chore: update pnpm and fix security alerts

[panz3r]

Affected Package(s)

• @forward-software/react-auth (lib)
• @forward-software/react-auth-google (packages/google-signin)
• Examples
• CI/CD / Repository configuration

Related Issue(s)

Motivation

Description of Changes

This pull request updates several dependency versions in the pnpm-lock.yaml file and makes a minor configuration change in pnpm-workspace.yaml. The main focus is on upgrading the yaml, brace-expansion, and picomatch packages to their latest patch versions, which likely include bug fixes and minor improvements. Additionally, the autoInstallPeers setting is moved within the workspace configuration for better organization.

Dependency Upgrades:

• Upgraded yaml from version 2.8.2 to 2.8.3 across all relevant dependencies and snapshots, ensuring the latest bug fixes and improvements are included. [1] [2] [3]
• Updated brace-expansion from 1.1.12 to 1.1.13 and from 5.0.4 to 5.0.5, and updated all references in dependency trees. [1] [2] [3]
• Upgraded picomatch from 2.3.1 to 2.3.2 in both package and dependency references. [1] [2] [3] [4] [5]

Workspace Configuration:

• Moved the autoInstallPeers: false setting to the top level of pnpm-workspace.yaml for improved clarity and organization. [1] [2]

Dependency Tree Consistency:

• Updated all dependency snapshots and references to ensure consistency with the new versions of yaml, brace-expansion, and picomatch throughout the lockfile. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]

These changes help keep dependencies secure and up-to-date, and improve workspace configuration clarity.

Breaking Changes

None

How to Test

1. CI Checks: Verify that all automated tests (Vitest) and build steps pass successfully on this PR.
2. Local Verification (Optional):
   • Run pnpm install to install dependencies.
   • Run pnpm --filter <affected-package> test to run tests for the affected package.
   • Run pnpm --filter <affected-package> build to verify the build succeeds.
   • Run pnpm --filter <affected-package> lint to check for linting errors.

Checklist

• My code follows the project's style guidelines
• I have added or updated tests to cover the changes
• I have updated relevant documentation
• All tests are passing locally
• CI checks are passing
• I have reviewed my own code and lock file changes
• I have checked for any potential security implications
• I have verified the changes work as expected
• My commit messages follow Conventional Commits format

Notes for Reviewers

[Copilot]

Pull request overview

Updates workspace configuration and refreshes pnpm-lock.yaml to address security-related dependency bumps.

Changes:

• Moved autoInstallPeers: false to the top level in pnpm-workspace.yaml.
• Updated lockfile resolutions for yaml, brace-expansion, and picomatch to newer patch versions.
• Regenerated/updated related lockfile snapshots to keep dependency trees consistent.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
pnpm-workspace.yaml	Repositions autoInstallPeers configuration for clearer workspace-level settings.
pnpm-lock.yaml	Bumps patched dependency versions and updates corresponding snapshots/integrities.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.