Add dependency release safety evidence and PR awareness (#81325)

* test: cover dependency pin guard

* build: add dependency vulnerability gate

* build: add dependency risk report

* build: add dependency drift reports

* build: include dependency ownership surface evidence

* build: rename dependency report commands

* build: respect release age exclusions in risk report

* build: clarify transitive risk accounting

* build: remove transitive risk exception registry

* build: clarify transitive risk signal wording

* ci: attach dependency evidence to release preflight

* ci: extract dependency release evidence generator

* build: rename ownership surface dependency report

* ci: clarify release evidence naming

* build: clarify recently published risk report

* build: reorder transitive risk report sections

* build: fix ownership surface pluralization

* ci: surface dependency changes on PRs

* ci: harden dependency change awareness

* ci: use dependency changed PR label

* build: fix dependency report lint

* docs: add dependency safety changelog

scripts/pre-commit/pnpm-audit-prod.mjs

@@ -552,6 +552,26 @@ export function collectProdResolvedPackagesFromLockfile(lockfileText) {
   return versionsByPackage;
 }
 
+export function collectAllResolvedPackagesFromLockfile(lockfileText) {
+  const lockfile = parsePnpmLockfileSections(lockfileText);
+  if (!lockfile.hasSnapshotsSection) {
+    throw new Error("pnpm-lock.yaml is missing the snapshots section.");
+  }
+
+  const versionsByPackage = new Map();
+  for (const snapshotKey of Object.keys(lockfile.snapshots)) {
+    const resolved = parseSnapshotKey(snapshotKey);
+    let versions = versionsByPackage.get(resolved.packageName);
+    if (!versions) {
+      versions = new Set();
+      versionsByPackage.set(resolved.packageName, versions);
+    }
+    versions.add(resolved.version);
+  }
+
+  return versionsByPackage;
+}
+
 export function createBulkAdvisoryPayload(versionsByPackage) {
   return Object.fromEntries(
     [...versionsByPackage.entries()]