Update CI and Semgrep workflows for improved dependency management

SeeWhatsOn · SeeWhatsOn · commit aab84a6a775e · 2026-04-28T11:12:30.000+01:00
- Changed the CI workflow to use `npm ci` for consistent and faster dependency installation.
- Updated the Semgrep workflow to install Semgrep using a requirements file with hash verification for enhanced security and reproducibility.

These changes aim to streamline the setup process and ensure reliable builds.
diff --git a/.github/requirements-semgrep.txt b/.github/requirements-semgrep.txt
@@ -0,0 +1 @@
+semgrep==1.161.0 --hash=sha256:bf4bc7caf27fa817f4a5a26b0875add679bc011aff70ae44aa46913e21f5a401
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -28,7 +28,7 @@ jobs:
           cache: npm
 
       - name: Install dependencies
-        run: npm i
+        run: npm ci
 
       - name: Prettier
         run: npm run format:check
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -32,7 +32,7 @@ jobs:
         with:
           python-version: "3.12"
       - name: Install Semgrep
-        run: pip install semgrep
+        run: python -m pip install --require-hashes -r .github/requirements-semgrep.txt
       - name: Semgrep CI
         run: |
           mkdir -p reports

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+semgrep==1.161.0 --hash=sha256:bf4bc7caf27fa817f4a5a26b0875add679bc011aff70ae44aa46913e21f5a401`