pnpm 11.5 Adds Support for Recognizing npm Staged Publishes

pnpm 11.5 updates trust evaluation to treat npm "staged publishing" approvals (presence of an `approver` field) as the strongest trust signal, fixing false ‘no-downgrade’ warnings when staged publishes were misclassified as a fallback to weaker, token-based publishing. The change responds to prior credential-theft and token-abuse supply-chain incidents (e.g., the Mini Shai-Hulud campaign) and aims to reduce noisy alerts while package managers adapt to npm’s newer trusted- and staged-publishing workflows.