openSUSE Leap 16.0: pnpm Moderate Update for Vulnerabilities 2025-20115-1
opensuse
November 28, 2025
An update that solves 2 vulnerabilities can now be installed.
Description
This update for pnpm fixes the following issues:
Changes in pnpm:
- update to 10.22.0:
* Minor Changes
- Added support for trustPolicyExclude #10164.
You can now list one or more specific packages or versions
that pnpm should allow to install, even if those packages
don't satisfy the trust policy requirement. For example:
trustPolicy: no-downgrade
trustPolicyExclude:
- chokidar@4.0.3
- webpack@4.47.0 || 5.102.1
- Allow to override the engines field on publish by the
publishConfig.engines field.
* Patch Changes
- Don't crash when two processes of pnpm are hardlinking the
contents of a directory to the same destination
simultaneously #10179.
- update to 10.21.0:
* Minor Changes
- Node.js Runtime Installation for Dependencies. Added support
for automatic Node.js runtime installation for dependencies.
pnpm will now install the Node.js version required by a
dependency if...
Read the Full Advisory
Topics Covered
Patch
Package List
- openSUSE Leap 16.0:
pnpm-10.22.0-bp160.1.1
pnpm-bash-completion-10.22.0-bp160.1.1
pnpm-fish-completion-10.22.0-bp160.1.1
pnpm-zsh-completion-10.22.0-bp160.1.1
References
* https://www.suse.com/security/cve/CVE-2021-1234.html
* https://www.suse.com/security/cve/CVE-2021-5678.html
PREVIOUS
NEXT
Announcement ID: openSUSE-SU-2025-20115-1
Rating: moderate
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!