chore(deps): update support-deps

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending	Age	Confidence
actions/checkout	action	patch	v6.0.2 → v6.0.3
aqua:defenseunicorns/uds-cli		minor	0.31.0 → 0.32.0
aqua:k3d-io/k3d		minor	5.8.3 → 5.9.0
defenseunicorns/uds-common		patch	v1.24.11 → v1.24.12
defenseunicorns/uds-common	action	patch	v1.24.11 → v1.24.12
ghcr.io/stefanprodan/podinfo		minor	6.12.0 → 6.13.0
ghcr.io/uds-packages/gitea		minor	1.25.4-uds.2-upstream → 1.26.2-uds.0-upstream
ghcr.io/uds-packages/neuvector		patch	5.5.1-uds.2-upstream → 5.5.1-uds.3-upstream
hk		minor	1.45.0 → 1.46.0
https://github.com/stefanprodan/podinfo.git		minor	6.12.0 → 6.13.0
jdx/mise		patch	2026.5.15 → 2026.5.18	v2026.6.0
pnpm (source)	packageManager	minor	11.3.0 → 11.5.1	11.5.2
pnpm (source)		minor	11.3.0 → 11.5.1	11.5.2
uv		patch	0.11.16 → 0.11.18	0.11.19

---

Release Notes

actions/checkout (actions/checkout)

v6.0.3

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

defenseunicorns/uds-cli (aqua:defenseunicorns/uds-cli)

v0.32.0

Compare Source

What's Changed

• chore: add SECURITY.md with vulnerability reporting policy by @​daveworth in #​1390
• feat: add keyless signature verification for Zarf packages by @​emoskito in #​1393
• chore(deps): update test-dependencies to v6.12.0 by @​renovate[bot] in #​1389
• chore(deps): update github-actions and golangci-lint by @​emoskito in #​1396

New Contributors

• @​daveworth made their first contribution in #​1390

Full Changelog: defenseunicorns/uds-cli@v0.31.0...v0.32.0

k3d-io/k3d (aqua:k3d-io/k3d)

v5.9.0

Compare Source

What's Changed

• Fix docker registry auth example by @​kravciak in #​1557
• docs: show latest available k3s version by @​AdrienHorgnies in #​1567
• docs: add AdrienHorgnies as a contributor for doc by @​allcontributors[bot] in #​1568
• Use version sort for k3d version list output by @​kravciak in #​1554
• chore: make function comments match function names by @​tiaoxizhan in #​1562
• fix: files option for config on windows by @​sofushn in #​1582
• Update the hardcoded k3s version from 1.21 to 1.32 by @​lfrancke in #​1589
• chore(renovate): Add custom manager for k3s version tracking by @​kobayashiyabako16g in #​1590
• Skip DNS fix on Colima by @​jtyr in #​1595
• Build process change by @​yakom in #​1606
• feat(1406): introducing the option to match registry ports; by @​yakom in #​1607
• feat(#​1570): introducing the --port-delete flag; by @​yakom in #​1609
• Fix Go Module badge by @​kravciak in #​1616
• bug(#​1617) : a change in the implementation of feat(1406); by @​yakom in #​1618
• fix(registry): prevent --registry-use from triggering registry creation by @​iwilltry42 in #​1646
• fix(entrypoint): skip drain/uncordon on agent nodes by @​dpritchett in #​1648
• docs: update k3d-demo repo url by @​isayme in #​1655
• docs: fix md list issues by @​isayme in #​1657
• feat: cluster restart cmd, fix #​984 by @​isayme in #​1660
• chore(deps): refresh deps + base images for v5.9.0 by @​iwilltry42 in #​1670
• chore(deps): update dependency pymdown-extensions to v10.21.3 [security] by @​renovate[bot] in #​1635

New Contributors

• @​AdrienHorgnies made their first contribution in #​1567
• @​tiaoxizhan made their first contribution in #​1562
• @​sofushn made their first contribution in #​1582
• @​lfrancke made their first contribution in #​1589
• @​kobayashiyabako16g made their first contribution in #​1590
• @​dpritchett made their first contribution in #​1648
• @​isayme made their first contribution in #​1655

Full Changelog: k3d-io/k3d@v5.8.3...v5.9.0

defenseunicorns/uds-common (defenseunicorns/uds-common)

v1.24.12

Compare Source

Miscellaneous

• deps: update uds common foundation dependencies to v1.5.0 (#​684) (69baa44)
• deps: update uds common support dependencies (#​678) (fc11b2c)
• remove verify badge (#​683) (5d26c78)
• swap from oras setup task to shell (#​680) (df4991b)

stefanprodan/podinfo (ghcr.io/stefanprodan/podinfo)

v6.13.0

Compare Source

What's Changed

• Add support for configurable URL path prefix in podinfo application by @​dex4er in #​491
• feat(http): add fault injection mode for circuit breaker testing by @​dkulchinsky in #​492
• build(deps): bump the actions group across 1 directory with 7 updates by @​dependabot[bot] in #​493
• Release 6.13.0 by @​stefanprodan in #​494

New Contributors

• @​dex4er made their first contribution in #​491
• @​dkulchinsky made their first contribution in #​492

Full Changelog: stefanprodan/podinfo@6.12.0...6.13.0

jdx/hk (hk)

v1.46.0

Compare Source

🚀 Features

• (builtins) add oxfmt config to hk builtin config by @​hituzi-no-sippo in #​914
• (builtins) add vite-plus builtin configs to hk by @​hituzi-no-sippo in #​913
• (install) skip local install when hk is configured globally by @​jdx in #​934
• (run) add staged-only hook scope by @​jdx in #​950
• update oxlint hook by @​hituzi-no-sippo in #​911

🐛 Bug Fixes

• (check) parse check_diff output for fix suggestions by @​jdx in #​949
• (install) use absolute commands for global hooks by @​jdx in #​939
• (pre-push) correct inverted ref filter and handle new-branch pushes by @​jdx in #​932
• (run) expose post-checkout hook variables by @​jdx in #​951
• (stash) preserve fail_on_fix output with git stash by @​jdx in #​909
• (stash) preserve staged deletions across pop_stash by @​jdx in #​927
• (stash) preserve fixer tail-line deletions in three-way merge by @​jdx in #​931

🛡️ Security

• (ci) add zizmor workflow for github actions security analysis by @​jdx in #​925

🔍 Other Changes

• (ci) remove autofix.ci workflow by @​jdx in #​923
• (ci) assert mise run render produces no diff by @​jdx in #​924
• (ci) close failing or conflicted PRs sooner by @​jdx in #​936
• remove pull_request_target workflow by @​jdx in #​921
• remove caching from publishing workflows by @​jdx in #​922

📦️ Dependency Updates

• update anthropics/claude-code-action digest to 939ae9c by @​renovate[bot] in #​912
• update anthropics/claude-code-action digest to 034cbdb by @​renovate[bot] in #​916
• update actions-rust-lang/setup-rust-toolchain digest to 46268bd by @​renovate[bot] in #​915
• update anthropics/claude-code-action digest to ad67978 by @​renovate[bot] in #​917
• lock file maintenance by @​renovate[bot] in #​918
• lock file maintenance by @​renovate[bot] in #​938
• update anthropics/claude-code-action action to v1.0.123 by @​renovate[bot] in #​945
• update zizmorcore/zizmor-action action to v0.5.4 by @​renovate[bot] in #​946
• lock file maintenance by @​renovate[bot] in #​947

jdx/mise (jdx/mise)

v2026.5.18: : Hook script arrays and lock-identity fixes

Compare Source

A focused release that teaches hooks to accept script arrays, ships an npm install -g mise package, and tightens lock identity across several backends so mise.lock entries can no longer be reused for option combinations that resolve to a different artifact set.

Added

• (config) Hooks now accept script/scripts arrays for current-shell hooks (#​9836 by @​risu729):

  [hooks.enter]
  shell = "bash"
  script = [
    "source completions.sh",
    "export PROJECT_READY=1",
  ]

  Note that run is still string-only — to spawn multiple inline commands, use a list of { run = "..." } entries or one multiline run string.

Fixed

• (env) PATH entries under mise's installs directory are now treated as mise-managed during hook-env reactivation, so an inactive install path like installs/node/24/bin inherited from a parent shell can no longer sit ahead of the active project's installs/node/22.17.1/bin (#​10162 by @​risu729).
• (config) .miserc.toml discovery now stops at raw MISE_CEILING_PATHS entries (without recursing through the lazy fallback), preventing a parent .miserc.toml above the ceiling from injecting MISE_ENV (#​10165 by @​risu729).
• (task) mise tasks ls --json, tasks info --json, and the MCP tasks resource now serialize full run entries — including single task refs and task groups — instead of script-only strings (#​10163 by @​risu729).
• (task) Bump usage-lib to 3.4.0 and update the zsh completion to read display<TAB>insert pairs from usage complete-word, restoring task completions after the usage-cli 3.4.0 output change (#​10181 by @​jdx).
• (installer) Add the missing warn helper used by the standalone installer's checksum fallback paths (#​10157 by @​risu729, recreating @​olfway's original fix).

Lock identity

A batch of fixes ensures mise lock selects entries by an identity that actually reflects the installed result, so toggling an option no longer silently reuses a stale lock entry:

• (conda) Include the conda channel — the same tool@version resolved against conda-forge, bioconda, or a private channel can produce entirely different builds and checksums (#​9984 by @​risu729).
• (rust) Include rustup profile, components, and targets, read from both tool options and rust-toolchain.toml, with stable sorting (#​9988 by @​risu729).
• (github) Include target artifact selectors (api_url, version_prefix, per-platform asset_pattern, direct url, no_app) for GitHub, GitLab, and Forgejo backends, resolved per target platform (#​9985 by @​risu729).
• (python) Include non-default patch_sysconfig = false (the interpreter tree differs after install); virtualenv stays out as an activation-only overlay (#​10161 by @​risu729).

Changed

• (npm) mise is now published to npm under the unscoped mise package, so npm install -g mise and npx mise work directly. The legacy @jdxcode/mise scoped package continues to be published, and the new wrapper reuses the existing @jdxcode/mise-<os>-<arch> platform tarballs (#​10183 by @​jdx).

Full Changelog: jdx/mise@v2026.5.17...v2026.5.18

💚 Sponsor mise

mise is built by @​jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

v2026.5.17: : Custom aqua registry cache and Windows fixes

Compare Source

A catch-up release for the tag that shipped the compiled custom aqua registry cache, several Windows task/shim fixes, and a handful of backend install improvements. This release is backfilled without binary assets; use v2026.5.18 or newer for downloadable artifacts.

Added

• (aqua) Add a compiled custom registry cache to speed up aqua registry lookups and reduce repeated parsing work (#​9583 by @​jdx).

Fixed

• (upgrade) Handle a lone v prefix in --bump latest queries (#​10130 by @​jdx).
• (env) Force the Unix environment key to uppercase PATH, avoiding mixed-case path handling surprises (#​9927 by @​jdx).
• (http) Limit fallback retries against the shared versions host (#​10142 by @​jdx).
• (bun) Use Bun's native windows-arm64 build for Bun 1.3.10 and newer (#​10150 by @​M1noa).
• (task) Honor explicit and quoted shell paths on Windows (#​10148 by @​M1noa).
• (task) Convert PATH to /cygdrive form for Cygwin bash tasks on Windows (#​10147 by @​M1noa).
• (ui) Honor color settings in interactive prompt themes (#​10151 by @​M1noa).
• (pipx) Upgrade the shared pip environment when using version constraints (#​10138 by @​jdx).
• (shim) Refresh stale Windows shims after a mise version update (#​10152 by @​M1noa).
• (completion) Keep global -C/--cd usable in task argument completion (#​10153 by @​M1noa).
• (github) Handle x86 release assets as x64 fallbacks where upstreams publish mismatched naming (#​10103 by @​jdx).
• (github) Strip OpenGrep platform suffixes before asset matching (#​10166 by @​jdx).
• (github) Penalize certificate assets as metadata so they are not selected as install archives (#​10158 by @​jdx).

Changed

• Registry: add herdr via github:ogulcancelik/herdr (#​10154 by @​ogulcan).
• Registry: add databricks-cli via aqua:databricks/cli (#​10072 by @​nstrug).
• (spm) Parse SwiftPM tool options locally (#​9959 by @​jdx).

Documentation

• Split glossary aliases into Tool Aliases and Shell Aliases (#​9983 by @​BenjaminChr).
• Update the webpage tooling copy to use current tools (#​10170 by @​jdx).

Full Changelog: jdx/mise@v2026.5.16...v2026.5.17

💚 Sponsor mise

mise is built by @​jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

v2026.5.16: : versions-host metadata, fork-bomb fixes, and friendlier upgrades

Compare Source

Added

• (github) Use the shared mise-versions host for release metadata and artifact attestations before falling back to api.github.com, dramatically cutting anonymous GitHub API usage in CI/Docker (#​10127 by @​jdx).
• (node) New node.npm_shim setting (MISE_NODE_NPM_SHIM) to opt out of the bundled npm wrapper, letting corepack manage bin/npm cleanly (#​10082 by @​jjb).
• (npm) New allow_builds tool option for npm-backend installs that expands to --allow-build=<pkg> for aube and pnpm, accepting a string, array, or true for all builds (#​10116 by @​jdx).

Fixed

• (backend) Strip the system shims dir from dependency_env PATH to prevent npm/go shim re-entry fork-bombs in devcontainer/Docker setups using mise install --system (#​10019 by @​andrewjamesbrown).
• (backend) Improve libc detection on musl distros so installing gcompat on Alpine no longer flips mise to glibc binaries (#​10020 by @​thespags).
• (aqua) Skip in-place link creation when src and dst alias the same inode (fixes godot install on macOS/APFS) (#​10012 by @​tvararu).
• (aqua) Lock github_content packages using raw GitHub content URLs instead of archive URLs (#​10102 by @​risu729).
• (toolset) hook-env and other prefer-offline flows no longer fetch remote versions to resolve concrete/latest/prefix:* specs, speeding up shells with many fuzzy tools (#​10098 by @​jdx).
• (upgrade) Preserve installed versions still pinned by other tracked project lockfiles during upgrade cleanup (#​10114 by @​jdx).
• (upgrade) Improve current version detection so prefix requests like go = "1.25" show the best matching installed version in summaries (#​9973 by @​jdx).
• (lock) Allow mise lock and mise upgrade to refresh mise.lock even when locked = true is set (#​10111 by @​jdx).
• (install) Reject install requests whose resolved backend is in disable_backends, including explicit syntax like ubi:owner/repo (#​9905 by @​risu729).
• (use) Reject tool version strings that start with - (e.g. mise use dummy@--version) (#​10113 by @​jdx).
• (en) Preserve MISE_ENV / -E profile when an activated subshell sources mise activate (#​10124 by @​jdx).
• (unset) Respect MISE_GLOBAL_CONFIG_FILE when running mise unset from $HOME, matching mise set/use (#​10105 by @​jdx).
• (task) Set config_root on tasks loaded from global config so {{config_root}} renders correctly (#​10106 by @​jdx).
• (task) Render templates and expand ~/ in sandbox allow_read / allow_write paths (#​10112 by @​jdx).
• (shim) Skip dot-prefixed (hidden) executables when generating shims (#​10123 by @​jdx).
• (pipx) Combine --pip-args=VALUE into a single argv element so pipx's argparse accepts values starting with -- (#​10120 by @​iloveitaly).
• (security) Apply url_replacements to the GitHub attestations API base URL (#​9971 by @​SlaterByte).
• Show the mise version in friendly error output (#​10109 by @​jdx).
• (copr) Increase build timeout (#​10071 by @​jdx).

Performance

• Cache repeated successful path canonicalization across hot PATH/shim/activation lookups (#​10068 by @​jdx).

Changed

• Registry: use the npm backend for npm on Windows (aqua's standalone npm/cli tarball is broken on Windows) (#​10101 by @​risu729).
• Registry: allow narrow dependency builds for npm-primary tools (wrangler, gemini-cli, vercel, codebuff, jules, orval, serverless), and drop npm fallbacks for ast-grep, lefthook, claude, code (#​9916 by @​risu729).
• Registry: add modem-dev/hunk (#​10051 by @​naoki-mizuno), wacli (#​10043 by @​dovocoder), liquibase via the github backend (#​10052 by @​benberryallwood), longbridge-terminal (#​10073 by @​hogan-yuan), and make aube more resilient (#​10092 by @​bgeron, #​10110).

Documentation

• Fix Scoop installation section (#​10059 by @​ofek).
• Clarify untrusted config behavior (#​10097 by @​jdx).
• Remove outdated terraform main.tf reference (#​10099 by @​risu729).
• Remove broken "How I Use mise" link (#​10081 by @​HYP3R00T).

💚 Sponsor mise

mise is built by @​jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

pnpm/pnpm (pnpm)

v11.5.1

Compare Source

Patch Changes

• Improve pnpm audit performance by pruning non-vulnerable lockfile subtrees and stopping path enumeration once vulnerable findings reach the path cap.
• Avoid crashing when the workspace state cache is partially written or malformed.
• Set npm_config_user_agent for root lifecycle scripts during headless installs.
• Preserve the integrity field of a remote (non-registry) tarball dependency when its lockfile entry is rebuilt. Re-resolving such a dependency without re-fetching it (for example via pnpm update, or when another dependency changes) produced a resolution with no integrity — URL/tarball resolvers only learn the integrity after the tarball is downloaded — so the previously recorded integrity was dropped, making later installs fail with ERR_PNPM_MISSING_TARBALL_INTEGRITY #​12067.
• Normalize a string repository field into the { type, url } object form when creating the publish manifest, matching npm's behavior. Some registries (e.g. Gitea/Codeberg) reject a string repository with a 500 Internal Server Error during pnpm publish #​12099.
• Preserve compatible optional peer versions already present in the lockfile when resolving dependencies.
• Fixed inconsistent resolution of a peer dependency that is shared through a diamond. When a package peer-depends on both another package and one of that package's own peer dependencies (for example @typescript-eslint/eslint-plugin peer-depends on both @typescript-eslint/parser and typescript, and @typescript-eslint/parser peer-depends on typescript), pnpm no longer reuses a hoisted instance of the shared peer that was resolved against a different version #​12079.

v11.5.0

Compare Source

Minor Changes

• Added a new hoistingLimits setting for nodeLinker: hoisted installs, mirroring yarn's nmHoistingLimits. It accepts none (the default — hoist as far as possible), workspaces (hoist only as far as each workspace package), or dependencies (hoist only up to each workspace package's direct dependencies). Originally proposed in #​6468, closing #​6457.

• Replaced enquirer with @inquirer/prompts for all interactive prompts. Fixes the update -i scrolling overflow bug where long choice lists were clipped in the terminal #​6643.

  User-facing changes:

  • pnpm update -i / pnpm update -i --latest: Scrolling now works correctly when many packages are available; the new library uses visual-line-aware pagination via usePagination
  • pnpm audit --fix -i: Same scrolling fix for vulnerability selection
  • pnpm approve-builds: Interactive build approval prompts updated
  • pnpm patch: Version selection and "apply to all" prompts updated
  • pnpm patch-remove: Patch removal selection updated
  • pnpm publish: Branch confirmation prompt updated
  • pnpm login: Credential prompts updated
  • pnpm run / pnpm exec (with verifyDepsBeforeRun=prompt): Confirmation prompt updated

  Vim-style j/k keys still work for up/down navigation in all interactive prompts.

  Internal: The OtpEnquirer and LoginEnquirer DI interfaces changed from { prompt } to { input } / { input, password } respectively. Plugins or custom builds that inject their own enquirer mock will need to update.

• Staged publishes are now recognized in the trust scale. When a package version's registry metadata carries an approver field, it is treated as the strongest trust evidence (ranked above trusted publishers and provenance attestations), since staged publishes require 2FA publish approvals. This prevents false-positive trust downgrade errors when moving from a staged publish to a lower trust level #​11887.

Patch Changes

• Fix pnpm hanging during peer resolution when an aliased install pulls in transitive packages with mutual peer cycles at different depths in the dependency tree (for example, pnpm i nuxt@npm:nuxt-nightly@5x). Cycles whose members hit the findHit cache instead of running their own calculateDepPath are now short-circuited by sibling resolutions at the level where the cycle is detected, so the cached path promises no longer deadlock. #​11999.

• Fix pnpm dist-tag add and pnpm dist-tag rm against npmjs.org failing without --otp with [ERR_PNPM_UNAUTHORIZED] You must be logged in to set dist-tag … "You must provide a one-time pass. Upgrade your client to npm@latest in order to use 2FA.". pnpm now sends npm-auth-type: web on dist-tag writes and surfaces the resulting OTP challenge through the existing browser-based 2FA flow (the same withOtpHandling helper used by pnpm publish), so the browser opens, the user authenticates, and the dist-tag is set on retry. --otp=<code> continues to work via the classic flow.

• Fix minimumReleaseAgeExclude handling in npm resolution fast paths so excluded packages do not get pinned to stale versions. Excludes are honored consistently during publishedBy metadata selection and cache-mtime shortcuts.

• Fix the integrity field being dropped from the lockfile entry of a remote (non-registry) https-tarball dependency when an unrelated package is installed afterwards. URL/tarball resolvers do not return an integrity (it is only known after the tarball is downloaded), so when such a dependency was reused from the lockfile without being re-fetched, its integrity was lost. It is now carried over from the existing resolution. With pnpm's lockfile-integrity hardening, the missing integrity made subsequent --frozen-lockfile installs fail with ERR_PNPM_MISSING_TARBALL_INTEGRITY. #​12001.

• Skip dependency re-resolution when pnpm-lock.yaml is missing but node_modules/.pnpm/lock.yaml exists and still satisfies the manifest. pnpm install now reuses the materialized snapshot to regenerate pnpm-lock.yaml instead of walking the registry to rebuild it from scratch, turning the cache+node_modules variation into a near-no-op for users who deleted the lockfile but kept the install #​11993.

  --frozen-lockfile still refuses to proceed when pnpm-lock.yaml is absent — the regenerated lockfile must be committed, so failing loudly is the correct behavior for CI.

v11.4.0

Compare Source

Minor Changes

• Treat tarball-integrity mismatches against the lockfile as a hard failure by default. Previously, pnpm install (non-frozen) would log ERR_PNPM_TARBALL_INTEGRITY, silently re-resolve from the registry, and overwrite the locked integrity — which meant a compromised registry, proxy, or republished version could substitute attacker-controlled content on a clean machine even though the project shipped a committed lockfile.

  pnpm install now exits with ERR_PNPM_TARBALL_INTEGRITY and a hint pointing at the new opt-in flag.

  The only opt-in is pnpm install --update-checksums — narrowly scoped to refreshing the locked integrity values from what the registry currently serves. Mirrors yarn's flag of the same name. A warning still prints when the bypass takes effect so the operation is auditable.

  --force and pnpm update deliberately do not bypass the integrity check. They are routine refresh operations; silently overwriting a locked integrity in those flows would erase the protection a committed lockfile is supposed to provide. --frozen-lockfile behavior is unchanged. --fix-lockfile keeps its documented purpose (filling in missing lockfile entries) and is also not a bypass.

• pnpm runtime set <name> <version> now saves the runtime to devEngines.runtime by default instead of engines.runtime. Pass --save-prod (or -P) to save it to engines.runtime instead #​11948.

Patch Changes

• Fix a credential disclosure issue where an unscoped _authToken (or _auth, or username + _password, or tokenHelper) defined in one source — ~/.npmrc, ~/.config/pnpm/auth.ini, a workspace .npmrc, CLI flags, etc. — would be sent as an Authorization header to whichever registry a different (potentially untrusted) source named. The same fix extends to client TLS credentials (cert, key) so they aren't presented to a registry their author didn't choose.

  pnpm now rewrites each unscoped per-registry setting (_authToken, _auth, username, _password, tokenHelper, cert, key) to its URL-scoped form at load time, using the registry= value declared in the same source (or the npmjs default registry if the source declares none). A later layer overriding registry= therefore cannot pull an unscoped credential along, because it is already pinned to the URL its author intended. ca/cafile are intentionally not rescoped — they're trust anchors, not credentials, and corporate MITM-proxy setups rely on them applying globally.

  Every rescope emits a deprecation warning telling the user where the setting was pinned and how to write it directly. npm has rejected unscoped credentials outright since npm@9, and pnpm intends to remove support in a future major release. To target a specific registry, write the setting URL-scoped (e.g. //registry.example.com/:_authToken=... or //registry.example.com/:cert=...).

  @pnpm/network.auth-header: removed the defaultRegistry parameter from createGetAuthHeaderByURI and getAuthHeadersFromCreds. Now that credentials are URL-scoped at load time, the merged configByUri never contains the empty-string "default registry" placeholder slot, so re-keying it onto the merged default registry is no longer needed.

• Fix pnpm deploy crashing with ENOENT: ... lstat '<deployDir>/node_modules' when configDependencies declares pacquet (pacquet or @pnpm/pacquet). The deploy directory never installs config dependencies, so the install engine they designate isn't on disk to invoke; the nested install now skips them.

• Reject git resolutions whose commit field is not a 40-character hexadecimal SHA before invoking git. A malicious lockfile could otherwise smuggle a value such as --upload-pack=<command> through git fetch / git checkout, which on SSH or local-file transports executes the supplied command.

• Limit concurrent project manifest reads while listing large workspaces to avoid EMFILE errors.

• Reject patch files whose diff --git headers reference paths outside the patched package directory. Previously a malicious .patch file added via a pull request could write, delete, or rename arbitrary files reachable by the user running pnpm install.

• Improve the log message that pnpm prints after auto-adding entries to minimumReleaseAgeExclude when minimumReleaseAge is set without minimumReleaseAgeStrict. The message previously referred to the internal "loose mode" terminology, which wasn't searchable in the docs; it now tells the user to set minimumReleaseAgeStrict to true if they want these updates gated behind a prompt instead #​11747.

• Reject dependency aliases that contain path-traversal segments (such as @x/../../../../../.git/hooks) when reading them from a package manifest or symlinking them into node_modules. A malicious registry package could otherwise use a transitive dependency key to make pnpm install create symlinks at attacker-chosen paths outside the intended node_modules directory.

• Reject pnpm-lock.yaml entries whose remote tarball resolution: block is missing the integrity field. Previously the worker that extracts a downloaded tarball skipped hash verification when no integrity was supplied and minted a fresh one from the unverified bytes, so an attacker who could both alter the lockfile (e.g. via a pull request that strips integrity:) and serve modified content at the referenced tarball URL could install a tampered package without any error — including under --frozen-lockfile. pnpm now fails closed at lockfile-read time with ERR_PNPM_MISSING_TARBALL_INTEGRITY. Git-hosted tarballs (gitHosted: true or a URL on codeload.github.com / bitbucket.org / gitlab.com) and file: tarballs are exempt — the commit SHA in a git-host URL and the user-controlled local path already anchor the bytes.

• Validate devEngines.runtime and engines.runtime version ranges for node, deno, and bun when onFail is set to error or warn. Previously these settings only had an effect with onFail: 'download' — the error and warn modes silently did nothing #​11818. Violations now throw ERR_PNPM_BAD_RUNTIME_VERSION.

• Require provenance before treating trusted publisher metadata as the strongest trust evidence.

astral-sh/uv (uv)

v0.11.18

Compare Source

Released on 2026-06-01.

Performance

• Fix performance regression in unzip of local wheels (#​19637)

Preview

• Add uv check to run ty from uv (#​19605)

Bug fixes

• Update activation scripts with upstream fixes (#​19628)

Other changes

• Bump MSRV to 1.94 (#​19600)

v0.11.17

Compare Source

Released on 2026-05-28.

Enhancements

• Add a diagnostic for uv add with standard library modules (#​19572)
• Expose uv workspace and its list subcommand in help output (#​19533)
• Improve the "403 forbidden" hint to suggest ignore-error-codes when applicable (#​19521)
• Skip direct URL lock freshness checks while offline (#​19596)
• Add import-names and import-namespaces support to uv-build (PEP 794) (#​19380)
• Add a --no-editable-package flag to various commands (#​19584)
• Infer Python version requests from source trees in uv tool invocations (#​19577)

Preview features

• Add module owners to uv workspace metadata (#​19122)
• Do not allow uv venv --clear to remove non-virtual environments (#​19595)

Bug fixes

• Improve the performance of large entries in tool.uv.conflicts (#​19538)
• Avoid modifying the parent process' env with --env-file in uv run (#​19567)
• Fix script environment creation for scripts with long filenames (#​19539)
• Fix transitive Git archive dependencies in lockfiles (#​19589)
• Preserve Git repository URLs in direct URL metadata (#​19590)
• Support redirects in --check-url (#​19594)
• Accept case-insensitive HTML tags in --find-links parsing (#​19537)
• Reject duplicate script metadata blocks (#​19544)
• Ban names like "python3" as script entry points (#​19535, #​19536)
• Validate Git LFS artifacts for Git archives (#​19592)
• Use a relative path when creating symlinks in cache to improve relocatability (#​19033)

Documentation

• Fix malformed positional anchors in the CLI reference (#​19575)

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.