Corepack recommends digest pinning for the package manager version set with the packageManager field in package.json, but Renovate does not currently support this.

The digest can be manually set by running corepack use <name[@<version>]>. For example, running corepack use pnpm@8.15.6 will set the version to pnpm@8.15.6+sha256.01c01eeb990e379b31ef19c03e9d06a14afa5250b82e81303f88721c99ff2e6f.

With the config like below, Renovate should pin the packageManager version by digest.

{
  "packageRules": [
    {
      "matchDepTypes": ["packageManager"],
      "pinDigests": true
    }
  ]
}

Demonstration PR: #2