Dependency Audit workflow (.github/workflows/dependency-audit.yml) runs on a weekly schedule and can be triggered manually.
The workflow fails only when Critical vulnerabilities are reported by pnpm audit --prod.
Lower-severity findings are recorded in workflow logs and step summary.
- Open the workflow run and review
Dependency Auditstep output. - Open issue
#5397for anyCriticalfindings and coordinate remediation there. - For non-critical updates, track follow-up in
#5396only if the issue remains unaddressed.