ci(corepack): pinned the expected dev version of npm and explicitly used it for audit signatures (#764)

travi · web-flow · commit be56ffba83fd · 2024-03-18T15:36:15.000-07:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -24,7 +24,7 @@ jobs:
           cache: npm
           node-version: lts/*
       - run: npm clean-install
-      - run: npm audit signatures
+      - run: corepack npm audit signatures
       - run: npx semantic-release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -35,6 +35,7 @@ jobs:
           node-version: "${{ matrix.node-version }}"
           cache: npm
       - run: npm clean-install
+      - run: corepack npm audit signatures
       - run: npm test
 
   test_dev:
@@ -46,7 +47,7 @@ jobs:
           node-version-file: .nvmrc
           cache: npm
       - run: npm clean-install
-      - run: npm audit signatures
+      - run: corepack npm audit signatures
       - run: npm test
 
   test:
diff --git a/package.json b/package.json
@@ -119,5 +119,6 @@
     "extends": [
       "github>semantic-release/.github:renovate-config"
     ]
-  }
+  },
+  "packageManager": "npm@10.5.0+sha256.17ca6e08e7633b624e8f870db81a78f46afe119de62bcaf0a7407574139198fc"
 }

Original file line number	Diff line number	Diff line change
`@@ -119,5 +119,6 @@`
`119`	`119`	`"extends": [`
`120`	`120`	`"github>semantic-release/.github:renovate-config"`
`121`	`121`	`]`
`122`		`- }`
	`122`	`+ },`
	`123`	`+ "packageManager": "[email protected]+sha256.17ca6e08e7633b624e8f870db81a78f46afe119de62bcaf0a7407574139198fc"`
`123`	`124`	`}`