deps: update turbo to 2.8.11

chore: replace .npmrc with pnpm-workspace.yaml
Merge pull request 'deps: update turbo to 2.8.10' (#19 ) from dependencies/update-turbo into main
2026-03-07 07:01:33 -08:00 · 2026-03-02 16:27:41 -08:00 · 2026-03-01 07:01:36 -08:00 · 2026-02-28 07:01:38 -08:00 · 2026-02-27 07:01:37 -08:00 · 2026-02-26 07:01:49 -08:00
4 changed files with 91 additions and 7102 deletions
@@ -1,25 +0,0 @@
-# Package Manager Configuration
-# Force pnpm usage - breaks npm/yarn intentionally
-node-linker=pnpm
-
-# Security: Disable all lifecycle scripts
-ignore-scripts=true
-enable-pre-post-scripts=false
-
-# Security: Require packages to be 10+ days old before installation
-minimum-release-age=14400
-
-# Security: Verify package integrity hashes
-verify-store-integrity=true
-
-# Security: Enforce strict trust policies
-trust-policy=strict
-
-# Security: Strict peer dependency resolution
-strict-peer-dependencies=true
-
-# Performance: Use symlinks for node_modules
-symlink=true
-
-# Lockfile: Ensure lockfile is not modified during install
-frozen-lockfile=false
@@ -18,7 +18,7 @@
    "@nhcarrigan/eslint-config": "5.2.0",
    "eslint": "9.26.0",
    "prisma": "6.7.0",
-    "turbo": "2.5.3"
+    "turbo": "2.8.11"
  },
  "dependencies": {
    "@prisma/client": "6.7.0"
@@ -1,4 +1,21 @@
-packages:
-  - "client"
-  - "server"
-  - "packages/types"
+# Security
+
+# Do not execute any scripts of installed packages (project scripts still run)
+ignoreDepScripts: true
+# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
+enablePrePostScripts: false
+# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
+minimumReleaseAge: 14400
+# Fail if a package's trust level has decreased compared to previous releases
+trustPolicy: no-downgrade
+# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
+trustPolicyIgnoreAfter: 525960
+# Fail if there are missing or invalid peer dependencies
+strictPeerDependencies: true
+# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
+blockExoticSubdeps: true
+
+# Lockfile
+
+# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
+preferFrozenLockfile: false
Author	SHA1	Message	Date
minori	6d9495bee0	deps: update turbo to 2.8.11 Node.js CI / CI (pull_request) Failing after 23s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m33s Details	2026-03-07 07:01:33 -08:00
hikari	0610327be8	chore: replace .npmrc with pnpm-workspace.yaml Node.js CI / CI (push) Failing after 21s Details Security Scan and Upload / Security & DefectDojo Upload (push) Failing after 11m44s Details	2026-03-02 16:27:41 -08:00
minori	2e8d0a7343	Merge pull request 'deps: update turbo to 2.8.10' (#19 ) from dependencies/update-turbo into main Node.js CI / CI (push) Successful in 53s Details Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m53s Details	2026-03-01 07:01:36 -08:00
minori	33a0c40060	deps: update turbo to 2.8.10 Node.js CI / CI (pull_request) Successful in 50s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m31s Details	2026-02-28 07:01:38 -08:00
minori	1119468f27	Merge pull request 'deps: update turbo to 2.8.9' (#18 ) from dependencies/update-turbo into main Node.js CI / CI (push) Successful in 49s Details Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m45s Details	2026-02-27 07:01:37 -08:00
minori	c6799960c0	deps: update turbo to 2.8.9 Node.js CI / CI (pull_request) Successful in 49s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m38s Details	2026-02-26 07:01:49 -08:00
minori	a141d27cb5	Merge pull request 'deps: update turbo to 2.8.8' (#17 ) from dependencies/update-turbo into main Node.js CI / CI (push) Successful in 47s Details Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m29s Details	2026-02-25 07:01:44 -08:00
minori	836cb6e6a8	deps: update turbo to 2.8.8 Node.js CI / CI (pull_request) Successful in 49s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m17s Details	2026-02-24 07:02:07 -08:00
minori	f18e569b16	Merge pull request 'deps: update turbo to 2.7.6' (#16 ) from dependencies/update-turbo into main Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m26s Details Node.js CI / CI (push) Successful in 1m49s Details	2026-02-23 20:45:04 -08:00
minori	9c1ff8feb6	deps: update turbo to 2.8.3 Node.js CI / CI (pull_request) Successful in 54s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m28s Details	2026-02-14 07:03:35 -08:00
minori	afd8f969fc	deps: update turbo to 2.8.2 Node.js CI / CI (pull_request) Successful in 44s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m35s Details	2026-02-13 07:04:50 -08:00
minori	22a03aba0a	deps: update turbo to 2.8.1 Node.js CI / CI (pull_request) Successful in 51s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m19s Details	2026-02-10 07:03:17 -08:00
minori	57b7f3fab6	deps: update turbo to 2.8.0 Node.js CI / CI (pull_request) Successful in 1m10s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 2m45s Details	2026-02-08 07:10:05 -08:00
minori	1beeccfab4	deps: update turbo to 2.7.6 Node.js CI / CI (pull_request) Successful in 48s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m26s Details	2026-02-04 08:27:13 -08:00