From 1b57e7a0f9f7ca004570e13167a38ee60974a218 Mon Sep 17 00:00:00 2001
From: Jovi De Croock <decroockjovi@gmail.com>
Date: Tue, 12 May 2026 19:24:26 +0200
Subject: [PATCH] Upgrade pnpm supply-chain safeguards

---
 .github/workflows/ci.yml | 2 +-
 pnpm-workspace.yaml      | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 pnpm-workspace.yaml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a3e09d2..bd46c73 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -16,7 +16,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: pnpm/action-setup@v4
         with:
-          version: 9
+          version: 11.0.0
       - uses: actions/setup-node@v4
         with:
           node-version: 22
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
new file mode 100644
index 0000000..4b8928a
--- /dev/null
+++ b/pnpm-workspace.yaml
@@ -0,0 +1,8 @@
+minimumReleaseAge: 10080
+
+blockExoticSubdeps: true
+
+allowBuilds:
+  esbuild: true
+  sharp: true
+  workerd: true