diff --git a/common/changes/@microsoft/rush/chao-fix_2024-05-09-23-55.json b/common/changes/@microsoft/rush/chao-fix_2024-05-09-23-55.json
new file mode 100644
index 0000000000..14f2fc1159
--- /dev/null
+++ b/common/changes/@microsoft/rush/chao-fix_2024-05-09-23-55.json
@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@microsoft/rush",
+      "comment": "Fix an edge case that integrity could be none in _disallowInsecureSha1 logic",
+      "type": "none"
+    }
+  ],
+  "packageName": "@microsoft/rush"
+}
\ No newline at end of file
diff --git a/common/config/rush/version-policies.json b/common/config/rush/version-policies.json
index 498a1a8c9b..8c61df1bc7 100644
--- a/common/config/rush/version-policies.json
+++ b/common/config/rush/version-policies.json
@@ -103,7 +103,7 @@
     "policyName": "rush",
     "definitionName": "lockStepVersion",
     "version": "5.124.0",
-    "nextBump": "minor",
+    "nextBump": "patch",
     "mainProject": "@microsoft/rush"
   }
 ]
diff --git a/common/config/subspaces/default/pnpm-lock.yaml b/common/config/subspaces/default/pnpm-lock.yaml
index 48b5506b91..463addbc9b 100644
--- a/common/config/subspaces/default/pnpm-lock.yaml
+++ b/common/config/subspaces/default/pnpm-lock.yaml
@@ -1847,7 +1847,7 @@ importers:
         version: 29.5.12
       '@types/node':
         specifier: ts4.9
-        version: 20.12.8
+        version: 20.12.11
       eslint:
         specifier: ~8.57.0
         version: 8.57.0
@@ -3342,8 +3342,8 @@ importers:
         specifier: ~6.1.0
         version: 6.1.1
       pnpm-sync-lib:
-        specifier: 0.2.4
-        version: 0.2.4
+        specifier: 0.2.5
+        version: 0.2.5
       read-package-tree:
         specifier: ~5.1.5
         version: 5.1.6
@@ -12770,8 +12770,8 @@ packages:
     dependencies:
       undici-types: 5.26.5
 
-  /@types/node@20.12.8:
-    resolution: {integrity: sha512-NU0rJLJnshZWdE/097cdCBbyW1h4hEg0xpovcoAQYHl8dnEyp/NAOiE45pvc+Bd1Dt+2r94v2eGFpQJ4R7g+2w==}
+  /@types/node@20.12.11:
+    resolution: {integrity: sha512-vDg9PZ/zi+Nqp6boSOT7plNuthRugEKixDv5sFTIpkE89MmNtEArAShI4mxuX2+UrLEe9pxC1vm2cjm9YlWbJw==}
     dependencies:
       undici-types: 5.26.5
     dev: true
@@ -14430,7 +14430,16 @@ packages:
     peerDependencies:
       constructs: ^10.0.0
     dependencies:
+      '@balena/dockerignore': 1.0.2
+      case: 1.6.3
       constructs: 10.0.130
+      fs-extra: 9.1.0
+      ignore: 5.3.1
+      jsonschema: 1.4.1
+      minimatch: 3.1.2
+      punycode: 2.3.1
+      semver: 7.5.4
+      yaml: 1.10.2
     dev: true
     bundledDependencies:
       - '@balena/dockerignore'
@@ -22997,8 +23006,8 @@ packages:
       - typescript
     dev: true
 
-  /pnpm-sync-lib@0.2.4:
-    resolution: {integrity: sha512-dXFSOqbhXtbD4PW7c6KZoJYwaKidbIs2bGCBk/1g6/03+nEhLFIjWRbYKAnXJdq+OL5pBJFeKaVTFrtFTInWHA==}
+  /pnpm-sync-lib@0.2.5:
+    resolution: {integrity: sha512-Bf9ip5eaNBBlwtTbNXqSB0p6Ykjlr+F29q33kQorZwsbIZ1STTwt5Ppum8/5LzCnuWVKx0GPwrWUKi4EBkmaRQ==}
     dependencies:
       '@pnpm/dependency-path': 2.1.8
       yaml: 2.4.1
diff --git a/common/config/subspaces/default/repo-state.json b/common/config/subspaces/default/repo-state.json
index 7a8fde309e..32204326ea 100644
--- a/common/config/subspaces/default/repo-state.json
+++ b/common/config/subspaces/default/repo-state.json
@@ -1,5 +1,5 @@
 // DO NOT MODIFY THIS FILE MANUALLY BUT DO COMMIT IT. It is generated and used by Rush.
 {
-  "pnpmShrinkwrapHash": "84413150c512b92dfbc986fab412bca06be42ab1",
+  "pnpmShrinkwrapHash": "4b7734088f9537c4644d58706e7a1e2cbb41b5d3",
   "preferredVersionsHash": "ce857ea0536b894ec8f346aaea08cfd85a5af648"
 }
diff --git a/libraries/rush-lib/package.json b/libraries/rush-lib/package.json
index d14b683d15..5867fb5d65 100644
--- a/libraries/rush-lib/package.json
+++ b/libraries/rush-lib/package.json
@@ -57,7 +57,7 @@
     "tar": "~6.2.1",
     "true-case-path": "~2.2.1",
     "uuid": "~8.3.2",
-    "pnpm-sync-lib": "0.2.4"
+    "pnpm-sync-lib": "0.2.5"
   },
   "devDependencies": {
     "@pnpm/logger": "4.0.0",
diff --git a/libraries/rush-lib/src/logic/pnpm/PnpmShrinkwrapFile.ts b/libraries/rush-lib/src/logic/pnpm/PnpmShrinkwrapFile.ts
index 0d0d74208d..53c93c7257 100644
--- a/libraries/rush-lib/src/logic/pnpm/PnpmShrinkwrapFile.ts
+++ b/libraries/rush-lib/src/logic/pnpm/PnpmShrinkwrapFile.ts
@@ -347,17 +347,17 @@ export class PnpmShrinkwrapFile extends BaseShrinkwrapFile {
     exemptPackageVersions: Record<string, string[]>,
     terminal: ITerminal
   ): boolean {
-    const exmeptPackageList: Map<string, boolean> = new Map();
+    const exemptPackageList: Map<string, boolean> = new Map();
     for (const [pkgName, versions] of Object.entries(exemptPackageVersions)) {
       for (const version of versions) {
-        exmeptPackageList.set(this._getPackageId(pkgName, version), true);
+        exemptPackageList.set(this._getPackageId(pkgName, version), true);
       }
     }
 
     for (const [pkgName, { resolution }] of this.packages) {
       if (
-        resolution?.integrity.startsWith('sha1') &&
-        !exmeptPackageList.has(this._parseDependencyPath(pkgName))
+        resolution?.integrity?.startsWith('sha1') &&
+        !exemptPackageList.has(this._parseDependencyPath(pkgName))
       ) {
         terminal.writeErrorLine(
           'Error: An integrity field with "sha1" was found in pnpm-lock.yaml;' +