fix(NOJIRA-1234): harden yarn configuration

davidsalvador-tf · davidsalvador-tf · commit 36c142a5b44b · 2026-04-01T14:39:43.000Z
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,5 +1,4 @@
 version: 2
-
 updates:
   - package-ecosystem: npm
     directory: '/'
@@ -17,7 +16,11 @@ updates:
       typeform:
         patterns:
           - '@typeform*'
-
+    cooldown:
+      default:
+        days: 7
+      exclude-patterns:
+        - "@typeform/*"
 registries:
   gh-packages:
     type: npm-registry
diff --git a/.yarnrc b/.yarnrc
@@ -0,0 +1,2 @@
+ignore-scripts true   # blocks all postinstall scripts
+save-exact true       # forces exact pins on yarn add

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ignore-scripts true # blocks all postinstall scripts`
	`2`	`+save-exact true # forces exact pins on yarn add`