chore: upgrade pnpm to 10.28.2 for security fixes

claude · claude · commit 95322f7e9aaa · 2026-05-01T08:54:19.000Z
Addresses path traversal in directories.bin and symlink-escape protection for file:/git: dependencies (CVE protections for reading sensitive files). https://pnpm.io/settings#blockexoticsubdeps Slack thread: https://triggerdotdev.slack.com/archives/C061L2MHW93/p1777625600974279?thread_ts=1777622248.762639&cid=C061L2MHW93 https://claude.ai/code/session_01G759MUqmjsPh9k1qDxbdjG
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -4,7 +4,7 @@ This file provides guidance to Claude Code when working with this repository. Su
 
 ## Build and Development Commands
 
-This is a pnpm 10.23.0 monorepo using Turborepo. Run commands from root with `pnpm run`.
+This is a pnpm 10.28.2 monorepo using Turborepo. Run commands from root with `pnpm run`.
 
 ```bash
 pnpm run docker              # Start Docker services (PostgreSQL, Redis, Electric)
diff --git a/package.json b/package.json
@@ -65,7 +65,7 @@
     "vite-tsconfig-paths": "^4.0.5",
     "vitest": "3.1.4"
   },
-  "packageManager": "pnpm@10.23.0",
+  "packageManager": "pnpm@10.28.2",
   "dependencies": {
     "@changesets/cli": "2.26.2",
     "@remix-run/changelog-github": "^0.0.5",
