Build

Pin vulnerable transitive dependencies #3

	name: Build

	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	build:
	name: Build and validate
	runs-on: ubuntu-latest
	timeout-minutes: 20

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 20
	cache: yarn

	- name: Enable Yarn
	run: \|
	corepack enable
	corepack prepare yarn@1.22.22 --activate
	yarn --version

	- name: Install dependencies
	run: yarn install --ignore-scripts --non-interactive

	- name: Build site
	run: yarn build

	- name: Audit dependencies
	run: yarn audit --groups dependencies --level high

Provide feedback