From dc39efbe8e17efd091ff0f7c1228340967924e3a Mon Sep 17 00:00:00 2001 From: fraxken Date: Thu, 6 Nov 2025 16:59:03 +0100 Subject: [PATCH 1/2] chore(dependabot): cool-down to 5 days --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b786f6d8..3e8f2c63 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,6 +4,8 @@ updates: directory: / schedule: interval: monthly + cooldown: + default-days: 5 groups: github-actions: patterns: @@ -14,6 +16,8 @@ updates: versioning-strategy: widen schedule: interval: weekly + cooldown: + default-days: 5 groups: dependencies: dependency-type: "production" From d3a7d5dcee3ec525294ceac782f239fd92261f4e Mon Sep 17 00:00:00 2001 From: fraxken Date: Thu, 6 Nov 2025 17:00:55 +0100 Subject: [PATCH 2/2] chore: ignore NPM scripts & add save-exact to pin deps by default --- .github/workflows/cache.yml | 2 +- .github/workflows/nodejs.yml | 2 +- .github/workflows/npm-provenance.yml | 2 +- .github/workflows/server.yml | 2 +- .github/workflows/size-satisfies.yml | 2 +- .github/workflows/vis-network.yml | 2 +- .npmrc | 2 ++ 7 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml index cbe8ad4f..42edf0f3 100644 --- a/.github/workflows/cache.yml +++ b/.github/workflows/cache.yml @@ -32,7 +32,7 @@ jobs: with: node-version: ${{ matrix.node-version }} - name: Install dependencies - run: npm install + run: npm install --ignore-scripts - name: Build run: npm run build:all - name: Run tests diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index e9e3a6b7..adeb4504 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -28,7 +28,7 @@ jobs: with: node-version: ${{ matrix.node-version }} - name: Install dependencies - run: npm install + run: npm install --ignore-scripts - name: Build run: npm run build --ws --if-present - name: Run tests diff --git a/.github/workflows/npm-provenance.yml b/.github/workflows/npm-provenance.yml index 2ee01c5c..ca7744e5 100644 --- a/.github/workflows/npm-provenance.yml +++ b/.github/workflows/npm-provenance.yml @@ -20,7 +20,7 @@ jobs: node-version: '20.x' registry-url: 'https://registry.npmjs.org' - run: npm install -g npm - - run: npm install + - run: npm install --ignore-scripts - run: npm publish --provenance env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/server.yml b/.github/workflows/server.yml index f67e8967..46e472f9 100644 --- a/.github/workflows/server.yml +++ b/.github/workflows/server.yml @@ -32,7 +32,7 @@ jobs: with: node-version: ${{ matrix.node-version }} - name: Install dependencies - run: npm install + run: npm install --ignore-scripts - name: Build run: npm run build:all - name: Run tests diff --git a/.github/workflows/size-satisfies.yml b/.github/workflows/size-satisfies.yml index 797b1842..61c113b8 100644 --- a/.github/workflows/size-satisfies.yml +++ b/.github/workflows/size-satisfies.yml @@ -32,7 +32,7 @@ jobs: with: node-version: ${{ matrix.node-version }} - name: Install dependencies - run: npm install + run: npm install --ignore-scripts - name: Build run: npm run build:all - name: Run tests diff --git a/.github/workflows/vis-network.yml b/.github/workflows/vis-network.yml index a18614c5..b49455e3 100644 --- a/.github/workflows/vis-network.yml +++ b/.github/workflows/vis-network.yml @@ -32,7 +32,7 @@ jobs: with: node-version: ${{ matrix.node-version }} - name: Install dependencies - run: npm i + run: npm install --ignore-scripts - name: Build run: npm run build:all - name: Run tests diff --git a/.npmrc b/.npmrc index 33cc073d..83ef3961 100644 --- a/.npmrc +++ b/.npmrc @@ -1,2 +1,4 @@ package-lock=false provenance=true +save-exact=true +ignore-scripts=true