v11.0.8
📦 pnpmView on GitHub →
🐛 2 fixes🔧 3 symbols
Summary
This patch restores critical tarball URL preservation logic to fix fetch errors on certain registries and resolves issues related to compressed tarball size validation during installation.
Migration Steps
- If encountering `ERR_PNPM_FETCH_404` with `pnpm install --frozen-lockfile` after upgrading, ensure your lockfile is up-to-date or consider setting `lockfileIncludeTarballUrl: true` in your `.npmrc` if the issue persists with non-standard registry tarball paths.
🐛 Bug Fixes
- Restored heuristic to preserve tarball URLs in `pnpm-lock.yaml` when they cannot be derived from name+version+registry, fixing `ERR_PNPM_FETCH_404` failures during `pnpm install --frozen-lockfile` for packages on registries like GitHub Packages and JSR when `lockfileIncludeTarballUrl` is false.
- Fixed `ERR_PNPM_BAD_TARBALL_SIZE` when a registry serves compressed tarballs (e.g., with `Content-Encoding: gzip`) by requesting tarballs with `Accept-Encoding: identity` and disabling strict `Content-Length` enforcement if `Content-Encoding` is present.