chore: update pnpm settings

[witoszekdev]

Summary

• Update pnpm to version 10.28.1
• Add pnpm-workspace.yaml security settings:
  • blockExoticSubdeps: true
  • minimumReleaseAge: 1440 (24h)
  • trustPolicy: no-downgrade
• Remove next-env.d.ts from git repo (as per Next.js docs recommendation: https://nextjs.org/docs/pages/api-reference/config/typescript#next-envdts) - this resolves issues with workflows checks

[Copilot]

Pull request overview

This PR updates the pnpm package manager to version 10.28.1 and adds security-focused configuration settings to the workspace to protect against malicious packages and supply chain attacks.

Changes:

• Updated pnpm version from 10.12.1 to 10.28.1 in package.json
• Added three security settings to pnpm-workspace.yaml: blocking exotic subdependencies, enforcing a 24-hour minimum release age for new packages, and preventing package downgrades

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Updates packageManager field to pnpm 10.28.1
pnpm-workspace.yaml	Adds security configuration options (blockExoticSubdeps, minimumReleaseAge, trustPolicy)

[github-actions]

Differences Found

✅ No packages or licenses were added.

Summary

Expand

License Name	Package Count	Packages
0BSD	1	Packages tslib
MPL-2.0	1	Packages axe-core
Public Domain	1	Packages jsonify
Python-2.0	1	Packages argparse
<<missing>>	2	Packages busboy streamsearch
CC0-1.0	2	Packages language-subtag-registry type-fest
CC-BY-4.0	3	Packages @saleor/macaw-ui caniuse-lite saleor-app-template
BSD-3-Clause	14	Packages @humanwhocodes/object-schema @saleor/app-sdk @saleor/eslint-plugin-saleor-app abab asn1js esquery ieee754 immutable saleor-app-template signedsource source-map source-map-js sprintf-js tough-cookie
LGPL-3.0-or-later	14	Packages @img/sharp-libvips-darwin-arm64 @img/sharp-libvips-darwin-x64 @img/sharp-libvips-linux-arm @img/sharp-libvips-linux-arm64 @img/sharp-libvips-linux-ppc64 @img/sharp-libvips-linux-riscv64 @img/sharp-libvips-linux-s390x @img/sharp-libvips-linux-x64 @img/sharp-libvips-linuxmusl-arm64 @img/sharp-libvips-linuxmusl-x64 @img/sharp-wasm32 @img/sharp-win32-arm64 @img/sharp-win32-ia32 @img/sharp-win32-x64
BSD-2-Clause	15	Packages @typescript-eslint/parser @typescript-eslint/typescript-estree css-what damerau-levenshtein dotenv entities escodegen eslint-scope espree esprima esrecurse estraverse esutils uri-js webidl-conversions
Apache-2.0	35	Packages @ampproject/remapping @humanwhocodes/config-array @humanwhocodes/module-importer @img/sharp-darwin-arm64 @img/sharp-darwin-x64 @img/sharp-linux-arm @img/sharp-linux-arm64 @img/sharp-linux-ppc64 @img/sharp-linux-riscv64 @img/sharp-linux-s390x @img/sharp-linux-x64 @img/sharp-linuxmusl-arm64 @img/sharp-linuxmusl-x64 @img/sharp-wasm32 @img/sharp-win32-arm64 @img/sharp-win32-ia32 @img/sharp-win32-x64 @opentelemetry/api @opentelemetry/semantic-conventions @swc/helpers And 15 more...
ISC	37	Packages ast-types-flow cli-width cliui electron-to-chromium eslint-import-resolver-typescript fastq flatted fs.realpath get-caller-file glob glob-parent graceful-fs inflight inherits isexe lru-cache minimatch mute-stream once picocolors And 17 more...
MIT	756	Packages @0no-co/graphql.web @aashutoshrathi/word-wrap @apidevtools/json-schema-ref-parser @ardatan/relay-compiler @ardatan/sync-fetch @babel/code-frame @babel/compat-data @babel/core @babel/generator @babel/helper-annotate-as-pure @babel/helper-compilation-targets @babel/helper-create-class-features-plugin @babel/helper-environment-visitor @babel/helper-function-name @babel/helper-hoist-variables @babel/helper-member-expression-to-functions @babel/helper-module-imports @babel/helper-module-transforms @babel/helper-optimise-call-expression @babel/helper-plugin-utils And 736 more...