From d1e45353eece9b8f15348da7b6532599fb735156 Mon Sep 17 00:00:00 2001
From: "securityeng-bot[bot]"
 <219863240+securityeng-bot[bot]@users.noreply.github.com>
Date: Fri, 12 Jun 2026 18:49:25 +0000
Subject: [PATCH] fix: use lockfile-aware install commands

---
 dev.Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev.Dockerfile b/dev.Dockerfile
index 3395505..63e7696 100644
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@@ -17,7 +17,7 @@ FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
-  yarn install && mkdir /vendor && cp yarn.lock /vendor
+  yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
 
 FROM scratch AS vendor-update
 COPY --from=deps /vendor /