feat: adopt PR audit [KHCP-18541] (#747)

ValeryG · web-flow · commit 7faa793ecb7b · 2025-11-25T13:37:33.000-07:00
diff --git a/.github/workflows/pr-audit.yaml b/.github/workflows/pr-audit.yaml
@@ -0,0 +1,37 @@
+name: PR Audit
+on:
+  pull_request:
+    branches:
+      - main
+
+  pull_request_review:
+    types:
+      - submitted
+      - edited
+      - dismissed
+
+jobs:
+  pr-audit:
+    name: Audit
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      GITHUB_TOKEN: ${{ secrets.SPEC_RENDERER_BOT_PAT }}
+
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Setup PNPM with Dependencies
+        uses: ./.github/actions/setup-pnpm-with-dependencies/
+
+      - name: PR Audit
+        uses: Kong/public-shared-actions/pr-previews/audit@main
+        if: github.actor != 'renovate[bot]'
+        with:
+          renovate-pr-author: renovate[bot]
diff --git a/package.json b/package.json
@@ -135,7 +135,23 @@
       "@parcel/watcher",
       "esbuild",
       "vue-demi"
-    ]
+    ],
+    "overrides": {
+      "openapi3-ts": "4.5.0",
+      "jsonpath-plus@<10.3.0": ">=10.3.0",
+      "elliptic@<=6.6.0": ">=6.6.1",
+      "@babel/helpers@<7.26.10": ">=7.26.10",
+      "cross-spawn@>=7.0.0 <7.0.5": ">=7.0.5",
+      "brace-expansion@>=1.0.0 <=1.1.11": ">=1.1.12",
+      "brace-expansion@>=2.0.0 <=2.0.1": ">=2.0.2",
+      "pbkdf2@<=3.1.2": ">=3.1.3",
+      "sha.js@<=2.4.11": ">=2.4.12",
+      "cipher-base@<=1.0.4": ">=1.0.5",
+      "tmp@<=0.2.3": ">=0.2.4",
+      "form-data@>=4.0.0 <4.0.4": ">=4.0.4",
+      "js-yaml@>=4.0.0 <4.1.1": ">=4.1.1",
+      "glob@>=10.2.0 <10.5.0": ">=10.5.0"
+    }
   },
   "repository": {
     "type": "git",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
