From adc6c6c13b182216f4c53a077ffe996187610b1f Mon Sep 17 00:00:00 2001
From: Stephen Zhou <hi@hyoban.cc>
Date: Tue, 31 Mar 2026 11:46:02 +0800
Subject: [PATCH] chore: try to avoid supply chain security (#34317)

---
 pnpm-lock.yaml      |  6 ++----
 pnpm-workspace.yaml | 19 +++++++++++--------
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 01a96c5585..b6c234d8ad 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -249,9 +249,6 @@ catalogs:
     autoprefixer:
       specifier: 10.4.27
       version: 10.4.27
-    axios:
-      specifier: ^1.14.0
-      version: 1.14.0
     class-variance-authority:
       specifier: 0.7.1
       version: 0.7.1
@@ -573,6 +570,7 @@ overrides:
   array.prototype.flatmap: npm:@nolyfill/array.prototype.flatmap@^1.0.44
   array.prototype.tosorted: npm:@nolyfill/array.prototype.tosorted@^1.0.44
   assert: npm:@nolyfill/assert@^1.0.26
+  axios: 1.14.0
   brace-expansion@<2.0.2: 2.0.2
   canvas: ^3.2.2
   devalue@<5.3.2: 5.3.2
@@ -652,7 +650,7 @@ importers:
   sdks/nodejs-client:
     dependencies:
       axios:
-        specifier: 'catalog:'
+        specifier: 1.14.0
         version: 1.14.0
     devDependencies:
       '@eslint/js':
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index dece6f3f4f..ae53a57832 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -1,3 +1,12 @@
+trustPolicy: no-downgrade
+minimumReleaseAge: 1440
+blockExoticSubdeps: true
+strictDepBuilds: true
+allowBuilds:
+  '@parcel/watcher': false
+  canvas: false
+  esbuild: false
+  sharp: false
 packages:
   - web
   - e2e
@@ -13,6 +22,7 @@ overrides:
   array.prototype.flatmap: npm:@nolyfill/array.prototype.flatmap@^1.0.44
   array.prototype.tosorted: npm:@nolyfill/array.prototype.tosorted@^1.0.44
   assert: npm:@nolyfill/assert@^1.0.26
+  axios: 1.14.0
   brace-expansion@<2.0.2: 2.0.2
   canvas: ^3.2.2
   devalue@<5.3.2: 5.3.2
@@ -59,13 +69,6 @@ overrides:
   which-typed-array: npm:@nolyfill/which-typed-array@^1.0.44
   yaml@>=2.0.0 <2.8.3: 2.8.3
   yauzl@<3.2.1: 3.2.1
-ignoredBuiltDependencies:
-  - canvas
-  - core-js-pure
-onlyBuiltDependencies:
-  - "@parcel/watcher"
-  - esbuild
-  - sharp
 catalog:
   "@amplitude/analytics-browser": 2.38.0
   "@amplitude/plugin-session-replay-browser": 1.27.5
@@ -149,7 +152,7 @@ catalog:
   agentation: 3.0.2
   ahooks: 3.9.7
   autoprefixer: 10.4.27
-  axios: ^1.14.0
+  axios: 1.14.0
   class-variance-authority: 0.7.1
   clsx: 2.1.1
   cmdk: 1.1.1