Skip to content

Comments

chore: update pnpm settings#51

Merged
witoszekdev merged 1 commit intomainfrom
update-pnpm-settings
Jan 23, 2026
Merged

chore: update pnpm settings#51
witoszekdev merged 1 commit intomainfrom
update-pnpm-settings

Conversation

@witoszekdev
Copy link
Member

Summary

  • Update pnpm to version 10.28.1
  • Add pnpm-workspace.yaml security settings:
    • blockExoticSubdeps: true
    • minimumReleaseAge: 1440 (24h)
    • trustPolicy: no-downgrade

@vercel
Copy link

vercel bot commented Jan 21, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
saleor-payment-apps-testclient Ready Ready Preview Jan 23, 2026 0:53am

Request Review

Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR attempts to update the pnpm package manager from version 9.12.3 to 10.28.1 and introduces security-related configuration settings in the pnpm-workspace.yaml file to enhance supply chain security through exotic subdependency blocking, minimum package release age requirements, and trust policy enforcement.

Changes:

  • Update pnpm version in package.json from 9.12.3 to 10.28.1
  • Add security settings to pnpm-workspace.yaml including blockExoticSubdeps, minimumReleaseAge (24h), and trustPolicy (no-downgrade)

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Updates the packageManager field to specify pnpm version 10.28.1
pnpm-workspace.yaml Adds three security configuration settings without defining workspace packages

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +1 to +3
blockExoticSubdeps: true
minimumReleaseAge: 1440 # 24h
trustPolicy: no-downgrade
Copy link

Copilot AI Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pnpm-workspace.yaml file is missing the required 'packages' field that defines which directories are part of the workspace. If this is intended to be a single-package repository with no workspace packages, the typical configuration would be 'packages: ["."]' or you may not need a pnpm-workspace.yaml file at all. If workspace functionality is needed, please add a packages field. Otherwise, consider whether this file is necessary.

Copilot uses AI. Check for mistakes.
@witoszekdev witoszekdev merged commit 41dafcc into main Jan 23, 2026
12 checks passed
@witoszekdev witoszekdev deleted the update-pnpm-settings branch January 23, 2026 12:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants