Merge pull request #1018 from docker/sec-cli/npm-ci-20260612-182458

fix: replace npm install with npm ci (20260612-182458)

.github/workflows/pr-assign-author.yml

@@ -11,7 +11,7 @@ on:
 
 jobs:
   run:
-    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
     permissions:
       contents: read
       pull-requests: write

.github/workflows/zizmor.yml

@@ -19,7 +19,7 @@ on:
 
 jobs:
   zizmor:
-    uses: crazy-max/.github/.github/workflows/zizmor.yml@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
+    uses: crazy-max/.github/.github/workflows/zizmor.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
     permissions:
       contents: read
       security-events: write

dev.Dockerfile

@@ -17,7 +17,7 @@ FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
-  yarn install && mkdir /vendor && cp yarn.lock /vendor
+  yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
 
 FROM scratch AS vendor-update
 COPY --from=deps /vendor /