From 4381ee049f492707ec610bf84a0a1958144be077 Mon Sep 17 00:00:00 2001
From: David <david.salvador@typeform.com>
Date: Tue, 28 Apr 2026 10:24:17 +0000
Subject: [PATCH] fix(PLT-3359): harden yarn configuration

---
 .github/dependabot.yml | 10 ++++++++--
 .yarnrc                |  2 ++
 2 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 .yarnrc

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 40081f1..dd64e76 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,4 @@
 version: 2
-
 updates:
   - package-ecosystem: npm
     directory: '/'
@@ -17,7 +16,14 @@ updates:
       typeform:
         patterns:
           - '@typeform*'
-
+    cooldown:
+      default-days: 7
+      exclude:
+        - '@typeform/*'
+    ignore:
+      - dependency-name: semantic-release
+        versions:
+          - '>=25.0.0'
 registries:
   gh-packages:
     type: npm-registry
diff --git a/.yarnrc b/.yarnrc
new file mode 100644
index 0000000..e5e3464
--- /dev/null
+++ b/.yarnrc
@@ -0,0 +1,2 @@
+ignore-scripts true
+save-exact true