fix audit running on pull requests not touching dependencies (#5879)

Author: rochdev

.github/workflows/audit.yml

@@ -0,0 +1,22 @@
+name: Audit
+
+on:
+  pull_request:
+    paths:
+      - yarn.lock
+  push:
+    branches: [master]
+  schedule:
+    - cron: 0 4 * * *
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: ./.github/actions/node/active-lts
+      - run: yarn audit

package.json

@@ -12,8 +12,8 @@
     "dependencies:dedupe": "yarn-deduplicate yarn.lock",
     "type:doc": "cd docs && yarn && yarn build",
     "type:test": "cd docs && yarn && yarn test",
-    "lint": "node scripts/check_licenses.js && eslint . --max-warnings 0 && yarn audit --groups dependencies",
-    "lint:fix": "node scripts/check_licenses.js && eslint . --max-warnings 0 --fix && yarn audit",
+    "lint": "node scripts/check_licenses.js && eslint . --max-warnings 0",
+    "lint:fix": "node scripts/check_licenses.js && eslint . --max-warnings 0 --fix",
     "lint:inspect": "npx @eslint/config-inspector@latest",
     "release:proposal": "node scripts/release/proposal",
     "services": "node ./scripts/install_plugin_modules && node packages/dd-trace/test/setup/services",

scripts/verify-ci-config.js

@@ -172,6 +172,7 @@ const IGNORED_WORKFLOWS = {
     'retry.yml'
   ],
   trigger_pull_request: [
+    'audit.yml',
     'stale.yml'
   ],
   trigger_push: [