Skip to content

chore(deps): update pnpm to v10.21.0#609

Merged
bfra-me[bot] merged 1 commit intomainfrom
renovate/pnpm-10.x
Nov 13, 2025
Merged

chore(deps): update pnpm to v10.21.0#609
bfra-me[bot] merged 1 commit intomainfrom
renovate/pnpm-10.x

Conversation

@bfra-me
Copy link
Copy Markdown
Contributor

@bfra-me bfra-me Bot commented Nov 13, 2025

This PR contains the following updates:

Package Change Age Confidence OpenSSF Code Search
pnpm (source) 10.20.0 -> 10.21.0 age confidence OpenSSF Scorecard GitHub Code Search for "pnpm"

Release Notes

pnpm/pnpm (pnpm)

v10.21.0: pnpm 10.21

Compare Source

Minor Changes

  • Node.js Runtime Installation for Dependencies. Added support for automatic Node.js runtime installation for dependencies. pnpm will now install the Node.js version required by a dependency if that dependency declares a Node.js runtime in the "engines" field. For example:

    {
  "engines": {
    "runtime": {
      "name": "node",
      "version": "^24.11.0",
      "onFail": "download"
    }
  }
}

    If the package with the Node.js runtime dependency is a CLI app, pnpm will bind the CLI app to the required Node.js version. This ensures that, regardless of the globally installed Node.js instance, the CLI will use the compatible version of Node.js.

    If the package has a postinstall script, that script will be executed using the specified Node.js version.

    Related PR: #​10141

  • Added a new setting: trustPolicy.

    When set to no-downgrade, pnpm will fail installation if a package’s trust level has decreased compared to previous releases — for example, if it was previously published by a trusted publisher but now only has provenance or no trust evidence.
    This helps prevent installing potentially compromised versions of a package.

    Related issue: #​8889.

  • Added support for pnpm config get globalconfig to retrieve the global config file path #​9977.

Patch Changes

  • When a user runs pnpm update on a dependency that is not directly listed in package.json, none of the direct dependencies should be updated #​10155.
  • Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #​10160.
  • Setting gitBranchLockfile and related settings via pnpm-workspace.yaml should work #​9651.

Platinum Sponsors

Bit

Gold Sponsors

Discord CodeRabbit Workleap
Stackblitz Vite

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@bfra-me bfra-me Bot added automerge Pull request approved for automatic merging dependencies Changes to dependencies or package management javascript minor Minor version bump packageManager renovate Universal dependency update tool <https://mend.io/renovate> labels Nov 13, 2025
@bfra-me bfra-me Bot enabled auto-merge (squash) November 13, 2025 01:47
@bfra-me bfra-me Bot merged commit 49e388f into main Nov 13, 2025
5 checks passed
@bfra-me bfra-me Bot deleted the renovate/pnpm-10.x branch November 13, 2025 01:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automerge Pull request approved for automatic merging dependencies Changes to dependencies or package management javascript minor Minor version bump packageManager renovate Universal dependency update tool <https://mend.io/renovate>

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants