mirror of
https://github.com/astral-sh/setup-uv.git
synced 2025-12-23 11:01:03 +00:00
chore: use npm ci --ignore-scripts everywhere (#699)
Like https://github.com/astral-sh/ruff-action/pull/276 🙂 This also adds cooldown stanzas to the Dependabot updater rules: this ensures that we only receive dependency bumps once they're at least a week old, which should reduce the window of opportunity for an attacker who temporarily compromises popular packages (like with "Shai-Hulud" last week). Signed-off-by: William Woodruff <william@astral.sh>
This commit is contained in:
William Woodruff
2
.github/workflows/test.yml
vendored
2
.github/workflows/test.yml
vendored
@@ -33,7 +33,7 @@ jobs:
|
||||
node-version-file: .nvmrc
|
||||
cache: npm
|
||||
- run: |
|
||||
npm install
|
||||
npm ci --ignore-scripts
|
||||
- run: |
|
||||
npm run all
|
||||
- name: Check all jobs are in all-tests-passed.needs
|
||||
|
||||
Reference in New Issue
Block a user