v11.5.2
📦 pnpmView on GitHub →
🐛 4 fixes🔧 4 symbols
Summary
This patch release improves lockfile regeneration stability by reusing peer contexts and enhances security by verifying tarball URLs against registry metadata. It also fixes several critical bugs related to concurrent installs, global virtual store builds, and version cataloging.
Migration Steps
- If you rely on dependency build scripts running when `enableGlobalVirtualStore` is true, ensure your setup is compatible with the new projection directory resolution logic.
🐛 Bug Fixes
- Fixed an issue where `pnpm update --recursive --lockfile-only <pkg>@<version>` crashed with `Invalid Version` when the package catalog entry was a version range and `catalogMode` was `strict` or `prefer`.
- Avoided a Node.js crash when pnpm exits after network requests on Windows.
- Fixed packages being materialized into the virtual store without root-level files when multiple `pnpm install` processes ran concurrently against the same store/workspace.
- Fixed dependency build scripts not running under the global virtual store (`enableGlobalVirtualStore`) by resolving the projection directory correctly and serializing concurrent builds.