[TEST] Add pnpm audit gate to PR workflow

[wheval]

Summary

Integrate pnpm audit into PR workflow with allowlist file and failure triage documentation.

Background

Audit gate needs exemption process for false positives; medium includes allowlist JSON and docs.

This is a medium task: expect multiple files, tests, and integration with existing flows—not a single-line or docs-only change.

Scope

• .github/workflows/ci.yml
• docs/security/dependency-audit.md
• .pnpm-audit-allowlist.json

Files to create / modify

CI job on PR; allowlist with justification per advisory; CONTRIBUTING triage steps.

Example implementation

pnpm audit --audit-level=high || node scripts/check-audit-allowlist.js

Acceptance criteria

• High vulns fail PR unless allowlisted
• Allowlist requires GH issue link per entry
• Weekly scheduled audit optional
• Docs explain how to refresh lockfile

Difficulty

Medium

Labels

enhancement, medium, security, developer-experience

[nice-bills]

@nice-bills has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

I’d like to work on this project. I’m a seasoned Fullstack developer, well-versed in using both TypeScript and JavaScript, TailwindCSS and ExpressJS for database coordination, testing, and other practical use cases. I work quickly and can deliver in a short time.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @nice-bills to this issue.

[drips-wave]

Congratulations, @nice-bills! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @nice-bills: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊