Skip to content

fix(PLT-3359): harden yarn configuration#66

Merged
Thr44 merged 1 commit into
mainfrom
appsec/harden-yarn-config
Apr 28, 2026
Merged

fix(PLT-3359): harden yarn configuration#66
Thr44 merged 1 commit into
mainfrom
appsec/harden-yarn-config

Conversation

@tf-seti
Copy link
Copy Markdown

@tf-seti tf-seti commented Apr 1, 2026
edited
Loading

Harden yarn configuration

This PR hardens yarn configuration against supply chain attacks.

Changes

  • .yarnrc: Added ignore-scripts true and save-exact true.
  • Dependabot: Added a 7-day cooldown for third-party npm updates (excluding @typeform/*).
  • Compatibility: Maintained semantic-release version locks for Node 22 compatibility.

Automated by Application Security · supply-chain-hardening

Created by Sourcegraph batch change david.salvador/harden-yarn-config.

@tf-seti tf-seti changed the title fix(NOJIRA-1234): harden yarn configuration fix(PLT-3359): harden yarn configuration Apr 28, 2026
@tf-seti tf-seti force-pushed the appsec/harden-yarn-config branch from f59d1a2 to f4daf62 Compare April 28, 2026 09:00
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 28, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@tf-seti tf-seti marked this pull request as ready for review April 28, 2026 09:34
@tf-seti tf-seti requested a review from a team as a code owner April 28, 2026 09:34
@gitstream-cm
Copy link
Copy Markdown

gitstream-cm Bot commented Apr 28, 2026

🥷 Code experts: No results found

No code experts were identified for the files in this pull request based on git blame analysis.

This may occur when:

  • Files are new or have limited commit history
  • Git authors aren't mapped to current team members
  • Analysis thresholds need adjustment

If you expected to see expert suggestions, consider:

  • Reviewing your config.user_mapping settings

  • Adjusting the gt/lt parameters in your action

  • Verifying files have sufficient commit history

To learn more about /:\gitStream - Visit our Docs

@tf-seti tf-seti force-pushed the appsec/harden-yarn-config branch from f4daf62 to 0f0e970 Compare April 28, 2026 10:27
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 28, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Thr44 Thr44 merged commit 614ca49 into main Apr 28, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Thr44 Thr44 Thr44 approved these changes

Assignees

No one assigned

Labels

1 min review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tf-seti @Thr44 @davidsalvador-tf