From 68ce43c6811b8ca5c49d0376bedbd69f6115e52e Mon Sep 17 00:00:00 2001 From: Gregor Zeitlinger Date: Wed, 27 May 2026 14:07:17 +0000 Subject: [PATCH 1/3] fix: harden package manager config Signed-off-by: Gregor Zeitlinger --- e2e-version/.npmrc | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 e2e-version/.npmrc diff --git a/e2e-version/.npmrc b/e2e-version/.npmrc new file mode 100644 index 0000000..4c9b026 --- /dev/null +++ b/e2e-version/.npmrc @@ -0,0 +1,4 @@ +allow-git=none +ignore-scripts=true +min-release-age=3 +save-exact=true From c5c03da4442f413466f489b23f9a6cc9bc4fd2f5 Mon Sep 17 00:00:00 2001 From: Gregor Zeitlinger Date: Wed, 27 May 2026 14:14:55 +0000 Subject: [PATCH 2/3] fix: keep npm canary autofix to broadly supported config Signed-off-by: Gregor Zeitlinger --- e2e-version/.npmrc | 2 -- 1 file changed, 2 deletions(-) diff --git a/e2e-version/.npmrc b/e2e-version/.npmrc index 4c9b026..7c6e338 100644 --- a/e2e-version/.npmrc +++ b/e2e-version/.npmrc @@ -1,4 +1,2 @@ -allow-git=none ignore-scripts=true -min-release-age=3 save-exact=true From 42592c49f06fb03ad5b153962c111c7c077b41ee Mon Sep 17 00:00:00 2001 From: Gregor Zeitlinger Date: Thu, 28 May 2026 11:47:29 +0000 Subject: [PATCH 3/3] fix: pin npm package manager for hardening Signed-off-by: Gregor Zeitlinger --- e2e-version/.npmrc | 2 ++ e2e-version/package.json | 1 + 2 files changed, 3 insertions(+) diff --git a/e2e-version/.npmrc b/e2e-version/.npmrc index 7c6e338..041052d 100644 --- a/e2e-version/.npmrc +++ b/e2e-version/.npmrc @@ -1,2 +1,4 @@ ignore-scripts=true save-exact=true +allow-git=none +min-release-age=3 diff --git a/e2e-version/package.json b/e2e-version/package.json index 9394727..18d9b9c 100644 --- a/e2e-version/package.json +++ b/e2e-version/package.json @@ -1,6 +1,7 @@ { "name": "grafana-e2e-versions", "version": "0.0.1", + "packageManager": "npm@11.16.0", "description": "", "main": "index.js", "scripts": {