fix: cover plugin package locks in dependency review

.github/CODEOWNERS

@@ -15,6 +15,7 @@
 /test/scripts/dependency-change-awareness-workflow.test.ts @openclaw/openclaw-secops
 /package-lock.json @openclaw/openclaw-secops
 /npm-shrinkwrap.json @openclaw/openclaw-secops
+/extensions/*/package-lock.json @openclaw/openclaw-secops
 /extensions/*/npm-shrinkwrap.json @openclaw/openclaw-secops
 /pnpm-lock.yaml @openclaw/openclaw-secops
 /scripts/generate-npm-shrinkwrap.mjs @openclaw/openclaw-secops

.github/workflows/dependency-change-awareness.yml

@@ -41,6 +41,7 @@ jobs:
               filename === "ui/package.json" ||
               filename.startsWith("patches/") ||
               /^packages\/[^/]+\/package\.json$/u.test(filename) ||
+              /^extensions\/[^/]+\/package-lock\.json$/u.test(filename) ||
               /^extensions\/[^/]+\/npm-shrinkwrap\.json$/u.test(filename) ||
               /^extensions\/[^/]+\/package\.json$/u.test(filename);
 

.github/workflows/labeler.yml

@@ -92,7 +92,7 @@ jobs:
             const excludedLockfiles = new Set(["pnpm-lock.yaml", "package-lock.json", "npm-shrinkwrap.json", "yarn.lock", "bun.lockb"]);
             const totalChangedLines = files.reduce((total, file) => {
               const path = file.filename ?? "";
-              if (path.startsWith("docs/") || excludedLockfiles.has(path) || path.endsWith("/npm-shrinkwrap.json")) {
+              if (path.startsWith("docs/") || excludedLockfiles.has(path) || path.endsWith("/package-lock.json") || path.endsWith("/npm-shrinkwrap.json")) {
                 return total;
               }
               return total + (file.additions ?? 0) + (file.deletions ?? 0);
@@ -606,7 +606,7 @@ jobs:
               const excludedLockfiles = new Set(["pnpm-lock.yaml", "package-lock.json", "npm-shrinkwrap.json", "yarn.lock", "bun.lockb"]);
               const totalChangedLines = files.reduce((total, file) => {
                 const path = file.filename ?? "";
-                if (path.startsWith("docs/") || excludedLockfiles.has(path) || path.endsWith("/npm-shrinkwrap.json")) {
+                if (path.startsWith("docs/") || excludedLockfiles.has(path) || path.endsWith("/package-lock.json") || path.endsWith("/npm-shrinkwrap.json")) {
                   return total;
                 }
                 return total + (file.additions ?? 0) + (file.deletions ?? 0);