chore: update pnpm settings

[witoszekdev]

Summary

• Update pnpm to version 10.28.1
• Add pnpm-workspace.yaml security settings:
  • blockExoticSubdeps: true
  • minimumReleaseAge: 1440 (24h)
  • trustPolicy: no-downgrade

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
saleor-payment-apps-testclient	Ready	Preview	Jan 23, 2026 0:53am

[Copilot]

Pull request overview

This PR attempts to update the pnpm package manager from version 9.12.3 to 10.28.1 and introduces security-related configuration settings in the pnpm-workspace.yaml file to enhance supply chain security through exotic subdependency blocking, minimum package release age requirements, and trust policy enforcement.

Changes:

• Update pnpm version in package.json from 9.12.3 to 10.28.1
• Add security settings to pnpm-workspace.yaml including blockExoticSubdeps, minimumReleaseAge (24h), and trustPolicy (no-downgrade)

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
package.json	Updates the packageManager field to specify pnpm version 10.28.1
pnpm-workspace.yaml	Adds three security configuration settings without defining workspace packages

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The pnpm-workspace.yaml file is missing the required 'packages' field that defines which directories are part of the workspace. If this is intended to be a single-package repository with no workspace packages, the typical configuration would be 'packages: ["."]' or you may not need a pnpm-workspace.yaml file at all. If workspace functionality is needed, please add a packages field. Otherwise, consider whether this file is necessary.