diff --git a/.yarnrc.yml b/.yarnrc.yml index a6812f301e..03ae308134 100644 --- a/.yarnrc.yml +++ b/.yarnrc.yml @@ -1,3 +1,8 @@ +# Allowlist for Git repositories that can be used as dependencies. We set it to +# an empty array to disallow all Git dependencies, as we don't use any and they +# can be a security risk. +approvedGitRepositories: [] + compressionLevel: mixed enableGlobalCache: false @@ -12,10 +17,6 @@ logFilters: nodeLinker: node-modules -plugins: - - path: .yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs - spec: "https://raw.githubusercontent.com/LavaMoat/LavaMoat/main/packages/yarn-plugin-allow-scripts/bundles/@yarnpkg/plugin-allow-scripts.js" - # Configure the NPM minimal age gate to 3 days, meaning packages must be at # least 3 days old to be installed. npmMinimalAgeGate: 4320 # 3 days (in minutes) @@ -27,3 +28,7 @@ npmPreapprovedPackages: - "@metamask-previews/*" - "@lavamoat/*" - "@ts-bridge/*" + +plugins: + - path: .yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs + spec: "https://raw.githubusercontent.com/LavaMoat/LavaMoat/main/packages/yarn-plugin-allow-scripts/bundles/@yarnpkg/plugin-allow-scripts.js" diff --git a/package.json b/package.json index d11badba75..1619b22f34 100644 --- a/package.json +++ b/package.json @@ -105,7 +105,7 @@ "engines": { "node": "^18.18 || >=20" }, - "packageManager": "yarn@4.10.3", + "packageManager": "yarn@4.14.1", "lavamoat": { "allowScripts": { "@lavamoat/preinstall-always-fail": false, diff --git a/yarn.config.cjs b/yarn.config.cjs index 7efea31078..6a5c5e8c0b 100644 --- a/yarn.config.cjs +++ b/yarn.config.cjs @@ -240,7 +240,7 @@ module.exports = defineConfig({ if (isChildWorkspace) { workspace.unset('packageManager'); } else { - expectWorkspaceField(workspace, 'packageManager', 'yarn@4.10.3'); + expectWorkspaceField(workspace, 'packageManager', 'yarn@4.14.1'); } // All packages must specify a minimum Node.js version of 18.18. diff --git a/yarn.lock b/yarn.lock index 075331c838..7b32457d85 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2,7 +2,7 @@ # Manual changes might be lost - proceed with caution! __metadata: - version: 8 + version: 9 cacheKey: 10 "@adraffy/ens-normalize@npm:1.10.1":