Fix NPM ECDSA CI: use committed yarn.lock instead of upgrading deps

lrsaturnino · lrsaturnino · commit 178dbab12115 · 2026-02-12T13:18:27.000-03:00
The `yarn upgrade --exact` step pulls latest `development`-tagged npm
packages which creates cross-dependency incompatibilities:
- @threshold-network/solidity-contracts@1.3.0-dev.16 removed
  `approveApplication()` from TokenStaking source
- @keep-network/random-beacon@2.1.0-dev.18 deploy script still calls it

Replace with `yarn install --frozen-lockfile` to use the committed
yarn.lock with known-compatible dependency versions.
diff --git a/.github/workflows/npm-ecdsa.yml b/.github/workflows/npm-ecdsa.yml
@@ -33,12 +33,8 @@ jobs:
           cache: "yarn"
           cache-dependency-path: solidity/ecdsa/yarn.lock
 
-      - name: Resolve latest contracts
-        run: |
-          yarn upgrade --exact \
-            @keep-network/random-beacon \
-            @keep-network/sortition-pools \
-            @threshold-network/solidity-contracts
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
 
       # Deploy contracts to a local network to generate deployment artifacts that
       # are required by dashboard and client compilation.
