Bump node-addon-slsa to v0.8.12

[vadimpiven]

Picks up the redirect-interceptor fix
(vadimpiven/node-addon-slsa#46, activated by #47): the verify-addons action was silently dropping GitHub release 302→CDN redirects when passed getGlobalDispatcher(), hashing zero bytes, and failing Rekor lookup with e3b0c44…b855 (SHA-256 of empty).

• .github/workflows/release.yaml: publish.yaml pin v0.8.10 → v0.8.12
• packages/node/package.json: node-addon-slsa 0.8.2 → 0.8.12
• pnpm-lock.yaml: regenerated

[greptile-apps]

Greptile Summary

This PR bumps node-addon-slsa from v0.8.2 → v0.8.12 (npm dependency) and v0.8.10 → v0.8.12 (reusable workflow pin), picking up the redirect-interceptor fix that prevented the verify-addons action from correctly hashing release artifacts fetched via GitHub's 302→CDN redirect. All three changed files are internally consistent: the package.json version, lock file specifier/resolved version, and workflow commit SHA all agree on v0.8.12.

Confidence Score: 5/5

Safe to merge — purely a dependency version bump with no logic changes and full internal consistency.

All changed files are consistent with each other (package.json, lock file, and workflow pin all target v0.8.12). No new logic was introduced; the change only updates a pinned dependency to pick up an upstream bug fix. No P0 or P1 findings.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/release.yaml	Bumps the reusable publish.yaml workflow pin from v0.8.10 to v0.8.12 with a pinned commit SHA; no other logic changes.
packages/node/package.json	Updates node-addon-slsa runtime dependency from 0.8.2 to 0.8.12; version is consistent with the lock file.
pnpm-lock.yaml	Regenerated lock file reflecting node-addon-slsa@0.8.12 with updated integrity hash; specifier and resolved version are consistent.

_{Reviews (1): Last reviewed commit: "Bump node-addon-slsa to v0.8.12" | Re-trigger Greptile}

[gemini-code-assist]

Code Review

This pull request updates the node-addon-slsa dependency from version 0.8.2 to 0.8.12. A potential compatibility issue was identified where the new dependency version requires Node.js >=22.12.0, which conflicts with the package's existing engine specification for Node.js ^20.19.0. This discrepancy could lead to installation failures or warnings for users on older Node.js versions.

[gemini-code-assist]

The update to node-addon-slsa@0.8.12 maintains a dependency that requires Node.js >=22.12.0 (as seen in the lockfile), which conflicts with this package's stated support for Node.js ^20.19.0 in the engines field. This discrepancy may cause installation failures or warnings for users on Node 20. Consider updating the engines field to align with the requirements of your dependencies. Additionally, the pull request description mentions a change to .github/workflows/release.yaml which is not present in the current diff. Please verify if that file was intended to be included.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!