chore: upgrade pnpm to v11

[panz3r]

This PR updates package management tooling and tightens security policies for dependency management.

The main changes include upgrading the pnpm package manager, updating key dependencies to newer versions, improving compatibility for native modules, and introducing stricter security and update policies in the workspace configuration.

Dependency and Package Manager Updates:

• Upgraded the pnpm package manager from version 10.7.0 to 11.8.0 in package.json for improved performance and features.
• Updated the brace-expansion dependency from version 5.0.2 to 5.0.6 and the minimatch dependency from 10.2.1 to 10.2.5 in pnpm-lock.yaml and their relevant snapshots, ensuring compatibility with Node.js 18 and above. [1] [2] [3] [4] [5]

Native Module Compatibility:

• Added explicit libc fields (e.g., glibc, musl) to several native module entries (such as @rolldown/binding-* and lightningcss-*) in pnpm-lock.yaml to improve platform-specific resolution and compatibility. [1] [2]

Security and Update Policy Enhancements:

• Introduced new security and update policies in pnpm-workspace.yaml, including:
  • Disabling builds for esbuild
  • Requiring package releases to be at least 24 hours old before updating (minimumReleaseAge)
  • Blocking updates to packages with exotic dependencies (blockExoticSubdeps)
  • Preventing trust level downgrades in dependencies (trustPolicy: "no-downgrade")