chore(deps-dev): bump pnpm from 8.6.7 to 8.9.0

[dependabot]

Bumps pnpm from 8.6.7 to 8.9.0.

Release notes

Sourced from pnpm's releases.

v8.9.0

Minor Changes

• 🚀Performance improvement: Use reflinks instead of hard links by default on macOS and Windows Dev Drives #5001.

• The list of packages that are allowed to run installation scripts now may be provided in a separate configuration file. The path to the file should be specified via the pnpm.onlyBuiltDependenciesFile field in package.json. For instance:

  {
    "dependencies": {
      "@my-org/policy": "1.0.0"
    }
    "pnpm": {
      "onlyBuiltDependenciesFile": "node_modules/@my-org/policy/allow-build.json"
    }
  }

  In the example above, the list is loaded from a dependency. The JSON file with the list should contain an array of package names. For instance:

  ["esbuild", "@reflink/reflink"]

  With the above list, only esbuild and @reflink/reflink will be allowed to run scripts during installation.

  Related issue: #7137.

• Add disallow-workspace-cycles option to error instead of warn about cyclic dependencies

• Allow env rm to remove multiple node versions at once, and introduce env add for installing node versions without setting as default #7155.

Patch Changes

• Fix memory error in pnpm why when the dependencies tree is too big, the command will now prune the tree to just 10 end leafs and now supports --depth argument #7122.
• Use neverBuiltDependencies and onlyBuiltDependencies from the root package.json of the workspace, when shared-workspace-lockfile is set to false #7141.
• Optimize peers resolution to avoid out-of-memory exceptions in some rare cases, when there are too many circular dependencies and peer dependencies #7149.
• Instead of pnpm.overrides replacing resolutions, the two are now merged. This is intended to make it easier to migrate from Yarn by allowing one to keep using resolutions for Yarn, but adding additional changes just for pnpm using pnpm.overrides.

Our Gold Sponsors

... (truncated)

Commits

• 3462513 chore(release): 8.9.0
• e467c7d chore(release): 8.9.0-1
• 6337dcd fix: cloning a package that has a file duplicate in the index (#7179)
• 049720a fix: bump @reflink/reflink version (0.1.8) (#7178)
• 201695f chore(release): 8.9.0-0
• b1dd0ee feat: merge manifest resolutions and pnpm.overrides (#7174)
• 3ad2ec6 chore(release): libs
• cb9af50 fix(pd): ensure pd builds the pnpm worker (#7173)
• d774a31 feat: onlyBuiltDependenciesFile (#7167)
• ca1c849 fix: bump reflink version (0.1.7) (#7171)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)