build(deps-dev): Bump syncpack from 14.3.1 to 15.0.0

[dependabot]

Bumps syncpack from 14.3.1 to 15.0.0.

Release notes

Sourced from syncpack's releases.

15.0.0

15.0.0 (2026-05-04)

This release adds full support for pnpm catalogs and bun catalogs. Your default catalog, named catalogs, and all of the entries within them are now first-class citizens in syncpack and can be grouped, targeted, updated, or even banned like any other dependency in your project.

A new Catalog Version Group lets you auto-migrate all or parts of your repo to use catalogs and ensures that the correct catalogs are always used in the future. syncpack update --dependency-types pnpmCatalog will update your default catalog with the latest versions from the npm registry, and Semver Groups can target your catalogs to ensure they always use exact version numbers (or ~, ^ etc).

There is also a new minimumReleaseAge config which defaults to your pnpm configuration, if neither are set then it will default to 1 day.

The customTypes docs have been rewritten and some catalogs examples have been added to the syncpack update docs.

Finally there is a new Migrate to 15 which repeats what is below, you should only be affected if you're on older versions of pnpm and using overrides.

With this huge overhaul to support all this catalogs functionality, there may be some new lint errors that appear, but I don't expect so as most of the behaviour is opt-in via you setting a "policy": "catalog" for parts of your monorepo.

Finally – syncpack is free and always will be, just please help us spread the word and spare a moment to share us on your socials.

⚠ BREAKING CHANGES

• pnpm: https://syncpack.dev/guide/migrate-v15/

pnpmOverrides now reads pnpm-workspace.yaml

The default pnpmOverrides dependency type now reads overrides from pnpm-workspace.yaml instead of pnpm.overrides in package.json. This matches pnpm's current convention for managing overrides.

Restoring the legacy behaviour

If your overrides still live in package.json under pnpm.overrides, define pnpmOverridesLegacy in your config to point at the legacy location:

{
  "customTypes": {
    "pnpmOverridesLegacy": {
      "strategy": "versionsByName",
      "path": "pnpm.overrides"
    }
  }
}

The default pnpmOverrides continues to manage the YAML location.

Features

• groups: add full pnpm/bun catalogs support (53d54e0), closes #258
• pnpm: read pnpmOverrides from pnpm-workspace.yaml (72ce5ef), closes #304
• update: add minimumReleaseAge and default to 1 day (a6648ab), closes #302

Bug Fixes

... (truncated)

Changelog

Sourced from syncpack's changelog.

15.0.0 (2026-05-04)

⚠ BREAKING CHANGES

• pnpm: https://syncpack.dev/guide/migrate-v15/

pnpmOverrides now reads pnpm-workspace.yaml

The default pnpmOverrides dependency type now reads overrides from pnpm-workspace.yaml instead of pnpm.overrides in package.json. This matches pnpm's current convention for managing overrides.

Restoring the legacy behaviour

If your overrides still live in package.json under pnpm.overrides, define pnpmOverridesLegacy in your config to point at the legacy location:

{
  "customTypes": {
    "pnpmOverridesLegacy": {
      "strategy": "versionsByName",
      "path": "pnpm.overrides"
    }
  }
}

The default pnpmOverrides continues to manage the YAML location.

Features

• groups: add full pnpm/bun catalogs support (53d54e0), closes #258
• pnpm: read pnpmOverrides from pnpm-workspace.yaml (72ce5ef), closes #304
• update: add minimumReleaseAge and default to 1 day (a6648ab), closes #302

Bug Fixes

• cargo: update dependencies (a375df4)
• cli: do not display --version and --help as errors (2abe490), closes #331
• cli: fix panic when using --config option (76f1553), closes #332
• config: prevent ERR_UNSUPPORTED_ESM_URL_SCHEME on Windows (127ae12), closes #327 #328
• core: widen detection of pnpm and bun projects (be883f5)
• npm: detect musl libc to resolve correct binary (89d5654), closes #329
• rust: update edition from 2021 to 2024 (efad1b5)

Commits

• 3ffa0e5 chore(release): 15.0.0
• bc6f813 chore(site): manually control frames on code blocks
• efad1b5 fix(rust): update edition from 2021 to 2024
• a375df4 fix(cargo): update dependencies
• a6648ab feat(update): add minimumReleaseAge and default to 1 day
• 89d5654 fix(npm): detect musl libc to resolve correct binary
• caa3e3d chore(fixtures): add some catalog scenarios
• 4726788 chore(core): add debug log of final config
• 76f1553 fix(cli): fix panic when using --config option
• 127ae12 fix(config): prevent ERR_UNSUPPORTED_ESM_URL_SCHEME on Windows
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)