From 127689e149e21b18d2520dfbe1ae20d96e711cd0 Mon Sep 17 00:00:00 2001 From: DJ Date: Sun, 19 Apr 2026 06:11:59 -0700 Subject: [PATCH 1/2] fix(ci): downgrade pnpm/action-setup to v5 in dependency-audit reusable The SHA 08c4be7e (mislabeled # v4) is actually pnpm/action-setup@v6.0.0, which bootstraps with pnpm v11.0.0-rc.0. pnpm v11-rc cannot parse lockfiles generated by pnpm v9 (lockfileVersion '9.0'), causing ERR_PNPM_BROKEN_LOCKFILE in all repos still on pnpm v9. Pinning to action-setup@v5.0.0 (fc06bc1), which installs pnpm via npm directly with no v11 bootstrap, restoring compatibility with pnpm v9. --- .github/workflows/dependency-audit-reusable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-audit-reusable.yml b/.github/workflows/dependency-audit-reusable.yml index c4b037db..71b6bfed 100644 --- a/.github/workflows/dependency-audit-reusable.yml +++ b/.github/workflows/dependency-audit-reusable.yml @@ -101,7 +101,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v4 + - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: From 99b833b835a5876ec2bcf9c4dd92d0947bb3cfc3 Mon Sep 17 00:00:00 2001 From: don-petry Date: Tue, 5 May 2026 20:38:00 -0500 Subject: [PATCH 2/2] ci: trigger CI with clean check-suite preferences