From ac73e58403d4b1168c915b2af9acf64924351a23 Mon Sep 17 00:00:00 2001
From: Sheraff <me@florianpellet.com>
Date: Tue, 16 Jun 2026 11:24:08 +0200
Subject: [PATCH] ci: pnpm trustPolicy no-downgrade exclude semver@6.3.1

---
 pnpm-workspace.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 002be83894..fb3c02cdcc 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -5,7 +5,8 @@ blockExoticSubdeps: true
 trustPolicy: 'no-downgrade'
 
 trustPolicyExclude:
-  - 'chokidar@4.0.3'
+  - 'chokidar@4.0.3' # known to be safe, installed by sass, prisma, netlify... no planned releases in v4, packages is on v5 now
+  - 'semver@6.3.1' # installed by babel, ecosystem has been on v7 for 7 years now, but babel is horribly out of date, 6.3.1 is the latest v6 and was released 3 years ago
 
 packages:
   - 'packages/*'