Skip to content

build(deps-dev): Bump pnpm from 10.32.1 to 10.33.0#3318

Merged
KATO-Hiro merged 1 commit into
stagingfrom
dependabot/npm_and_yarn/pnpm-10.33.0
Mar 27, 2026
Merged

build(deps-dev): Bump pnpm from 10.32.1 to 10.33.0#3318
KATO-Hiro merged 1 commit into
stagingfrom
dependabot/npm_and_yarn/pnpm-10.33.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps pnpm from 10.32.1 to 10.33.0.

Release notes

Sourced from pnpm's releases.

pnpm 10.33

Minor Changes

  • Added a new dedupePeers setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (name@version) instead of full dep paths, eliminating nested suffixes like (foo@1.0.0(bar@2.0.0)). This dramatically reduces the number of package instances in projects with many recursive peer dependencies #11070.

Patch Changes

  • Fail on incompatible lockfiles in CI when frozen lockfile mode is enabled, while preserving non-frozen CI fallback behavior.

  • When package metadata is malformed or can't be fetched, the error thrown will now show the originating error.

  • Fixed intermittent failures when multiple pnpm dlx calls run concurrently for the same package. When the global virtual store is enabled, the importer now verifies file content before skipping a rename, avoiding destructive swap-renames that break concurrent processes. Also tolerates EPERM during bin creation on Windows and properly propagates enableGlobalVirtualStore through the install pipeline.

  • Fixed handling of non-string version selectors in hoistPeers, preventing invalid peer dependency specifiers.

  • Improve the non-interactive modules purge error hint to include the confirmModulesPurge=false workaround.

    When pnpm needs to recreate node_modules but no TTY is available, the error now suggests either setting CI=true or disabling the purge confirmation prompt via confirmModulesPurge=false.

    Adds a regression test for the non-TTY flow.

  • Fixed false "Command not found" errors on Windows when a command exists in PATH but exits with a non-zero code. Also fixed path resolution for --filter contexts where the command runs in a different package directory.

  • When a pnpm-lock.yaml contains two documents, ignore the first one. pnpm v11 will write two lockfile documents into pnpm-lock.yaml in order to store pnpm version integrities and config dependency resolutions.

  • Fixed a bug preventing the clearCache function returned by createNpmResolver from properly clearing metadata cache.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.33.0

Minor Changes

  • Added a new dedupePeers setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (name@version) instead of full dep paths, eliminating nested suffixes like (foo@1.0.0(bar@2.0.0)). This dramatically reduces the number of package instances in projects with many recursive peer dependencies #11070.

Patch Changes

  • Fail on incompatible lockfiles in CI when frozen lockfile mode is enabled, while preserving non-frozen CI fallback behavior.

  • When package metadata is malformed or can't be fetched, the error thrown will now show the originating error.

  • Fixed intermittent failures when multiple pnpm dlx calls run concurrently for the same package. When the global virtual store is enabled, the importer now verifies file content before skipping a rename, avoiding destructive swap-renames that break concurrent processes. Also tolerates EPERM during bin creation on Windows and properly propagates enableGlobalVirtualStore through the install pipeline.

  • Fixed handling of non-string version selectors in hoistPeers, preventing invalid peer dependency specifiers.

  • Improve the non-interactive modules purge error hint to include the confirmModulesPurge=false workaround.

    When pnpm needs to recreate node_modules but no TTY is available, the error now suggests either setting CI=true or disabling the purge confirmation prompt via confirmModulesPurge=false.

    Adds a regression test for the non-TTY flow.

  • Fixed false "Command not found" errors on Windows when a command exists in PATH but exits with a non-zero code. Also fixed path resolution for --filter contexts where the command runs in a different package directory.

  • When a pnpm-lock.yaml contains two documents, ignore the first one. pnpm v11 will write two lockfile documents into pnpm-lock.yaml in order to store pnpm version integrities and config dependency resolutions.

  • Fixed a bug preventing the clearCache function returned by createNpmResolver from properly clearing metadata cache.

Commits
  • be07631 chore(release): 10.33.0
  • cb17c44 fix(dlx): fix race conditions in parallel dlx calls sharing
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 25, 2026
@dependabot
build(deps-dev): Bump pnpm from 10.32.1 to 10.33.0
f1896f1 
Bumps [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) from 10.32.1 to 10.33.0.
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Changelog](https://github.com/pnpm/pnpm/blob/v10.33.0/pnpm/CHANGELOG.md)
- [Commits](https://github.com/pnpm/pnpm/commits/v10.33.0/pnpm)

---
updated-dependencies:
- dependency-name: pnpm
  dependency-version: 10.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/pnpm-10.33.0 branch from a046765 to f1896f1 Compare March 27, 2026 14:12
@KATO-Hiro KATO-Hiro merged commit a291b7b into staging Mar 27, 2026
3 checks passed
@KATO-Hiro KATO-Hiro deleted the dependabot/npm_and_yarn/pnpm-10.33.0 branch March 27, 2026 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KATO-Hiro