Merge pull request #292 from docker/sec-cli/ignore-scripts-fix-20260527-193437

ci: add ignore-scripts to Node package manager config (20260527-193437)

.github/workflows/update-dist.yml

@@ -21,7 +21,7 @@ jobs:
       -
         name: GitHub auth token from GitHub App
         id: docker-read-app
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         with:
           app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
           private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}

.yarnrc.yml

@@ -17,3 +17,4 @@ logFilters:
 nodeLinker: node-modules
 
 npmAuthToken: "${NODE_AUTH_TOKEN:-fallback}"
+enableScripts: false