v10.33.4
📦 pnpmView on GitHub →
✨ 1 features🐛 1 fixes🔧 1 symbols
Summary
This patch enhances security by pinning the integrity of git-hosted tarballs in the lockfile and fixes a bug where the workspace root was incorrectly included when using negative recursive filters.
Migration Steps
- To include the workspace root when using negative filters (e.g., `--filter '!<pkg>'`), pass the new flag `--include-workspace-root`.
✨ New Features
- Lockfile now records a `gitHosted: true` field for git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) to ensure integrity checks during subsequent installs.
🐛 Bug Fixes
- Fixed a regression where `pnpm --recursive --filter '!<pkg>' run/exec/test/add` incorrectly included the workspace root in matched projects when only negative filters were used.