From 36c142a5b44b3a9a535b27f0e35bd1464e41d294 Mon Sep 17 00:00:00 2001
From: David <david.salvador@typeform.com>
Date: Wed, 1 Apr 2026 14:39:43 +0000
Subject: [PATCH] fix(NOJIRA-1234): harden yarn configuration

---
 .github/dependabot.yml | 7 +++++--
 .yarnrc                | 2 ++
 2 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 .yarnrc

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 40081f1..177ff0e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,4 @@
 version: 2
-
 updates:
   - package-ecosystem: npm
     directory: '/'
@@ -17,7 +16,11 @@ updates:
       typeform:
         patterns:
           - '@typeform*'
-
+    cooldown:
+      default:
+        days: 7
+      exclude-patterns:
+        - "@typeform/*"
 registries:
   gh-packages:
     type: npm-registry
diff --git a/.yarnrc b/.yarnrc
new file mode 100644
index 0000000..7a6bbb4
--- /dev/null
+++ b/.yarnrc
@@ -0,0 +1,2 @@
+ignore-scripts true   # blocks all postinstall scripts
+save-exact true       # forces exact pins on yarn add