chore: Update package versions

[seeratawan01]

PR Type

enhancement

---

Description

• Updated the Continuous Deployment workflow to modify the pnpm install command by adding the --no-frozen-lockfile option. This change ensures that the lockfile can be updated during the installation process in the CI environment.

---

Changes walkthrough 📝

	Relevant files
Enhancement	cd-develop.yml Modify pnpm install command to allow lockfile updates        .github/workflows/cd-develop.yml Updated pnpm install command to include --no-frozen-lockfile option. Ensured lockfile is not frozen during installation in CI workflow. +3/-2

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[github-actions[bot]]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🏅 Score: 85

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Dependency Management Using the `--no-frozen-lockfile` option might lead to inconsistencies between local development and CI builds due to different dependency versions being installed. This could potentially introduce bugs that are hard to trace and reproduce locally.

Code feedback:

---

relevant file	.github/workflows/cd-develop.yml
suggestion	Consider adding a step to ensure that the installed dependencies with `--no-frozen-lockfile` are consistent with those in the `package-lock.json` or provide a mechanism to update the lock file in a controlled manner. This could be achieved by running a script that checks for discrepancies between the installed packages and the lock file, and fails the build if inconsistencies are found. [important]
relevant line	pnpm install --no-frozen-lockfile

---

relevant file	.github/workflows/cd-develop.yml
suggestion	To avoid potential issues with untested versions slipping into production, consider using a more conservative approach like `pnpm install --frozen-lockfile` during the final deployment stages or adding a manual approval step before deployment if using `--no-frozen-lockfile`. [important]
relevant line	run: pnpm install --no-frozen-lockfile

---

[github-actions[bot]]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Best practice	Add a verification step to ensure the integrity and security of the updated dependencies ___ **Consider adding a step to verify the integrity of the updated lockfile after running pnpm install --no-frozen-lockfile to ensure that the updated dependencies do not introduce any breaking changes or inconsistencies.** [.github/workflows/cd-develop.yml [74]](https://github.com/usermaven/usermaven-js/pull/138/files#diff-4f501c9619899525498594b20a28ab29c8547673701f9285b403540c8c09762fR74-R74) ```diff pnpm install --no-frozen-lockfile +pnpm audit ``` Suggestion importance[1-10]: 7 Why: Adding a verification step like `pnpm audit` can help identify potential security vulnerabilities or inconsistencies in the updated dependencies, enhancing the reliability and security of the build process. However, it is not a critical issue, hence a moderate score.	7
	Ensure reproducibility and consistency of builds by respecting or correctly updating the lockfile ___ **To avoid potential issues with non-reproducible builds, consider using a command that respects the lockfile or ensures that the lockfile is updated correctly after installing new dependencies.** [.github/workflows/cd-develop.yml [110]](https://github.com/usermaven/usermaven-js/pull/138/files#diff-4f501c9619899525498594b20a28ab29c8547673701f9285b403540c8c09762fR110-R110) ```diff -pnpm install --no-frozen-lockfile +pnpm install --frozen-lockfile +pnpm update --latest ``` Suggestion importance[1-10]: 6 Why: Using `pnpm install --frozen-lockfile` ensures that the lockfile is respected, which can help maintain build consistency. However, the suggestion to run `pnpm update --latest` contradicts this by potentially altering dependencies, which may not align with the goal of reproducibility. Thus, the suggestion is partially valid but not entirely coherent.	6