RobinTail / express-zod-api / 26898164695
100%

DEFAULT BRANCH: master
Ran
Jobs 6
Files 50
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 100.0%. Remained the same
26898164695

push

github

web-flow 
chore(deps): update pnpm to v11.4.0 (#3436)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [pnpm](https://pnpm.io)
([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) |
[`11.3.0+sha512.2c403d6596a67ffabff7956c9065741d215`
→ `11.4.0`](https://renovatebot.com/diffs/npm/pnpm/11.3.0/11.4.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/pnpm/11.4.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pnpm/11.3.0/11.4.0?slim=true)
|

---

### Release Notes

<details>
<summary>pnpm/pnpm (pnpm)</summary>

###
[`v11.4.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1140)

[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.3.0...v11.4.0)

##### Minor Changes

- Treat tarball-integrity mismatches against the lockfile as a hard
failure by default. Previously, `pnpm install` (non-frozen) would log
`ERR_PNPM_TARBALL_INTEGRITY`, silently re-resolve from the registry, and
overwrite the locked integrity — which meant a compromised registry,
proxy, or republished version could substitute attacker-controlled
content on a clean machine even though the project shipped a committed
lockfile.

`pnpm install` now exits with `ERR_PNPM_TARBALL_INTEGRITY` and a hint
pointing at the new opt-in flag.

The only opt-in is **`pnpm install --update-checksums`** — narrowly
scoped to refreshing the locked integrity values from what the registry
currently serves. Mirrors yarn's flag of the same name. A warning still
prints when the bypass takes effect so the operation is auditable.

`--force` and `pnpm update` deliberately do **not** bypass the integrity
check. They are routine refresh operations; silently overwriting a
locked integrity in those flows wou... (continued)

1024 of 1066 branches covered (96.06%)

1476 of 1476 relevant lines covered (100.0%)

433.03 hits per line

Jobs
ID Job ID Ran Files Coverage
1 run-26.0.0 - 26898164695.1 50
100.0
 GitHub Action Run
2 run-24.0.0 - 26898164695.2 50
100.0
 GitHub Action Run
3 run-26.x - 26898164695.3 50
100.0
 GitHub Action Run
4 run-24.x - 26898164695.4 50
100.0
 GitHub Action Run
5 run-22.x - 26898164695.5 50
100.0
 GitHub Action Run
6 run-22.19.0 - 26898164695.6 50
100.0
 GitHub Action Run
Source Files on build 26898164695