Update pnpm to v11.5.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pnpm (source)	11.5.0 → 11.5.1

---

Release Notes

pnpm/pnpm (pnpm)

v11.5.1

Compare Source

Patch Changes

• Improve pnpm audit performance by pruning non-vulnerable lockfile subtrees and stopping path enumeration once vulnerable findings reach the path cap.
• Avoid crashing when the workspace state cache is partially written or malformed.
• Set npm_config_user_agent for root lifecycle scripts during headless installs.
• Preserve the integrity field of a remote (non-registry) tarball dependency when its lockfile entry is rebuilt. Re-resolving such a dependency without re-fetching it (for example via pnpm update, or when another dependency changes) produced a resolution with no integrity — URL/tarball resolvers only learn the integrity after the tarball is downloaded — so the previously recorded integrity was dropped, making later installs fail with ERR_PNPM_MISSING_TARBALL_INTEGRITY #​12067.
• Normalize a string repository field into the { type, url } object form when creating the publish manifest, matching npm's behavior. Some registries (e.g. Gitea/Codeberg) reject a string repository with a 500 Internal Server Error during pnpm publish #​12099.
• Preserve compatible optional peer versions already present in the lockfile when resolving dependencies.
• Fixed inconsistent resolution of a peer dependency that is shared through a diamond. When a package peer-depends on both another package and one of that package's own peer dependencies (for example @typescript-eslint/eslint-plugin peer-depends on both @typescript-eslint/parser and typescript, and @typescript-eslint/parser peer-depends on typescript), pnpm no longer reuses a hoisted instance of the shared peer that was resolved against a different version #​12079.

---

Configuration

📅 Schedule: (in timezone America/Chicago)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[gtbuchanan]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Too much diff to scan? Review this PR in Change Stack to start with the highest-impact changes.

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 78b10cc6-fa11-4c80-9b1b-ff0bf3ed1eca

📥 Commits

Reviewing files that changed from the base of the PR and between 4d25609 and e775262.

⛔ Files ignored due to path filters (1)

• mise.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• package.json

📜 Recent review details

🧰 Additional context used

📓 Path-based instructions (1)

{package.json,mise.toml}

📄 CodeRabbit inference engine (AGENTS.md)

Use packageManager field in package.json to pin the pnpm version, setting idiomatic_version_file_enable_tools = ["pnpm"] in mise.toml to read the version from the same field

Files:

• package.json

🧠 Learnings (2)

📓 Common learnings

Learnt from: CR
Repo: gtbuchanan/tooling PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-06-04T20:00:49.800Z
Learning: Applies to {package.json,mise.toml} : Use `packageManager` field in `package.json` to pin the pnpm version, setting `idiomatic_version_file_enable_tools = ["pnpm"]` in `mise.toml` to read the version from the same field

📚 Learning: 2026-06-04T20:00:49.800Z

Learnt from: CR
Repo: gtbuchanan/tooling PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-06-04T20:00:49.800Z
Learning: Applies to {package.json,mise.toml} : Use `packageManager` field in `package.json` to pin the pnpm version, setting `idiomatic_version_file_enable_tools = ["pnpm"]` in `mise.toml` to read the version from the same field

Applied to files:

• package.json

🔇 Additional comments (1)

package.json (1)

49-49: LGTM!

---

📝 Walkthrough

Walkthrough

The root package.json updates the declared packageManager version from pnpm@11.5.0 to pnpm@11.5.1. No other scripts, dependencies, or metadata are changed.

Changes

Package Manager Version

Layer / File(s)	Summary
Package manager version bump package.json	packageManager field pinned to pnpm@11.5.1 instead of pnpm@11.5.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title is concise, descriptive, and clearly communicates the main change: updating pnpm from v11.5.0 to v11.5.1.
Description check	✅ Passed	The description is directly related to the changeset, providing detailed release notes and context for the pnpm version update.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}