Use npm to manage "Check Workflows" tool dependencies #792
Commits on Oct 16, 2024
-
Use npm to manage "Check Workflows" tool dependencies
The project uses the ajv-cli tool to validate GitHub Actions workflows against the JSON schema. Previously, the version of the tool used was not controlled. This was problematic because: - A different version of the tool may be used on the contributor's machine than on the CI runner, resulting in confusing failures. - The project is immediately subject to disruption or breakage resulting from a release of the tool. The new approach is to specify the version of the tools via the standard npm metadata files (package.json + package-lock.json), providing the following benefits: - Enables automated updates via Dependabot PRs - Enables automated vulnerability alerts
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.