chore(repo): supply-chain and CI/CD hardening -- part 2 [PLT-103649]

[CalinaCristian]

Part 2 of #688

What this does

Workflows

• Fixed heredoc injection in support-branch-scope.yml — gh pr diff output (attacker-controlled file paths) was written using a literal EOF delimiter; replaced with random delimiters via openssl rand
• Moved GH_TOKEN from job-level to step-scoped env in close-stale-prs.yml
• Replaced ${{ github.workspace }} inline in a run: block with $GITHUB_WORKSPACE in apollo-vertex-registry-check.yml
• Added timeout-minutes: 30 to the release job in release.yml
• Added concurrency: blocks to pr-labeler.yml and commit-lint.yml
• Dependabot now ignores major version bumps for both npm packages and GitHub Actions — majors are handled manually

Scripts

• unpublish-dev.ts: added @uipath/ scope validation in unpublishFromGitHub() and main(); tightened package name regex to ^@uipath/[a-z0-9-]+$
• publish-dev.ts: added package name validation before resolving the workspace path
• publish-to-registries.sh: NPM_AUTH_TOKEN is now cleared when publishing to GitHub Packages; npm publish tag moved from inline shell interpolation to a validated $TAG_NAME env variable
• All .releaserc.json files updated to pass the tag via TAG_NAME= prefix instead of inline in the bash command
• check-licenses.ts: replaced execSync (shell form) with execFileSync
• create-dev-comment.ts and update-dev-comment-row.ts: added bot-type guard to the jq filter to prevent comment-planting

Supply chain config

• pnpm-workspace.yaml: added minimumReleaseAgeStrict: false to work around a pnpm 11.0.4 regression where packages with missing registry time metadata fail with a hard error instead of a warning; added @next/swc-* platform binary entries alongside the existing next exemption
• package.json: pinned semantic-release-monorepo to an exact version
• CODEOWNERS: added explicit entry for turbo.json

Docs

• copilot-instructions.md: extended the supply chain attack reference table with patterns from the TanStack incident (pnpm store cache poisoning, published package protocol injection, OIDC trusted-publisher scope, workflow_run guard, burst-publish detection, forged bot commit identity); expanded the cache and fork-safety checklists; added Dependabot review items for bot verification and maintainer-change signals; added new code review block items

---

Notes on pnpm 10 → 11 and minimumReleaseAge

During this work we discovered that minimumReleaseAge behaves significantly differently in pnpm 11 compared to pnpm 10.

pnpm 10: pnpm add pkg@latest where latest is too new was blocked and fell back to the last mature version. The quarantine applied to all resolution paths.

pnpm 11: The maintainer explicitly made exact versions and dist-tags (@latest, @1.2.3) an intentional escape hatch — they bypass minimumReleaseAge entirely. Only automatic range resolution (pnpm update, pnpm add pkg with no version) is still gated. Relevant issues:

• #11463 — maintainer confirms explicit version bypass is intentional
• #11238 — ERR_PNPM_MISSING_TIME hard error introduced in 11.0.4 for packages with missing registry metadata (open); mitigated here with minimumReleaseAgeStrict: false

We verified that pnpm add pkg (no version) still correctly falls back — tested with zod@4.4.3 (9 days old at time of writing), which resolved to 4.3.5 instead. So the quarantine still provides passive protection against accidental pnpm update pulls.

We stayed on pnpm 11.1.1 rather than downgrading to 11.0.3 because the intermediate releases include pnpm audit signatures (11.1.0), git dep integrity pinning in lockfiles (11.0.7), and an OIDC token priority fix (11.0.7) — all directly relevant to supply chain security. The real gate for explicit version installs remains CODEOWNERS on pnpm-lock.yaml and lockfile review.

[Copilot]

Pull request overview

This PR hardens repository supply-chain and CI/CD behavior across release, dev publish/cleanup, dependency policy, and workflow guidance.

Changes:

• Upgrades repo tooling guidance/configuration toward pnpm 11 and expands pnpm supply-chain controls.
• Hardens publishing scripts and release workflows with stricter validation, token isolation, SBOM/provenance steps, and safer output delimiters.
• Updates CI governance, action pins, Dependabot policy, CODEOWNERS, and monitoring for npm publish/release mismatches.

Reviewed changes

Copilot reviewed 32 out of 33 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
web-packages/ap-chat/.releaserc.json	Passes release channel through TAG_NAME for publishing.
packages/apollo-core/.releaserc.json	Updates publish command tag handling.
packages/apollo-react/.releaserc.json	Updates publish command tag handling.
packages/apollo-wind/.releaserc.json	Updates publish command tag handling.
scripts/publish-to-registries.sh	Adds stricter shell mode, tag validation, arg filtering, and token isolation.
scripts/publish-dev.ts	Adds package validation and token-isolation changes for dev publish.
scripts/unpublish-dev.ts	Adds fetch timeouts and stricter package validation.
scripts/create-dev-comment.ts	Filters existing dev package comments to bot-authored comments.
scripts/update-dev-comment-row.ts	Filters existing dev package comments to bot-authored comments.
scripts/check-licenses.ts	Replaces shell command execution with execFileSync.
pnpm-workspace.yaml	Moves peer settings, adds pnpm 11 supply-chain/build-script settings, and extends release-age exemptions.
package.json	Pins semantic-release-monorepo and updates package manager to pnpm 11.
apps/apollo-vertex/package.json	Updates package manager to pnpm 11.
.npmrc	Removes pnpm behavior settings now moved to workspace config.
CONTRIBUTING.md	Updates pnpm prerequisite to v11.
CODEOWNERS	Adds ownership coverage for turbo.json.
.github/workflows/release.yml	Adds timeout, credential handling changes, SBOM generation, artifacts, and attestations.
.github/workflows/dev-publish.yml	Hardens outputs, env handling, and publish/cleanup tokens.
.github/workflows/dev-cleanup.yml	Hardens multiline outputs and cleanup token usage.
.github/workflows/monitor-npm-publishes.yml	Adds scheduled npm publish/release mismatch monitoring.
.github/workflows/vercel-deploy.yml	Updates github-script pin and adjusts Vercel CLI cache keying.
.github/workflows/support-branch-scope.yml	Uses randomized GitHub output delimiters and updates github-script pin.
.github/workflows/prune-release-age-exemptions.yml	Disables checkout credential persistence and injects credentials later.
.github/workflows/pr-labeler.yml	Adds PR-scoped concurrency.
.github/workflows/dependency-review.yml	Updates github-script pin.
.github/workflows/commit-lint.yml	Adds PR-scoped concurrency.
.github/workflows/codeql.yml	Documents governance around auto-dismissing suppressed alerts.
.github/workflows/close-stale-prs.yml	Moves GH_TOKEN to step-scoped env.
.github/workflows/apollo-vertex-registry-check.yml	Uses shell environment variables for workspace paths.
.github/dependabot.yml	Ignores major updates and simplifies update grouping policy.
.github/copilot-instructions.md	Rewrites repo guidance with expanded CI/supply-chain review rules.
.claude/skills/harden-github-action/SKILL.md	Updates pnpm context to v11.

[Copilot]

Pull request overview

Copilot reviewed 33 out of 34 changed files in this pull request and generated 5 comments.

[github-actions]

Dependency License Review

• ✅ 2053 package(s) scanned
• ✅ No license issues found
• ⚠️ 14 package(s) excluded (see details below)

License distribution

License	Packages
MIT	1786
ISC	103
Apache-2.0	62
BSD-3-Clause	29
BSD-2-Clause	24
Copyright 2022, UiPath, all rights reserved	9
BlueOak-1.0.0	8
MPL-2.0	4
MIT-0	3
Unknown	3
Unlicense	3
CC0-1.0	3
MIT OR Apache-2.0	2
(MIT OR Apache-2.0)	2
LGPL-3.0-or-later	1
Python-2.0	1
CC-BY-4.0	1
(MPL-2.0 OR Apache-2.0)	1
BSD	1
Artistic-2.0	1
(WTFPL OR MIT)	1
(BSD-2-Clause OR MIT OR Apache-2.0)	1
CC-BY-3.0	1
0BSD	1
(MIT OR CC0-1.0)	1
MIT AND ISC	1

Excluded packages

Package	Version	License	Reason
@img/sharp-libvips-linux-x64	1.2.4	LGPL-3.0-or-later	LGPL pre-built binary, not linked
@uipath/apollo-angular-elements	5.89.0	Copyright 2022, UiPath, all rights reserved	UiPath first-party package
@uipath/apollo-core	4.35.1, 4.35.2	Copyright 2022, UiPath, all rights reserved	UiPath first-party package
@uipath/apollo-fonts	1.25.8	Copyright 2022, UiPath, all rights reserved	UiPath first-party package
@uipath/apollo-icons	1.33.7	Copyright 2022, UiPath, all rights reserved	UiPath first-party package
@uipath/apollo-mui5	2.31.26, 2.31.27	Copyright 2022, UiPath, all rights reserved	UiPath first-party package
@uipath/portal-shell	3.351.4	Copyright 2022, UiPath, all rights reserved	UiPath first-party package
@uipath/portal-shell-react	3.149.36	Copyright 2022, UiPath, all rights reserved	UiPath first-party package
@uipath/portal-shell-types	3.326.0	Copyright 2022, UiPath, all rights reserved	UiPath first-party package
@uipath/portal-shell-util	1.114.0	Copyright 2022, UiPath, all rights reserved	UiPath first-party package
@uipath/apollo-lab	25.12.0	Unknown	UiPath first-party package
@uipath/telemetry-client-web	5.1.0	Unknown	UiPath first-party package
khroma	2.1.0	Unknown	MIT per GitHub repo, missing license field in package.json
hyperx	2.5.4	BSD	BSD-2-Clause per LICENSE file, non-SPDX "BSD" in package.json

[Copilot]

Pull request overview

Copilot reviewed 33 out of 34 changed files in this pull request and generated 4 comments.

[Copilot]

Pull request overview

Copilot reviewed 34 out of 35 changed files in this pull request and generated 2 comments.