mirror of
https://github.com/goauthentik/authentik.git
synced 2026-06-17 19:09:11 +03:00
Teffen Ellis
72eb609f62
Replace `npm install -g netlify-cli` with `npx --yes --package=netlify-cli@26` in the source-docs publish workflow. Two reasons: 1. A `-g` install bypasses the repo `.npmrc` (npm only walks up from the cwd of the install, not from the global prefix), so `ignore-scripts=true` and `save-exact=true` do not apply — install scripts run and a fresh `latest` is resolved on every CI run. `npx` invoked inside the repo honors the project `.npmrc`. 2. Without a version pin, every run pulls whatever `latest` happens to be at that moment, which is exactly the resolution behavior that the recent npm "Mini Shai-Hulud" incident weaponized. Pinning to `@26` bounds the major and lets Dependabot manage upgrades through the same cooldown window as everything else. Co-authored-by: Agent <279763771+playpen-agent@users.noreply.github.com>