ci(corepack): pinned the expected dev version of npm and explicitly used it for audit signatures (#796)

Author: travi

.github/workflows/release.yml

@@ -23,7 +23,8 @@ jobs:
         with:
           cache: npm
           node-version: lts/*
-      - run: npm ci
+      - run: npm clean-install
+      - run: corepack npm audit signatures
       - run: npx semantic-release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -33,7 +33,7 @@ jobs:
           node-version: "${{ matrix.node-version }}"
           cache: npm
       - run: npm clean-install
-      - run: npm audit signatures
+      - run: corepack npm audit signatures
       - run: npm test
 
   # verify against the node version defined for development in the .nvmrc
@@ -51,7 +51,7 @@ jobs:
           node-version-file: .nvmrc
           cache: npm
       - run: npm clean-install
-      - run: npm audit signatures
+      - run: corepack npm audit signatures
       - run: npm test
 
   # separate job to set as required in branch protection,

package.json

@@ -126,5 +126,6 @@
     "extends": [
       "github>semantic-release/.github:renovate-config"
     ]
-  }
+  },
+  "packageManager": "[email protected]+sha256.17ca6e08e7633b624e8f870db81a78f46afe119de62bcaf0a7407574139198fc"
 }