Bump pnpm from 7.7.0 to 7.29.0

[dependabot]

Bumps pnpm from 7.7.0 to 7.29.0.

Release notes

Sourced from pnpm's releases.

v7.29.0

Minor Changes

• A new setting is now supported: dedupe-peer-dependents.

  When this setting is set to true, packages with peer dependencies will be deduplicated after peers resolution.

  For instance, let's say we have a workspace with two projects and both of them have webpack in their dependencies. webpack has esbuild in its optional peer dependencies, and one of the projects has esbuild in its dependencies. In this case, pnpm will link two instances of webpack to the node_modules/.pnpm directory: one with esbuild and another one without it:

  node_modules
    .pnpm
      [email protected][email protected]
      [email protected]
  project1
    node_modules
      webpack -> ../../node_modules/.pnpm/[email protected]/node_modules/webpack
  project2
    node_modules
      webpack -> ../../node_modules/.pnpm/[email protected][email protected]/node_modules/webpack
      esbuild
  

  This makes sense because webpack is used in two projects, and one of the projects doesn't have esbuild, so the two projects cannot share the same instance of webpack. However, this is not what most developers expect, especially since in a hoisted node_modules, there would only be one instance of webpack. Therefore, you may now use the dedupe-peer-dependents setting to deduplicate webpack when it has no conflicting peer dependencies (explanation at the end). In this case, if we set dedupe-peer-dependents to true, both projects will use the same webpack instance, which is the one that has esbuild resolved:

  node_modules
    .pnpm
      [email protected][email protected]
  project1
    node_modules
      webpack -> ../../node_modules/.pnpm/[email protected][email protected]/node_modules/webpack
  project2
    node_modules
      webpack -> ../../node_modules/.pnpm/[email protected][email protected]/node_modules/webpack
      esbuild
  

  What are conflicting peer dependencies? By conflicting peer dependencies we mean a scenario like the following one:

  node_modules
    .pnpm
      [email protected][email protected][email protected]
      [email protected][email protected]
  project1
    node_modules
      webpack -> ../../node_modules/.pnpm/[email protected]/node_modules/webpack
      react (v17)
  project2
    node_modules
      webpack -> ../../node_modules/.pnpm/[email protected][email protected]/node_modules/webpack
      esbuild
      react (v16)
  

... (truncated)

Commits

• 42edfc5 chore(release): 7.29.0
• 9d906fc fix: incorrect error block when subproject has been patched (#6183) (#6184)
• 807158e chore: downgrade verdaccio
• 890b497 chore(release): 7.29.0-2
• 670bea8 fix: update on a subset of projects should work with dedupe-peer-dependents (...
• b11fa70 fix: dedupe-peer-dependents when running a command inside a workspace project...
• 019e4f2 fix: should not throw an error when local dependency use file protocol (#6157)
• 690bead fix: dedupe-peer-dependents on a subset of projects (#6173)
• b7ae11c docs: add explanation about conflicting peer dependencies
• d4c0ad0 chore(release): 7.29.0-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)