e8057fe517
Blocks merges when any HIGH or CRITICAL advisory enters the production dependency tree. Runs after npm ci (or cache restore) and before lint, so a failing audit surfaces immediately without wasting test time. Closes the systemic gap from pre-prod audit finding F-22 (dependency hygiene). Renovate automation is tracked separately. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>