Skip to content

fix(PLT-3359): harden yarn configuration#737

Open
tf-seti wants to merge 1 commit intomainfrom
appsec/harden-yarn-config
Open

fix(PLT-3359): harden yarn configuration#737
tf-seti wants to merge 1 commit intomainfrom
appsec/harden-yarn-config

Conversation

@tf-seti
Copy link
Copy Markdown
Contributor

@tf-seti tf-seti commented Apr 1, 2026
edited
Loading

Harden yarn configuration

This PR hardens yarn configuration against supply chain attacks.

Changes

  • .yarnrc: Added ignore-scripts true and save-exact true.
  • Dependabot: Added a 7-day cooldown for third-party npm updates (excluding @typeform/*).
  • Compatibility: Maintained semantic-release version locks for Node 22 compatibility.

Automated by Application Security · supply-chain-hardening

Created by Sourcegraph batch change david.salvador/harden-yarn-config.

@tf-seti tf-seti changed the title fix(NOJIRA-1234): harden yarn configuration fix(PLT-3359): harden yarn configuration Apr 28, 2026
@tf-seti tf-seti force-pushed the appsec/harden-yarn-config branch from 260401d to 7312644 Compare April 28, 2026 09:00
@tf-seti tf-seti marked this pull request as ready for review April 28, 2026 09:34
@tf-seti tf-seti requested a review from a team as a code owner April 28, 2026 09:34
@pr-auditor
Copy link
Copy Markdown

pr-auditor Bot commented Apr 28, 2026
edited
Loading

✅ Security Analysis Results

Great news! No security issues found in this pull request.

Analysis Summary:

  • 📁 Files reviewed: 2
  • ✅ No security vulnerabilities detected

Security analysis powered by Claude Sonnet 4.6 via pr-auditor | Questions? Contact #dx-team or check out this page

@gitstream-cm
Copy link
Copy Markdown

gitstream-cm Bot commented Apr 28, 2026

🥷 Code experts: No results found

No code experts were identified for the files in this pull request based on git blame analysis.

This may occur when:

  • Files are new or have limited commit history
  • Git authors aren't mapped to current team members
  • Analysis thresholds need adjustment

If you expected to see expert suggestions, consider:

  • Reviewing your config.user_mapping settings

  • Adjusting the gt/lt parameters in your action

  • Verifying files have sufficient commit history

To learn more about /:\gitStream - Visit our Docs

Thr44
Thr44 previously approved these changes Apr 28, 2026
View reviewed changes
@tf-seti tf-seti force-pushed the appsec/harden-yarn-config branch from 7312644 to 015030a Compare April 28, 2026 10:27
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 28, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@typeform-ops-gha
Copy link
Copy Markdown

typeform-ops-gha commented Apr 28, 2026

[BOT] Preview available with hash 9dbe63916aff11a822033dcf889d452f388751d0 here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Thr44 Thr44 Thr44 approved these changes

Assignees

No one assigned

Labels

1 min review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tf-seti @typeform-ops-gha @Thr44 @davidsalvador-tf