Skip to content

chore: add pnpm-lock.yaml for reproducible dependency audits#32

Draft
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/weekly-security-scan-1d3b
Draft

chore: add pnpm-lock.yaml for reproducible dependency audits#32
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/weekly-security-scan-1d3b

Conversation

@cursor

@cursor cursor Bot commented Jul 6, 2026

Copy link
Copy Markdown

Summary

Weekly security scan (2026-07-06) found no vulnerabilities or secrets, but noted the repo lacked a committed lockfile. This PR adds pnpm-lock.yaml so future installs and audits can use --frozen-lockfile for consistent, reproducible results.

Security scan results

Check Status
pnpm audit --audit-level=moderate ✅ No vulnerabilities
gitleaks detect ✅ No leaks
snyk test ⚠️ Skipped (SNYK_TOKEN not configured)

No security fixes were required. No open Dependabot PRs to triage.

Changes

  • Add pnpm-lock.yaml (generated from eslint@^9.39.0 devDependency tree)
Open in Web Open in Cursor 

Enables frozen-lockfile installs and consistent pnpm audit results
in CI and weekly security scans.

Prompt: Weekly security scan reminder to commit and push if appropriate.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant