ci: add pnpm audit and update vunerabilities

Author: luizstacio

.github/workflows/pr.yml

@@ -13,7 +13,16 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  audit-deps:
+    name: Audit Dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: FuelLabs/github-actions/setups/node@master
+      - run: pnpm audit --prod
+
   check-packages-changed:
+    needs: audit-deps
     name: Check if packages have change
     runs-on: ubuntu-latest
     outputs:
@@ -29,7 +38,7 @@ jobs:
 
   changesets:
     name: Changeset Checks
-    needs: check-packages-changed
+    needs: [audit-deps, check-packages-changed]
     if: ${{ github.head_ref != 'changeset-release/main' && needs.check-packages-changed.outputs.changed == 'true' }}
     runs-on: ubuntu-latest
     steps:
@@ -42,6 +51,7 @@ jobs:
 
   validate:
     runs-on: buildjet-4vcpu-ubuntu-2204
+    needs: audit-deps
     steps:
       - uses: actions/checkout@v3
       - uses: FuelLabs/github-actions/setups/node@master

package.json

@@ -40,5 +40,14 @@
   "devDependencies": {
     "@changesets/cli": "^2.26.2",
     "@fuel-ts/forc": "0.71.1"
+  },
+  "pnpm": {
+    "overrides": {
+      "graphql": ">=16.8.1",
+      "semver": ">=5.7.2",
+      "axios": ">=1.6.0",
+      "undici": ">=5.26.2",
+      "get-func-name": ">=2.0.1"
+    }
   }
 }

packages/solidity-contracts/package.json

@@ -42,11 +42,11 @@
     "@ethersproject/bytes": "^5.7.0",
     "@ethersproject/providers": "^5.7.0",
     "@fuel-contracts/merkle-sol": "^0.1.4",
-    "@nomicfoundation/hardhat-chai-matchers": "^1.0.6",
+    "@nomicfoundation/hardhat-chai-matchers": "^2.0.2",
     "@nomiclabs/hardhat-ethers": "^2.2.1",
     "@nomiclabs/hardhat-etherscan": "^3.1.2",
-    "@openzeppelin/contracts": "^4.8.0",
-    "@openzeppelin/contracts-upgradeable": "^4.8.0",
+    "@openzeppelin/contracts": "^4.8.3",
+    "@openzeppelin/contracts-upgradeable": "^4.8.3",
     "@openzeppelin/hardhat-upgrades": "1.26.0"
   },
   "devDependencies": {