build(deps): bump pnpm from 8.9.2 to 10.23.0

[dependabot[bot]]

Bumps pnpm from 8.9.2 to 10.23.0.

Release notes

Sourced from pnpm's releases.

pnpm 10.23

Minor Changes

• Added --lockfile-only option to pnpm list #10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #8660.
• Don't add an extra slash to the Node.js mirror URL #10204.
• pnpm store prune should not fail if the store contains Node.js packages #10131.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.23.0

Minor Changes

• Added --lockfile-only option to pnpm list #10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:[email protected]) #8660.
• Don't add an extra slash to the Node.js mirror URL #10204.
• pnpm store prune should not fail if the store contains Node.js packages #10131.

10.22.0

Minor Changes

• Added support for trustPolicyExclude #10164.

  You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

  trustPolicy: no-downgrade
  trustPolicyExclude:
    - [email protected]
    - [email protected] || 5.102.1
  

• Allow to override the engines field on publish by the publishConfig.engines field.

Patch Changes

• Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #10179.

10.21.0

Minor Changes

• Node.js Runtime Installation for Dependencies. Added support for automatic Node.js runtime installation for dependencies. pnpm will now install the Node.js version required by a dependency if that dependency declares a Node.js runtime in the "engines" field. For example:

  {
    "engines": {
      "runtime": {
        "name": "node",
        "version": "^24.11.0",
        "onFail": "download"
  

... (truncated)

Commits

• 603aeda chore(release): 10.23.0
• 43c56d9 fix: don't silently skip an optional dependency if if fails trust policy chec...
• 5e7cf44 fix: js-yaml version
• 1de6d19 chore(release): 10.22.0
• 93d4954 feat: add support for trustPolicyExclude (#10168)
• c1ec45b chore: fix repository URLs in package.json files of utils
• 2e2dc27 chore(release): 10.21.0
• 68ad086 feat: add support for npm package trust evidence check via a new trustPolicy ...
• 17344ca fix(update): prevent package.json updates when updating indirect dependencies...
• 5847af4 feat: install js runtime as prod dependency (#10141)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for pnpm since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
devs-in-tech	Ready	Preview	Comment	Nov 20, 2025 8:08pm

[netlify[bot]]

❌ Deploy Preview for devsintech failed. Why did it fail? →

Name	Link
🔨 Latest commit	2fbf37530625f4bdfd77817eca0bfe74934bb0cd
🔍 Latest deploy log	https://app.netlify.com/projects/devsintech/deploys/691f752480ffbf0008294e78