From 553ae9d6e646c7d47ff84bc19187fde04db6baa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= Date: Thu, 9 Apr 2026 20:09:09 +0200 Subject: [PATCH 1/3] fix(security): run npm ci with --ignore-scripts to avoid malicious scripts --- .github/workflows/commitlint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index c0bf412..9c8f867 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -19,7 +19,7 @@ jobs: node-version: '24' - name: Install dependencies - run: npm ci + run: npm ci --ignore-scripts - name: Validate commit messages run: npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose From b21193eeda5a7aae59ec93a4ca687a4eb8b4e267 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= Date: Thu, 9 Apr 2026 20:09:11 +0200 Subject: [PATCH 2/3] fix(security): run npm ci with --ignore-scripts to avoid malicious scripts --- .github/workflows/prepare-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 8a514f3..98b897e 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -31,7 +31,7 @@ jobs: node-version: '24' - name: Install dependencies - run: npm ci + run: npm ci --ignore-scripts - name: Detect Next Version id: version From 109b3af21f8c4e7c807960748e135d582d56736f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= Date: Thu, 9 Apr 2026 20:09:12 +0200 Subject: [PATCH 3/3] fix(security): run npm ci with --ignore-scripts to avoid malicious scripts --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 28ef2bf..f4f6dce 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,7 +29,7 @@ jobs: node-version: '24' - name: Install dependencies - run: npm ci + run: npm ci --ignore-scripts - name: Set up Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0