Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(corepack): pinned the expected dev version of npm and explicitly used it for audit signatures #764

Merged
merged 1 commit into from
Mar 18, 2024
Merged

ci(corepack): pinned the expected dev version of npm and explicitly used it for audit signatures #764

merged 1 commit into from
Mar 18, 2024

Conversation

travi
Copy link
Member

@travi travi commented Mar 14, 2024

No description provided.

@travi travi requested a review from a team March 14, 2024 03:31
@travi travi marked this pull request as draft March 14, 2024 03:35
@travi travi mentioned this pull request Mar 15, 2024
Merged
@travi travi marked this pull request as ready for review March 16, 2024 04:25
@gr2m gr2m merged commit be56ffb into master Mar 18, 2024
6 checks passed
@gr2m gr2m deleted the corepack branch March 18, 2024 22:36
@Tbhesswebber
Copy link

Tbhesswebber commented Mar 20, 2024
edited

Out of curiosity, can someone explain why this was necessary? I'm suddenly getting these errors and I can't figure out if it's a problem with semantic-release tooling, my environment locally and in CI/CD, or something else (maybe ts-api-utils)

image

@travi
Copy link
Member Author

travi commented Mar 20, 2024

yep, some context can be found here: #763 (comment)

basically need to update to the latest npm cli to get audit signatures working for provenance on recently published package versions. we chose to use corepack in this case, but other options are available, like simply updating to the latest as a step in the workflow file

@Tbhesswebber
Copy link

yep, some context can be found here: #763 (comment)

basically need to update to the latest npm cli to get audit signatures working for provenance on recently published package versions. we chose to use corepack in this case, but other options are available, like simply updating to the latest as a step in the workflow file

Ah, thank you! I don't know why that didn't come up as I was searching.

@github-actions GitHub Actions
Copy link

github-actions bot commented May 9, 2024

🎉 This PR is included in version 12.0.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gr2m gr2m gr2m approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@travi @Tbhesswebber @gr2m