chore(deps): update pnpm to v7.17.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pnpm (source)	7.13.6 -> 7.17.0

---

Release Notes

pnpm/pnpm

v7.17.0

Compare Source

Minor Changes

• Added a new command pnpm licenses list, which displays the licenses of the packages #​2825

Patch Changes

• pnpm update --latest !foo should not update anything if the only dependency in the project is the ignored one #​5643.
• pnpm audit should send the versions of workspace projects for audit.
• Hoisting with symlinks should not override external symlinks and directories in the root of node_modules.
• The pnpm.updateConfig.ignoreDependencies setting should work with multiple dependencies in the array #​5639.

Our Gold Sponsors

Our Silver Sponsors

v7.16.1

Compare Source

Patch Changes

• Sync all injected dependencies when hoisted node linker is used #​5630

Our Gold Sponsors

Our Silver Sponsors

v7.16.0

Compare Source

Minor Changes

• Support pnpm env list to list global or remote Node.js versions #​5546.

Patch Changes

• Replace environment variable placeholders with their values, when reading .npmrc files in subdirectories inside a workspace #​2570.
• Fix an error that sometimes happen on projects with linked local dependencies #​5327.

Our Gold Sponsors

Our Silver Sponsors

v7.15.0

Compare Source

Minor Changes

• Support --format=json option to output outdated packages in JSON format with outdated command #​2705.

  pnpm outdated --format=json
  #or
  pnpm outdated --json

• A new setting supported for ignoring vulnerabilities by their CVEs. The ignored CVEs may be listed in the pnpm.auditConfig.ignoreCves field of package.json. For instance:

  {
    "pnpm": {
      "auditConfig": {
        "ignoreCves": [
          "CVE-2019-10742",
          "CVE-2020-28168",
          "CVE-2021-3749",
          "CVE-2020-7598"
        ]
      }
    }
  }

Patch Changes

• The reporter should not crash when the CLI process is kill during lifecycle scripts execution #​5588.
• Installation shouldn't fail when the injected dependency has broken symlinks. The broken symlinks should be just skipped #​5598.

Our Gold Sponsors

Our Silver Sponsors

v7.14.2

Compare Source

Patch Changes

• Don't fail if cannot override the name field of the error object #​5572.
• Don't fail on rename across devices.

Our Gold Sponsors

Our Silver Sponsors

v7.14.1

Compare Source

Patch Changes

• pnpm list --long --json should print licenses and authors of packages #​5533.
• Don't crash on lockfile with no packages field #​5553.
• Version overrider should have higher priority then custom read package hook from .pnpmfile.cjs.
• Don't print context information when running install for the pnpm dlx command.
• Print a warning if a package.json has a workspaces field but there is no pnpm-workspace.yaml file #​5363.
• It should be possible to set a custom home directory for pnpm by changing the PNPM_HOME environment variable.

Our Gold Sponsors

Our Silver Sponsors

v7.14.0

Compare Source

Minor Changes

• Add pnpm doctor command to do checks for known common issues

Patch Changes

• Ignore the always-auth setting.

  pnpm will never reuse the registry auth token for requesting the package tarball, if the package tarball is hosted on a different domain.

  So, for example, if your registry is at https://company.registry.com/ but the tarballs are hosted at https://tarballs.com/, then you will have to configure the auth token for both domains in your .npmrc:

  @​my-company:registry=https://company.registry.com/
  //company.registry.com/=SOME_AUTH_TOKEN
  //tarballs.com/=SOME_AUTH_TOKEN
  

Our Gold Sponsors

Our Silver Sponsors

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.