Merge pull request #411 from NodeSecure/security-maintenance

fraxken · web-flow · commit 046c347c8ba3 · 2025-11-06T16:35:42.000+01:00
Security maintenance
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,6 +5,8 @@ updates:
     versioning-strategy: widen
     schedule:
       interval: "weekly"
+    cooldown:
+      default-days: 5
     groups:
       dependencies:
         dependency-type: "production"
@@ -14,6 +16,8 @@ updates:
     directory: "/"
     schedule:
       interval: "monthly"
+    cooldown:
+      default-days: 5
     groups:
       github-actions:
         patterns:
diff --git a/.github/workflows/changesets.yml b/.github/workflows/changesets.yml
@@ -22,7 +22,7 @@ jobs:
           node-version: 22
 
       - name: Install dependencies
-        run: npm install
+        run: npm install --ignore-scripts
 
       - name: Build monorepo
         run: npm run build --if-present
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
@@ -27,7 +27,7 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
       - name: Install dependencies
-        run: npm install
+        run: npm install --ignore-scripts
       - name: Build typescript sources
         run: npm run build
       - name: Run tests
diff --git a/.npmrc b/.npmrc
@@ -1 +1,3 @@
 package-lock=false
+save-exact=true
+ignore-scripts=true
