From eb8a054acbde73c5c33ea4deec04bcd24355c739 Mon Sep 17 00:00:00 2001
From: "securityeng-bot[bot]"
 <219863240+securityeng-bot[bot]@users.noreply.github.com>
Date: Wed, 27 May 2026 15:31:09 +0000
Subject: [PATCH 1/2] ci: enforce ignore-scripts policy for Node package
 managers

---
 .yarnrc.yml | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .yarnrc.yml

diff --git a/.yarnrc.yml b/.yarnrc.yml
new file mode 100644
index 000000000..1e5671cea
--- /dev/null
+++ b/.yarnrc.yml
@@ -0,0 +1 @@
+enableScripts: false

From e169d35f564b56e91f5fe54043d02edce6994ebf Mon Sep 17 00:00:00 2001
From: "securityeng-bot[bot]"
 <219863240+securityeng-bot[bot]@users.noreply.github.com>
Date: Wed, 27 May 2026 15:31:10 +0000
Subject: [PATCH 2/2] ci: enforce ignore-scripts policy for Node package
 managers

---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index 5e4c7595d..83063c73a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,6 +13,7 @@ COPY app/src ./src
 
 # Run tests to validate app
 FROM app-base AS test
+COPY .yarnrc.yml .
 RUN yarn install
 RUN yarn test