Skip to content

chore(deps): update all non-major dependencies#248

Merged
renovate[bot] merged 1 commit into
masterfrom
renovate/all-minor-patch
Jun 3, 2026
Merged

chore(deps): update all non-major dependencies#248
renovate[bot] merged 1 commit into
masterfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Jun 3, 2026

This PR contains the following updates:

Package Type Update Change Age Confidence
actions/checkout action patch v6.0.2v6.0.3 age confidence
pnpm (source) packageManager patch 11.5.011.5.1 age confidence
pnpm (source) uses-with patch 11.5.011.5.1 age confidence

Release Notes

actions/checkout (actions/checkout)

v6.0.3

Compare Source

pnpm/pnpm (pnpm)

v11.5.1

Compare Source

Patch Changes
  • Improve pnpm audit performance by pruning non-vulnerable lockfile subtrees and stopping path enumeration once vulnerable findings reach the path cap.
  • Avoid crashing when the workspace state cache is partially written or malformed.
  • Set npm_config_user_agent for root lifecycle scripts during headless installs.
  • Preserve the integrity field of a remote (non-registry) tarball dependency when its lockfile entry is rebuilt. Re-resolving such a dependency without re-fetching it (for example via pnpm update, or when another dependency changes) produced a resolution with no integrity — URL/tarball resolvers only learn the integrity after the tarball is downloaded — so the previously recorded integrity was dropped, making later installs fail with ERR_PNPM_MISSING_TARBALL_INTEGRITY #​12067.
  • Normalize a string repository field into the { type, url } object form when creating the publish manifest, matching npm's behavior. Some registries (e.g. Gitea/Codeberg) reject a string repository with a 500 Internal Server Error during pnpm publish #​12099.
  • Preserve compatible optional peer versions already present in the lockfile when resolving dependencies.
  • Fixed inconsistent resolution of a peer dependency that is shared through a diamond. When a package peer-depends on both another package and one of that package's own peer dependencies (for example @typescript-eslint/eslint-plugin peer-depends on both @typescript-eslint/parser and typescript, and @typescript-eslint/parser peer-depends on typescript), pnpm no longer reuses a hoisted instance of the shared peer that was resolved against a different version #​12079.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the maintenance clear the gutters, tighten the screws label Jun 3, 2026
@renovate renovate Bot merged commit d26794c into master Jun 3, 2026
1 check passed
@renovate renovate Bot deleted the renovate/all-minor-patch branch June 3, 2026 21:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

maintenance clear the gutters, tighten the screws

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants