From e0f68bdc1dd1920c14b8ee4dc836c8e350c1013c Mon Sep 17 00:00:00 2001
From: Asher <ash@coder.com>
Date: Thu, 21 Sep 2023 13:32:48 -0800
Subject: [PATCH] Skip installing dependencies in audit

It seems the tools only require the lock files.
---
 .github/workflows/security.yaml | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 7b54311ba0b5..25ec8a36cd2e 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -34,21 +34,8 @@ jobs:
         with:
           node-version: "18"
 
-      - name: Fetch dependencies from cache
-        id: cache-yarn
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Install dependencies
-        if: steps.cache-yarn.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
       - name: Audit yarn for vulnerabilities
-        run: yarn _audit
+        run: yarn audit
         if: success()
 
       - name: Audit npm for vulnerabilities