mastra/pnpm-workspace.yaml at main · mastra-ai/mastra · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
packages:
  - mastracode
  - docs
  - packages/_vendored/*
  - packages/*
  - deployers/*
  - stores/*
  - browser/*
  - voice/*
  - workflows/*
  - workspaces/*
  - server-adapters/*
  - pubsub/*
  - client-sdks/*
  - integrations/*
  - auth/*
  - observability/*
  - explorations/longmemeval
  - explorations/agent-builder-gh-repro
  - e2e-tests/client-js/_test-utils
  - e2e-tests/client-js/zod-v3
  - e2e-tests/client-js/zod-v4
  - e2e-tests/workspace-compat

catalog:
  '@microsoft/api-extractor': ^7.57.7
  '@vitest/coverage-v8': 4.1.5
  '@vitest/ui': 4.1.5
  typescript: ^5.9.3
  vitest: 4.1.5
  zod: ^4.3.6

patchedDependencies:
  '@changesets/get-dependents-graph': patches/@changesets__get-dependents-graph.patch

blockExoticSubdeps: true
trustPolicy: no-downgrade
trustPolicyIgnoreAfter: 43200 # 30 days
trustPolicyExclude:
  # Security fix for GHSA middleware-based route protection bypass (CVE).
  # 3.47.4 is published with provenance attestation rather than trusted publisher,
  # but it is the official fix published on the @clerk/shared latest-v5 tag.
  - '@clerk/shared@3.47.4'