We use the latest Rush version 5.153.2.
After upgrading PNPM from v9.5 to 10.11.0 our projects fail to build.

1. First, there's a message from PNPM:

Ignored build scripts: ....
Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts.

From the PNPM changelog:

Lifecycle scripts of dependencies are not executed during installation by default! This is a breaking change aimed at increasing security. In order to allow lifecycle scripts of specific dependencies, they should be listed in the pnpm.onlyBuiltDependencies field of package.json pnpm/pnpm#8897

So we need to have a way to set this option from rush.json or in some other way.

2. On linking stage it fails with

ERROR: Internal Error: Cannot find installed dependency "..." in ...
You have encountered a software defect. Please consider reporting the issue to the maintainers of this application.

There are two reasons for that. First, from the PNPM changelog:

Various hashing algorithms have been updated to SHA256 for enhanced security and consistency:
Long paths inside node_modules/.pnpm are now hashed with SHA256.

So if PNPM version is >=10, there's a need to use the latest version of @pnpm/dependency-path package that is updated to use SHA256 hashes.

Second, in PNPM v10 there's a new default virtual-store-dir-max-length value. Now it is 60 symbols instead of 120 symbols as it was before.
So there's a need to adjust this value here (