chore: replace .npmrc with pnpm-workspace.yaml

Merge pull request 'deps: update turbo to 2.8.10' (#21 ) from dependencies/update-turbo into main
deps: update turbo to 2.8.10
2026-03-02 16:27:38 -08:00 · 2026-03-01 07:01:32 -08:00 · 2026-02-28 07:01:27 -08:00 · 2026-02-27 07:01:33 -08:00 · 2026-02-26 07:01:38 -08:00
4 changed files with 51 additions and 59 deletions
@@ -1,25 +0,0 @@
-# Package Manager Configuration
-# Force pnpm usage - breaks npm/yarn intentionally
-node-linker=pnpm
-
-# Security: Disable all lifecycle scripts
-ignore-scripts=true
-enable-pre-post-scripts=false
-
-# Security: Require packages to be 10+ days old before installation
-minimum-release-age=14400
-
-# Security: Verify package integrity hashes
-verify-store-integrity=true
-
-# Security: Enforce strict trust policies
-trust-policy=strict
-
-# Security: Strict peer dependency resolution
-strict-peer-dependencies=true
-
-# Performance: Use symlinks for node_modules
-symlink=true
-
-# Lockfile: Ensure lockfile is not modified during install
-frozen-lockfile=false
@@ -18,7 +18,7 @@
    "@nhcarrigan/eslint-config": "5.2.0",
    "eslint": "9.26.0",
    "prisma": "6.7.0",
-    "turbo": "2.8.8"
+    "turbo": "2.8.10"
  },
  "dependencies": {
    "@prisma/client": "6.7.0"
@@ -22,8 +22,8 @@ importers:
        specifier: 6.7.0
        version: 6.7.0(typescript@5.8.3)
      turbo:
-        specifier: 2.8.8
-        version: 2.8.8
+        specifier: 2.8.10
+        version: 2.8.10

  client:
    dependencies:
@@ -5244,38 +5244,38 @@ packages:
    resolution: {integrity: sha512-+68OP1ZzSF84rTckf3FA95vJ1Zlx/uaXyiiKyPd1pA4rZNkpEvDAKmsu1xUSmbF/chCRYgZ6UZkDwC7PmzmAyA==}
    engines: {node: ^18.17.0 || >=20.5.0}

-  turbo-darwin-64@2.8.8:
-    resolution: {integrity: sha512-7R/XRAleyNB8nIJuenRpS7EnmCM/kYFgcG1rW3F5DF57Nl4WyBO3DzxqwooRheuoXDD1UsJvDse0yRufgxjClA==}
+  turbo-darwin-64@2.8.10:
+    resolution: {integrity: sha512-A03fXh+B7S8mL3PbdhTd+0UsaGrhfyPkODvzBDpKRY7bbeac4MDFpJ7I+Slf2oSkCEeSvHKR7Z4U71uKRUfX7g==}
    cpu: [x64]
    os: [darwin]

-  turbo-darwin-arm64@2.8.8:
-    resolution: {integrity: sha512-whpveO0w/dMcgQ0zFrzqK76mG2W+RBQ/pKIpW+sEvNr+T4UcYd2gZpfV2euehJLvdeFErWgW74dIt/MFfkG1bA==}
+  turbo-darwin-arm64@2.8.10:
+    resolution: {integrity: sha512-sidzowgWL3s5xCHLeqwC9M3s9M0i16W1nuQF3Mc7fPHpZ+YPohvcbVFBB2uoRRHYZg6yBnwD4gyUHKTeXfwtXA==}
    cpu: [arm64]
    os: [darwin]

-  turbo-linux-64@2.8.8:
-    resolution: {integrity: sha512-BISkcKk+5/Dh11q+YhdQIGONXmdlQ6LY0iQ+GBIK7QOBAJyJFKmKvUeAeMdWGXOa3sImz2oZ6u2StyR+0Y/VVA==}
+  turbo-linux-64@2.8.10:
+    resolution: {integrity: sha512-YK9vcpL3TVtqonB021XwgaQhY9hJJbKKUhLv16osxV0HkcQASQWUqR56yMge7puh6nxU67rQlTq1b7ksR1T3KA==}
    cpu: [x64]
    os: [linux]

-  turbo-linux-arm64@2.8.8:
-    resolution: {integrity: sha512-B+DQWWtM3O+AexFF4aYucT0MvvnQOW4n5y9LA5h3Zc3Lpj10yl9K4dEBzJvMVQ2jTkCRNAvA8q9G3EjqmGmGGA==}
+  turbo-linux-arm64@2.8.10:
+    resolution: {integrity: sha512-3+j2tL0sG95iBJTm+6J8/45JsETQABPqtFyYjVjBbi6eVGdtNTiBmHNKrbvXRlQ3ZbUG75bKLaSSDHSEEN+btQ==}
    cpu: [arm64]
    os: [linux]

-  turbo-windows-64@2.8.8:
-    resolution: {integrity: sha512-KP5TRVrmVnrxDyvERvQq7VXu+h5AiEiBwyr90YsRuYy/Z5zLz8hrNZXejTyUR17xmnuI+RbUSxrQlfmPnxiW1A==}
+  turbo-windows-64@2.8.10:
+    resolution: {integrity: sha512-hdeF5qmVY/NFgiucf8FW0CWJWtyT2QPm5mIsX0W1DXAVzqKVXGq+Zf+dg4EUngAFKjDzoBeN6ec2Fhajwfztkw==}
    cpu: [x64]
    os: [win32]

-  turbo-windows-arm64@2.8.8:
-    resolution: {integrity: sha512-X45sTOksR8iidk+PZUXpNcfEkOhGCTS2p2J8nSUExr1v7u3T4FixwplzliuWmG7QTPGJapAwItzHbi+d/9ckNQ==}
+  turbo-windows-arm64@2.8.10:
+    resolution: {integrity: sha512-QGdr/Q8LWmj+ITMkSvfiz2glf0d7JG0oXVzGL3jxkGqiBI1zXFj20oqVY0qWi+112LO9SVrYdpHS0E/oGFrMbQ==}
    cpu: [arm64]
    os: [win32]

-  turbo@2.8.8:
-    resolution: {integrity: sha512-wP+axjWAKzYfZ7bghuggVST9bX4j5cn3NPMU9NPQqtwaUKL9n9JOnWWBIc9gdrEma1aViYR73EoPjDEpVq+liQ==}
+  turbo@2.8.10:
+    resolution: {integrity: sha512-OxbzDES66+x7nnKGg2MwBA1ypVsZoDTLHpeaP4giyiHSixbsiTaMyeJqbEyvBdp5Cm28fc+8GG6RdQtic0ijwQ==}
    hasBin: true

  type-check@0.4.0:
@@ -11596,32 +11596,32 @@ snapshots:
    transitivePeerDependencies:
      - supports-color

-  turbo-darwin-64@2.8.8:
+  turbo-darwin-64@2.8.10:
    optional: true

-  turbo-darwin-arm64@2.8.8:
+  turbo-darwin-arm64@2.8.10:
    optional: true

-  turbo-linux-64@2.8.8:
+  turbo-linux-64@2.8.10:
    optional: true

-  turbo-linux-arm64@2.8.8:
+  turbo-linux-arm64@2.8.10:
    optional: true

-  turbo-windows-64@2.8.8:
+  turbo-windows-64@2.8.10:
    optional: true

-  turbo-windows-arm64@2.8.8:
+  turbo-windows-arm64@2.8.10:
    optional: true

-  turbo@2.8.8:
+  turbo@2.8.10:
    optionalDependencies:
-      turbo-darwin-64: 2.8.8
-      turbo-darwin-arm64: 2.8.8
-      turbo-linux-64: 2.8.8
-      turbo-linux-arm64: 2.8.8
-      turbo-windows-64: 2.8.8
-      turbo-windows-arm64: 2.8.8
+      turbo-darwin-64: 2.8.10
+      turbo-darwin-arm64: 2.8.10
+      turbo-linux-64: 2.8.10
+      turbo-linux-arm64: 2.8.10
+      turbo-windows-64: 2.8.10
+      turbo-windows-arm64: 2.8.10

  type-check@0.4.0:
    dependencies:
@@ -1,4 +1,21 @@
-packages:
-  - "client"
-  - "server"
-  - "packages/types"
+# Security
+
+# Do not execute any scripts of installed packages (project scripts still run)
+ignoreDepScripts: true
+# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
+enablePrePostScripts: false
+# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
+minimumReleaseAge: 14400
+# Fail if a package's trust level has decreased compared to previous releases
+trustPolicy: no-downgrade
+# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
+trustPolicyIgnoreAfter: 525960
+# Fail if there are missing or invalid peer dependencies
+strictPeerDependencies: true
+# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
+blockExoticSubdeps: true
+
+# Lockfile
+
+# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
+preferFrozenLockfile: false
Author	SHA1	Message	Date
hikari	ddc6e0246f	chore: replace .npmrc with pnpm-workspace.yaml Node.js CI / CI (push) Failing after 25s Details Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 2m7s Details	2026-03-02 16:27:38 -08:00
minori	251c9e89f6	Merge pull request 'deps: update turbo to 2.8.10' (#21 ) from dependencies/update-turbo into main Node.js CI / CI (push) Successful in 54s Details Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m45s Details	2026-03-01 07:01:32 -08:00
minori	521a2766e8	deps: update turbo to 2.8.10 Node.js CI / CI (pull_request) Successful in 51s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m43s Details	2026-02-28 07:01:27 -08:00
minori	04d62bfb09	Merge pull request 'deps: update turbo to 2.8.9' (#20 ) from dependencies/update-turbo into main Node.js CI / CI (push) Successful in 48s Details Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m38s Details	2026-02-27 07:01:33 -08:00
minori	e3c451c378	deps: update turbo to 2.8.9 Node.js CI / CI (pull_request) Successful in 54s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m30s Details	2026-02-26 07:01:38 -08:00