v11.0.1
📦 pnpmView on GitHub →
✨ 2 features🐛 4 fixes🔧 6 symbols
Summary
This patch release improves error handling for workspace manifests, updates SBOM generation for git dependencies, and refines how `pnpm self-update` manages version fields in package.json.
Migration Steps
- When running `pnpm self-update` and both `packageManager` and `devEngines.packageManager` are declared, note that `packageManager` will be rewritten to an exact version string (e.g., `pnpm@<version>`) without an integrity hash, and `devEngines.packageManager.version` will be set to the same exact version, dropping any range operator.
✨ New Features
- pnpm self-update now keeps package.json's packageManager and devEngines.packageManager in sync, rewriting both to the exact new pnpm version when the legacy packageManager field pins pnpm.
- SBOM output for git-sourced dependencies now populates the download location with the git URL and commit hash (e.g., git+https://github.com/user/repo.git#commit).
🐛 Bug Fixes
- Report unknown top-level options before falling back to implicit pnpm run scripts.
- Reject null named catalogs in workspace manifests with InvalidWorkspaceManifestError instead of crashing with a raw TypeError.
- Sort the keys of the overrides object returned by pnpm audit --fix to match the order written to pnpm-workspace.yaml.
- Update the env lockfile's packageManagerDependencies entry when devEngines.packageManager declares a pnpm version that the lockfile no longer satisfies, fixing stale integrity records.