chore: postinstall for dependabot template-oss PR

Author: lukekarrys

.github/workflows/audit.yml

@@ -27,8 +27,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18.x
-      - name: Install npm@latest
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: Install npm@8
+        run: npm i --prefer-online --no-fund --no-audit -g npm@8
       - name: npm Version
         run: npm -v
       - name: Install Dependencies

.github/workflows/ci-release.yml

@@ -82,8 +82,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18.x
-      - name: Install npm@latest
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: Install npm@8
+        run: npm i --prefer-online --no-fund --no-audit -g npm@8
       - name: npm Version
         run: npm -v
       - name: Install Dependencies
@@ -196,9 +196,9 @@ jobs:
       - name: Install npm@7
         if: startsWith(matrix.node-version, '10.')
         run: npm i --prefer-online --no-fund --no-audit -g npm@7
-      - name: Install npm@latest
+      - name: Install npm@8
         if: ${{ !startsWith(matrix.node-version, '10.') }}
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+        run: npm i --prefer-online --no-fund --no-audit -g npm@8
       - name: npm Version
         run: npm -v
       - name: Install Dependencies

.github/workflows/ci.yml

@@ -32,8 +32,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18.x
-      - name: Install npm@latest
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: Install npm@8
+        run: npm i --prefer-online --no-fund --no-audit -g npm@8
       - name: npm Version
         run: npm -v
       - name: Install Dependencies
@@ -94,9 +94,9 @@ jobs:
       - name: Install npm@7
         if: startsWith(matrix.node-version, '10.')
         run: npm i --prefer-online --no-fund --no-audit -g npm@7
-      - name: Install npm@latest
+      - name: Install npm@8
         if: ${{ !startsWith(matrix.node-version, '10.') }}
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+        run: npm i --prefer-online --no-fund --no-audit -g npm@8
       - name: npm Version
         run: npm -v
       - name: Install Dependencies

.github/workflows/post-dependabot.yml

@@ -28,8 +28,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18.x
-      - name: Install npm@latest
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: Install npm@8
+        run: npm i --prefer-online --no-fund --no-audit -g npm@8
       - name: npm Version
         run: npm -v
       - name: Install Dependencies

.github/workflows/pull-request.yml

@@ -31,8 +31,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18.x
-      - name: Install npm@latest
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: Install npm@8
+        run: npm i --prefer-online --no-fund --no-audit -g npm@8
       - name: npm Version
         run: npm -v
       - name: Install Dependencies

.github/workflows/release.yml

@@ -42,8 +42,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18.x
-      - name: Install npm@latest
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: Install npm@8
+        run: npm i --prefer-online --no-fund --no-audit -g npm@8
       - name: npm Version
         run: npm -v
       - name: Install Dependencies
@@ -74,9 +74,9 @@ jobs:
             const comments = await github.paginate(github.rest.issues.listComments, issue)
             let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id
 
-            body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Rerun for This Release\n\n`
+            body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n`
             body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. `
-            body += `To force CI to rerun, run this command:\n\n`
+            body += `To force CI to update this PR, run this command:\n\n`
             body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME}\n\`\`\``
 
             if (commentId) {
@@ -156,8 +156,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18.x
-      - name: Install npm@latest
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: Install npm@8
+        run: npm i --prefer-online --no-fund --no-audit -g npm@8
       - name: npm Version
         run: npm -v
       - name: Install Dependencies
@@ -168,7 +168,7 @@ jobs:
           RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          npm exec --offline -- template-oss-release-manager
+          npm exec --offline -- template-oss-release-manager --lockfile=false
           npm run rp-pull-request --ignore-scripts --if-present
       - name: Commit
         id: commit
@@ -286,8 +286,8 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: 18.x
-      - name: Install npm@latest
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+      - name: Install npm@8
+        run: npm i --prefer-online --no-fund --no-audit -g npm@8
       - name: npm Version
         run: npm -v
       - name: Install Dependencies

SECURITY.md

@@ -1,3 +1,14 @@
 <!-- This file is automatically added by @npmcli/template-oss. Do not edit. -->
 
-Please send vulnerability reports through [hackerone](https://hackerone.com/github).
+GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).
+
+If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. 
+
+If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).
+
+If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award.
+
+**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
+
+Thanks for helping make GitHub safe for everyone.
+

package.json

@@ -53,7 +53,7 @@
   "author": "GitHub Inc.",
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.8.0",
+    "version": "4.10.0",
     "engines": ">=10",
     "ciVersions": [
       "10.0.0",
@@ -63,6 +63,7 @@
       "16.x",
       "18.x"
     ],
+    "npmSpec": "8",
     "distPaths": [
       "classes/",
       "functions/",