chore: migrate from npx to pnpm

[daniel-graham-amplitude]

Summary

Update the semantic-release task to use deterministic dependencies.

Migrates from using npx with -p flag to using pnpm with package.json + lockfiles.

Checklist

• Does your PR title have the correct title format?
• Does your PR have a breaking change?: No

[daniel-graham-amplitude]

bugbot run

[cursor]

Skipping Bugbot: Bugbot is disabled for this repository

[Copilot]

Pull request overview

This PR successfully migrates the semantic-release task from using npx with the -p flag to using pnpm with package.json and lockfiles for deterministic dependency management. This is a good practice for ensuring reproducible builds and avoiding unexpected version updates.

Key Changes

• Introduces pnpm as the package manager with explicit dependency declarations in package.json
• Adds a pnpm lockfile for deterministic dependency resolution
• Updates the GitHub Actions workflow to install and use pnpm for running semantic-release

Reviewed changes

Copilot reviewed 3 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pnpm-workspace.yaml	Adds pnpm workspace configuration (contains incorrect settings)
pnpm-lock.yaml	Adds lockfile with all semantic-release dependencies pinned to specific versions
package.json	Defines devDependencies for semantic-release and specifies pnpm 10.20.0 as package manager
.gitignore	Adds node_modules/ to ignore list
.github/workflows/release.yml	Updates workflow to setup pnpm and use pnpm install + pnpm exec instead of npx

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Mercy811]

Thanks @daniel-graham-amplitude, LGTM!

[Mercy811]

can't believe we don't even have package.json