warning. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/go-vikunja/vikunja).  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-23 08:18:59 -05:00

GiteaMirror closed this issue

2026-04-23 08:19:00 -05:00

Sign in to join this conversation.

Branches Tags

main

renovate/dev-dependencies

feat-v2-foundation

dependabot/npm_and_yarn/frontend/axios-1.15.2

spike-huma-openapi3

claude/investigate-swagger3-support-nyyUa

feat-list-view-buckets

ci-mysql-8-test

codex/analyze-codebase-for-email-task-feature

feat-project-templates

csv-import-feature

claude/email-reply-comments-wpdcQ

fix-oidc-pkce-support

fix/overview-subtasks-expand

feat/bucket-select-task-detail

feat-soft-delete-projects

claude/review-bot-design-plan-cf5C3

claude/project-scoped-api-tokens-KTqR3

claude/explore-openclaw-integration-KQEzg

claude/project-scoped-api-tokens-yv5KS

fix-duplicate-close-button

feat-list-view-sorting

feat/official-vite-sentry-plugin

feat/highlight-overdue-tasks

feat/add-enter-key-form-submission-handling

feat/TipTap-nits

feat/update-caldavtimetotimestamp-parsing

feat-phosphor-icons

wip-plans

claude/investigate-issue-2173-llKme

fix-description-text-drag

feat-custom-keyboard-shortcuts

pr-1845-ci

codex/fix-drag-and-drop-behavior-inconsistency

copilot/add-clickable-labels-for-filtering

copilot/fix-issue-1786

playwright-migration

fix-kanban-repeating-wip

copilot/fix-1498

feature/replace-axios

codex/upgrade-to-tailwind-4.1.8-using-pnpm

codex/add-cypress-test-for-avatar-types

feature/biome

feature/oxc

codex/update-flexsearch-to-0.8.205

4r6ni9-codex/fix-deprecated-sass-@import-usage

codex/fix-deprecated-sass-@import-usage

codex/add-cypress-test-for-task-list-refresh-fix

codex/fix-quick-add-magic-not-adding-tasks

codex/fix-all-type-errors

codex/fix-mimetype-for-docs.json

feature/caldav-from-scratch

feature/gh-actions-hetzner

fix-ci

feat/new-logger

jyte-better-dev-config

feat/add-team-member-with-enter

fix/button-and-icon-types

fix/notifications-component-name-collision

feature/null-time

renovate/tailwindcss-4.x

feature/unplugin-vue-router

fix/deprecated-import

feature/zod-schema

renovate/golangci-golangci-lint-1.x

fix/tiptap-editor-reactive-destructuring

release/0.24

feat/improve-add-task

fix/saved-filter-search

feat/webp-and-avif-attachment-previews

feature/migrate-back-to-bulma

fix/sass-add-missing-list-import

feature/sticky-demo-bar

fix/gantt-view-switch

feature/typesense-position-join

feature/focus-visible

dependencies/golangci-lint

feature/better-filter-syntax

fix/tiptap-task-list

renovate/github.com-golang-jwt-jwt-v4-5.x

feature/hide-forbidden-related-tasks

renovate/golang-1.x

release/0.20

release/0.17

release/0.16

release/0.15

release/0.14

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vikunja#8621