From 5744d54e29f4d8f41668ca69d11a630dea2be5b8 Mon Sep 17 00:00:00 2001
From: Wes Dean <wesley.dean@gsa.gov>
Date: Thu, 12 Dec 2024 17:01:10 -0500
Subject: [PATCH 1/4] Have pip require package hashes

---
 .github/workflows/pa11y.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml
index 2170bee1..39ac2df6 100644
--- a/.github/workflows/pa11y.yml
+++ b/.github/workflows/pa11y.yml
@@ -38,7 +38,7 @@ jobs:
           node-version: "18"
 
       - name: Install dependencies
-        run: npm install --production=false && pip install -r requirements.txt
+        run: npm install --require-hashes --production=false && pip install -r requirements.txt
 
       - name: Setup custom variables
         id: customvars

From cc62bcc22e1826cf9ed967054b7a273f3791d1ab Mon Sep 17 00:00:00 2001
From: Wes Dean <wesley.dean@gsa.gov>
Date: Thu, 12 Dec 2024 17:02:57 -0500
Subject: [PATCH 2/4] PIP hashes, not NPM hashes...

---
 .github/workflows/pa11y.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml
index 39ac2df6..228bb027 100644
--- a/.github/workflows/pa11y.yml
+++ b/.github/workflows/pa11y.yml
@@ -38,7 +38,7 @@ jobs:
           node-version: "18"
 
       - name: Install dependencies
-        run: npm install --require-hashes --production=false && pip install -r requirements.txt
+        run: npm install --production=false && pip install --require-hashes -r requirements.txt
 
       - name: Setup custom variables
         id: customvars

From 0ef1ed034c3b1491bdc31bda757f82a671276acb Mon Sep 17 00:00:00 2001
From: Wes Dean <wesley.dean@gsa.gov>
Date: Thu, 12 Dec 2024 17:06:43 -0500
Subject: [PATCH 3/4] NOW update npm

---
 .github/workflows/pa11y.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml
index 228bb027..96bb2165 100644
--- a/.github/workflows/pa11y.yml
+++ b/.github/workflows/pa11y.yml
@@ -38,7 +38,7 @@ jobs:
           node-version: "18"
 
       - name: Install dependencies
-        run: npm install --production=false && pip install --require-hashes -r requirements.txt
+        run: npm ci --production=false && pip install --require-hashes -r requirements.txt
 
       - name: Setup custom variables
         id: customvars

From 22f7e36269e553718890f960ebec46b0b91797ab Mon Sep 17 00:00:00 2001
From: Wes Dean <wesley.dean@gsa.gov>
Date: Thu, 12 Dec 2024 17:07:24 -0500
Subject: [PATCH 4/4] Update the test workflow, too

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 33c5c898..df72bd5f 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -30,7 +30,7 @@ jobs:
           node-version: "${{ steps.nvm.outputs.NVMRC }}"
 
       - name: Install NPM dependencies
-        run: npm install
+        run: npm ci
 
       - name: Build site
         run: npm run build