Add caveat about pnpm v9 lockfile incompatibility

[ryanlink]

Overview

Updating docs to disclaim pnpm v9 incompatibility.

Acceptance criteria

Docs updated

Testing plan

n/a

Risks

n/a

Metrics

n/a

References

https://fossa.atlassian.net/browse/ANE-2177

Checklist

• I added tests for this PR's change (or explained in the PR description why tests don't make sense).
• If this PR introduced a user-visible change, I added documentation into docs/.
• If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
• If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an ## Unreleased section at the top.
• If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
• If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

[csasarak]

This is unnecessary. I would prefer customers actually ask us to do this in order to help prioritize it rather than letting them think "Well, it says it's coming soon - I'll say nothing." which stifles that signal.

My comments about the spec weren't meant to say that we need more details. It was only to point out why the spec may be a bit sparse: the format of pnpm-lock.yaml likely isn't meant for consumption by anything but pnmp. In general, we want the CLI to focus on supporting what's out in the wild rather than just the spec anyhow.

[ryanlink]

Makes sense, I can remove that. I'll explicitly call out that they should email us if this is affecting them :)

I thought the spec was actually more sparse than the previous spec (v6), that's why I put it that way. I could be wrong!

[csasarak]

Yeah, I wasn't quite sure how to read their specs. Like maybe they each only describe differences between the spec and the previous spec? In any case, the dev deps thing is what I really want to prioritize fixing - if we can explain the additional with catalog as a version then it's unfortunate but still usable. Obviously I'd like to fix both things though.

[ryanlink]

Could somebody help me figure out why the integration test is failing? https://github.com/fossas/fossa-cli/actions/runs/12756509884

[csasarak]

@ryanlink That should be fixed once this PR merges to master and then you merge master into this branch.