GHSA-hg3w-7f8c-63hp

### Summary

A malicious `codeload.github.com` server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile.

### Details

The lockfile does not store the hash of the dependencies from https://codeload.github.com

This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and install these dependencies.

### PoC

```sh > pnpm -v 10.28.2 ```

Given the following package.json:

```json { "dependencies": { "add": "git://github.com/dsherret/npm-git-dep.git#b3eeb9b" } } ```

This produces a lockfile like so:

```yaml lockfileVersion: '9.0'

settings: autoInstallPeers: true excludeLinksFromLockfile: false

importers:

.: dependencies: add: specifier: git://github.com/dsherret/npm-git-dep.git#b3eeb9b version: https://codeload.github.com/dsherret/npm-git-dep/tar.gz/b3eeb9b

packages:

add@https://codeload.github.com/dsherret/npm-git-dep/tar.gz/b3eeb9b: resolution: {tarball: https://codeload.github.com/dsherret/npm-git-dep/tar.gz/b3eeb9b} version: 1.0.0

snapshots:

add@https://codeload.github.com/dsherret/npm-git-dep/tar.gz/b3eeb9b: {} ```

Notice that there is no hash. The `b3eeb9b` is not sufficient because I can configure my machine to resolve a compromised tarball from that url (I tested it out and pnpm just installs it).

### Impact

Anyone relying on github git dependencies.