From cb5fbc54a5eea0554f105fc94cedc3d7e66519fa Mon Sep 17 00:00:00 2001
From: oz-sayari <159052949+oz-sayari@users.noreply.github.com>
Date: Wed, 8 Apr 2026 10:29:57 -0500
Subject: [PATCH] =?UTF-8?q?chore:=20supply-chain=20hardening=20=E2=80=94?=
 =?UTF-8?q?=20lockfile=20enforcement=20+=20action=20SHA=20pins?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/ci.yml | 20 ++++++++++----------
 .yarnrc.yml              |  1 +
 2 files changed, 11 insertions(+), 10 deletions(-)
 create mode 100644 .yarnrc.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 644dae51..0d063535 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,9 +11,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Set up node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
       - name: Compile
         run: yarn && yarn build
 
@@ -21,9 +21,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Set up node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
       - name: Compile & Test
         run: yarn && yarn test    
 
@@ -32,11 +32,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Set up node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
-          node-version: 21
+          node-version: 22
       - name: Build
         run: yarn && yarn build
       - name: test examples
@@ -57,11 +57,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Set up node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
       - name: Install dependencies
-        run: yarn install
+        run: yarn install --immutable
       - name: Build
         run: yarn build
       - name: Publish to npm
diff --git a/.yarnrc.yml b/.yarnrc.yml
new file mode 100644
index 00000000..d6863f0a
--- /dev/null
+++ b/.yarnrc.yml
@@ -0,0 +1 @@
+npmMinimalAgeGate: 10080