deps: update prisma to 7.3.0

.npmrc

@@ -0,0 +1,25 @@
+# Package Manager Configuration
+# Force pnpm usage - breaks npm/yarn intentionally
+node-linker=pnpm
+
+# Security: Disable all lifecycle scripts
+ignore-scripts=true
+enable-pre-post-scripts=false
+
+# Security: Require packages to be 10+ days old before installation
+minimum-release-age=14400
+
+# Security: Verify package integrity hashes
+verify-store-integrity=true
+
+# Security: Enforce strict trust policies
+trust-policy=strict
+
+# Security: Strict peer dependency resolution
+strict-peer-dependencies=true
+
+# Performance: Use symlinks for node_modules
+symlink=true
+
+# Lockfile: Ensure lockfile is not modified during install
+frozen-lockfile=false

package.json

@@ -17,8 +17,8 @@
   "devDependencies": {
     "@nhcarrigan/eslint-config": "5.2.0",
     "eslint": "9.26.0",
-    "prisma": "6.7.0",
-    "turbo": "2.8.11"
+    "prisma": "7.3.0",
+    "turbo": "2.5.3"
   },
   "dependencies": {
     "@prisma/client": "6.7.0"

pnpm-workspace.yaml

@@ -1,21 +1,4 @@
-# Security
-
-# Do not execute any scripts of installed packages (project scripts still run)
-ignoreDepScripts: true
-# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
-enablePrePostScripts: false
-# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
-minimumReleaseAge: 14400
-# Fail if a package's trust level has decreased compared to previous releases
-trustPolicy: no-downgrade
-# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
-trustPolicyIgnoreAfter: 525960
-# Fail if there are missing or invalid peer dependencies
-strictPeerDependencies: true
-# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
-blockExoticSubdeps: true
-
-# Lockfile
-
-# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
-preferFrozenLockfile: false
+packages:
+  - "client"
+  - "server"
+  - "packages/types"