fix(plugin-ci): run pnpm audit for pnpm repos

pnpm audit is available in pnpm v10+. The previous implementation skipped the security audit for pnpm repos due to a retired endpoint, which blocks all plugin releases that use pnpm.
2026-04-15 03:19:17 +00:00
parent 0792dfcceb
commit e6eea29561
1 changed files with 1 additions and 4 deletions
@@ -158,11 +158,8 @@ jobs:

      - name: Security audit
        run: |
-          # pnpm audit endpoint retired (HTTP 410). Use npm audit instead.
-          # pnpm projects lack package-lock.json so we generate one first.
-          # --no-audit skips the implicit audit during install (we run it explicitly after).
          if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
-            echo "Skipping npm audit for pnpm repo (pnpm audit endpoint retired HTTP 410; lockfile generation fails with corepack)"
+            pnpm audit --audit-level=high
          else
            npm audit --omit=dev
          fi