chore(deps): pin dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
@biomejs/biome (source)	devDependencies	pin	^1.5.3 -> 1.5.3
@mh4gf/configs (source)	devDependencies	pin	^0.3.0 -> 0.3.0
@types/node (source)	devDependencies	pin	^20.10.1 -> 20.10.1
@vercel/ncc	devDependencies	pin	^0.38.1 -> 0.38.1
js-yaml	devDependencies	pin	^4.1.0 -> 4.1.0
pnpm (source)	packageManager	minor	8.12.0 -> 8.15.4
typescript (source)	devDependencies	pin	^5.3.3 -> 5.3.3
vitest (source)	devDependencies	pin	^0.32.0 -> 0.32.0

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.

---

Release Notes

pnpm/pnpm (pnpm)

v8.15.4

Compare Source

v8.15.3

Compare Source

Patch Changes

• Remove vulnerable "ip" package from the dependencies #​7652.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.15.2

Compare Source

Patch Changes

• When purging multiple node_modules directories, pnpm will no longer print multiple prompts simultaneously.
• Don't print an unnecessary warning when adding new dependencies to a project that uses hoisted node_modules.
• Linking globally the command of a package that has no name in package.json #​4761.
• Installation should work with lockfile created by pnpm v9.0.0-alpha.4

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.15.1

Compare Source

Patch Changes

• Use the object-hash library instead of node-object-hash for hashing keys of side-effects cache #​7591.
• bundledDependencies should never be added to the lockfile with false as the value #​7576.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.15.0

Compare Source

Minor Changes

• When the license field does not exist in package.json but a license file exists, try to match and extract the license name #​7530.

Patch Changes

• Running pnpm update -r --latest will no longer downgrade prerelease dependencies #​7436.
• --aggregate-output should work on scripts executed from the same project #​7556.
• Prefer hard links over reflinks on Windows as they perform better #​7564.
• Reduce the length of the side-effects cache key. Instead of saving a stringified object composed from the dependency versions of the package, use the hash calculated from the said object #​7563.
• Throw an error if pnpm update --latest runs with arguments containing versions specs. For instance, pnpm update --latest foo@next is not allowed #​7567.
• Don't fail in Windows CoW if the file already exists #​7554.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.14.3

Compare Source

Patch Changes

• pnpm pack should work as expected when "prepack" modifies the manifest #​7558.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.14.2

Compare Source

Patch Changes

• Registry configuration from previous installation should not override current settings #​7507.
• pnpm dlx should not fail, when executed from package.json "scripts" 7424.
• A git-hosted dependency should not be added to the store if it failed to be built #​7407.
• pnpm publish should pack "main" file or "bin" files defined in "publishConfig" #​4195.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.14.1

Compare Source

Patch Changes

• Resolve the current working directory to its real location before doing any operations #​6524.
• Allow using token helpers in pnpm publish #​7316.
• Handle Git repository names containing capital letters #​7488.
• When hoisted-workspace-packages is true don't hoist the root package even if it has a name. Otherwise we would create a circular symlink.

Our Gold Sponsors

Our Silver Sponsors

v8.14.0

Compare Source

Minor Changes

• A new option added for hoisting packages from the workspace. When hoist-workspace-packages is set to true, packages from the workspace are symlinked to either <workspace_root>/node_modules/.pnpm/node_modules or to <workspace_root>/node_modules depending on other hoisting settings (hoist-pattern and public-hoist-pattern) #​7451.
• The pnpm dedupe command now accepts more command line options that the pnpm install command also accepts. Example: pnpm dedupe --store-dir=local-store-dir

Patch Changes

• The package information output by cat-index should be sorted by key.
• pnpm deploy should not touch the target directory if it already exists and isn't empty #​7351.
• pnpm add a-module-already-in-dev-deps will show a message to notice the user that the package was not moved to "dependencies" #​926 and fix #​7319.
• Don't install Node.js when use-node-version is set in a WebContainer #​7478.
• Fix copy-on-write on Windows Dev Drives #​7468.

Our Gold Sponsors

Configuration 📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired. If you want to rebase/retry this PR, check this box This PR has been generated by Mend Renovate. View repository job log here.