1. Bun.js Project Exposed: No Automated Dependency Vulnerability Scanning in CI Pipeline
A critical security gap has been identified in the CI/CD pipeline for a Bun.js-based project: there is no automated vulnerability scanning for installed dependencies. This oversight means that a vulnerable transitive dependency could be silently committed to the `bun.lock` file and published to production without detec...