Skip to content

build: pin dependencies and use lockfile in CI#22

Merged
jimisola merged 2 commits intomainfrom
build/pin-dependency-versions
Mar 13, 2026
Merged

build: pin dependencies and use lockfile in CI#22
jimisola merged 2 commits intomainfrom
build/pin-dependency-versions

Conversation

@jimisola
Copy link
Member

@jimisola jimisola commented Mar 7, 2026

Summary

  • Pin package.json: antora==3.1.14, asciidoctor-kroki==0.18.1 (were ^ ranges)
  • Use npm ci in publish workflow instead of bare npm i commands (installs from lockfile)

Fixes unpinned npm installs in CI that could pull unexpected versions.

🤖 Generated with Claude Code

build: pin dependencies and use lockfile in CI
ed0caf1 
Pin package.json dependencies to exact versions (antora==3.1.14,
asciidoctor-kroki==0.18.1) and use npm ci in publish workflow
to install from lockfile instead of bare npm install.

Signed-off-by: jimisola <jimisola@jimisola.com>
@jimisola jimisola self-assigned this Mar 7, 2026
@jimisola jimisola enabled auto-merge (squash) March 13, 2026 19:19
@jimisola jimisola disabled auto-merge March 13, 2026 19:19
@jimisola jimisola merged commit 78d5ca6 into main Mar 13, 2026
3 checks passed
@jimisola jimisola deleted the build/pin-dependency-versions branch March 13, 2026 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jimisola jimisola

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jimisola