From 4381ee049f492707ec610bf84a0a1958144be077 Mon Sep 17 00:00:00 2001
From: David <david.salvador@typeform.com>
Date: Tue, 28 Apr 2026 10:24:17 +0000
Subject: [PATCH 1/2] fix(PLT-3359): harden yarn configuration

---
 .github/dependabot.yml | 10 ++++++++--
 .yarnrc                |  2 ++
 2 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 .yarnrc

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 40081f1..dd64e76 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,4 @@
 version: 2
-
 updates:
   - package-ecosystem: npm
     directory: '/'
@@ -17,7 +16,14 @@ updates:
       typeform:
         patterns:
           - '@typeform*'
-
+    cooldown:
+      default-days: 7
+      exclude:
+        - '@typeform/*'
+    ignore:
+      - dependency-name: semantic-release
+        versions:
+          - '>=25.0.0'
 registries:
   gh-packages:
     type: npm-registry
diff --git a/.yarnrc b/.yarnrc
new file mode 100644
index 0000000..e5e3464
--- /dev/null
+++ b/.yarnrc
@@ -0,0 +1,2 @@
+ignore-scripts true
+save-exact true

From 8770acfb36bf5721b0248d3a0a222c08d559fe5f Mon Sep 17 00:00:00 2001
From: Bogdan Zviagintsev <bogdan.zvyagintsev@typeform.com>
Date: Thu, 7 May 2026 23:34:48 +0200
Subject: [PATCH 2/2] fix(dependabot): reference gh-packages registry in
 updates config

---
 .github/dependabot.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index dd64e76..5f76f73 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,6 +2,8 @@ version: 2
 updates:
   - package-ecosystem: npm
     directory: '/'
+    registries:
+      - gh-packages
     schedule:
       interval: weekly
     versioning-strategy: increase