chore: upgrade pnpm to v11

[panz3r]

Affected Package(s)

• @forward-software/react-auth (lib)
• @forward-software/react-auth-google (packages/google-signin)
• Examples
• CI/CD / Repository configuration

Description of Changes

This pull request primarily updates dependencies to newer versions, including both direct and transitive dependencies, and updates the package manager version in package.json. The main focus is on keeping the project up-to-date with the latest patches, features, and security improvements from its dependencies.

Dependency version updates:

• Updated @forward-software/react-auth from version 2.0.4 to 2.1.0 in both pnpm-lock.yaml and as a devDependency, ensuring the latest features and fixes are available. [1] [2] [3]
• Upgraded several core and development dependencies to their latest patch or minor versions, including but not limited to: @adobe/css-tools, @babel/* packages, acorn, es-module-lexer, lru-cache, minimatch, obug, std-env, tinyexec, tldts, undici, and others. These updates improve compatibility, performance, and security. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]
• Updated the pnpm package manager version in package.json from 10.33.0 to 11.7.0, reflecting a move to the latest major version for improved performance and new features.

These changes help ensure the project remains secure, stable, and compatible with the latest ecosystem updates.

Breaking Changes

None

How to Test

1. CI Checks: Verify that all automated tests (Vitest) and build steps pass successfully on this PR.
2. Local Verification (Optional):
   • Run pnpm install to install dependencies.
   • Run pnpm --filter <affected-package> test to run tests for the affected package.
   • Run pnpm --filter <affected-package> build to verify the build succeeds.
   • Run pnpm --filter <affected-package> lint to check for linting errors.

Checklist

• My code follows the project's style guidelines
• I have added or updated tests to cover the changes
• I have updated relevant documentation
• All tests are passing locally
• CI checks are passing
• I have reviewed my own code and lock file changes
• I have checked for any potential security implications
• I have verified the changes work as expected
• My commit messages follow Conventional Commits format

Notes for Reviewers

[Copilot]

Pull request overview

This PR upgrades the repository’s package manager to pnpm v11 and refreshes the lockfile to newer dependency resolutions, alongside adding new workspace-level “security settings” configuration.

Changes:

• Bump packageManager to pnpm@11.7.0 in the root package.json.
• Update pnpm-lock.yaml to newer versions of several direct/transitive dependencies, including resolving @forward-software/react-auth to 2.1.0.
• Add new top-level config keys in pnpm-workspace.yaml intended to enforce stricter dependency-update/security policies.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File	Description
pnpm-workspace.yaml	Adds new top-level “security settings” keys intended to constrain update behavior.
pnpm-lock.yaml	Refreshes dependency resolutions (including @forward-software/react-auth → 2.1.0) and various transitive bumps.
package.json	Updates the pinned package manager to pnpm v11.7.0 (Corepack-style packageManager field).

Files not reviewed (1)

• pnpm-lock.yaml: Generated file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[panz3r]

@copilot it seems that migrating to pnpm v11 broke CI builds and tests.
Please check the failing workflows and propose a solution (please do not change commutes pnpm settings unless strictly necessary)

[Copilot]

@copilot it seems that migrating to pnpm v11 broke CI builds and tests.
Please check the failing workflows and propose a solution (please do not change commutes pnpm settings unless strictly necessary...

Addressed in 3131a8d. The failures came from pnpm v11 seeing different autoInstallPeers settings across the CI steps after the peer-dependency install. I kept the existing install flow and updated the build/test commands to run with the same --config.auto-install-peers=true setting. I also reproduced the failure locally with CI=true and verified the build/test matrix commands pass with this change.