-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps-dev): bump yarn monorepo #729
chore(deps-dev): bump yarn monorepo #729
Conversation
⚠ Artifact update problemRenovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: yarn.lock
|
debd9ad
to
042546f
Compare
467fc8d
to
35f326f
Compare
6215c61
to
3186082
Compare
3186082
to
47b882f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good except it looks like the PR description mentions the upgrade to yarn v4.0.2 twice. I assume this is a mistake? It looks correct on the commit message.
7676956
to
8665efd
Compare
Good catch. The issue you spotted has been accepted as a bug by Renovate: renovatebot/renovate#26073. It's currently P4, "Low priority, unlikely to be done unless it becomes important to more people," so I don't think we should wait on the fix. I can edit the PR description manually if desired. |
d8ba56f
to
dddf2d6
Compare
dddf2d6
to
f61d06f
Compare
| datasource | package | from | to | | ---------- | ------------- | ----- | ----- | | npm | @yarnpkg/sdks | 2.7.1 | 3.1.0 | | npm | @yarnpkg/cli | 3.6.4 | 4.0.2 | Bump Yarn licenses plugin from v0.12.0 to v0.13.1 for Yarn v4 support. Remove all other plugins as they are built in to Yarn v4. Accept Yarn's suggestion of disabling the global cache so dependencies are available locally, allowing MegaLinter to run ESLint via Yarn. Reject Yarn's suggestion of using the mixed compression level since experiments have shown that installs are significantly faster with the new default compression level of 0. Consequently, decompress all Yarn dependencies. Ignore deprecation of uuid package now that `yarn npm audit` reports deprecations. @actions/cache depends on uuid v3, and does not plan to upgrade the dependency. Ignore deprecation of @npmcli/move-file since it's a transitive dependency of node-gyp@9.4.1. We can't upgrade node-gyp without taking dependencies on jackspeak or path-scurry, which use Blue Oak Model License 1.0.0. As detailed in isaacs/jackspeak#7, we are unable to comply with the license's notice requirements while remaining open-source.
f61d06f
to
c472995
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, no need to edit manually given the circumstances.
Bump Yarn licenses plugin from v0.12.0 to v0.13.1 for Yarn v4 support. Remove all other plugins as they are built in to Yarn v4. Accept Yarn's suggestion of disabling the global cache so dependencies are available locally, allowing MegaLinter to run ESLint via Yarn. Reject Yarn's suggestion of using the mixed compression level since experiments have shown that installs are significantly faster with the new default compression level of 0. Consequently, decompress all Yarn dependencies. Ignore deprecation of uuid package now that
yarn npm audit
reports deprecations. @actions/cache depends on uuid v3, and does not plan to upgrade the dependency. Ignore deprecation of @npmcli/move-file since it's a transitive dependency of node-gyp@9.4.1. We can't upgrade node-gyp without taking dependencies on jackspeak or path-scurry, which use Blue Oak Model License 1.0.0. As detailed in isaacs/jackspeak#7, we are unable to comply with the license's notice requirements while remaining open-source.This PR contains the following updates:
2.7.1
->3.1.0
3.6.4
->4.0.2
3.6.4
->4.0.2
Release Notes
yarnpkg/berry (@yarnpkg/sdks)
v3.1.0
Compare Source
Commands
yarn workspaces list
andyarn workspaces foreach
commands now both support a new--since
option that lets you filter the workspace list by changes (only workspaces that changed since the specified commit will be iterated on). This feature is still a little experimental, especially when used with-R,--recursive
.yarn workspaces foreach
command now handles the fact that a script containing:
only becomes global if it exists in exactly one workspace.yarn workspaces foreach
command now supports--jobs 1
and--jobs unlimited
.yarn init -2
command will now add thepackageManager
field to your project manifest.Settings
pattern
matcher fromlogFilters
will now match any part of the log entry.Installs
nodeLinker: pnpm
mode will let you install packages using the pnpm install strategy, where packages are stored flat and referenced by each others through symlinks. This mode is still a little experimental, so please send our way bugs you might find.supportedArchitectures
field to manually enforce the presence of specific architectures.nmMode: hardlinks-global
setting will now be automatically downgraded tonmMode: hardlinks-local
when global caches and install folders are kept on different devices, thus letting the install continue normally. A warning will still be produced explaining this behaviour.node_modules
linker maximizes chances to end-up with only one top-level node_modules in the case of using workspacesnmSelfReferences
setting has been added to the nm linker to control whether workspaces are allowed to require themselves - results in creation of self-referencing symlinks.yarn workspaces focus
will not create self-referencing symlinks for excluded workspaces anymore.node_modules
installs.Miscellaneous Features
workspace:^
andworkspace:~
. When published, those markers will turn into the actual version (just like what used to happen withworkspace:*
), except that they'll be prefixed with the relevant semver prefix (respectively^
and~
).npmAuditRegistry
setting will let you define which registry to use when running audits. If unset, we'll fallback to the currently configured publish registry (we'll likely change this behavior in Yarn 4 to rather use the fetch registry).Bugfixes
node_modules
installs will now be given priority during hoisting, preventing cases when indirect regular dependencies would block the way for direct portal dependencies.pnpify
binary can now be used from inside directories containing spaces.--version
string.node-modules
linker.node-modules
linker, since they cannot be used from the code anyway.fs
module, allowing users to patch it.require.resolve('pnpapi')
will be handled correctly even when usingexports
.yarn run
immediately after adding or removing dependencies inside large monorepos.@types
version. This matches the behaviour for peer dependencies.Compatibility
pnpEnableEsmLoader
.resolve
will no longer resolve missing modules to a file with the same name that would happen to be located next to the issuer.v3.0.0
Compare Source
Breaking Changes
yup
anymore (we migrated to Typanion as part of Clipanion v3).workspace-tools
, remove it from your.yarnrc.yml
, upgrade, then import it back.enableImmutableInstalls
will now default totrue
on CI (we still recommend to explicitly use--immutable
on the CLI).YARN_ENABLE_IMMUTABLE_INSTALLS=false
in your environment variables.initVersion
andinitLicense
configuration options have been removed.initFields
should be used instead..pnp.cjs
files (instead of.pnp.js
) when using PnP, regardless of what thetype
field inside the manifest is set to.$$virtual
into__virtual__
.-a
alias flag ofyarn workspaces foreach
got removed; use-A,--all
instead, which is strictly the same..vscode/pnpify
) won't be cleaned up anymore.--skip-builds
flag fromyarn install
got renamed into--mode=skip-build
.bstatePath
configuration option has been removed. The build state (.yarn/build-state.yml
) has been moved into the install state (.yarn/install-state.gz
)@yarnpkg/pnpify
has been refactored into 3 packages:@yarnpkg/sdks
now contains the Editor SDKs@yarnpkg/pnpify
now contains the PnPify CLI compatibility tool that creates in-memorynode_modules
@yarnpkg/nm
now contains thenode_modules
tree builder and hoister@yarnpkg/plugin-node-modules
has been renamed to@yarnpkg/plugin-nm
--clipanion=definitions
commands supported by our CLIs will now expose the definitions on the entry point (rather than on.command
)API
structUtils.requirableIdent
got removed; usestructUtils.stringifyIdent
instead, which is strictly the same.configuration.format
got removed; useformatUtils.pretty
instead, which is strictly the same, but type-safe.httpUtils.Options['json']
got removed; usehttpUtils.Options['jsonResponse']
instead, which is strictly the same.PackageExtension['description']
got removed, useformatUtils.json(packageExtension, formatUtils.Type.PACKAGE_EXTENSION)
instead, which is strictly the same.Project.generateBuildStateFile
has been removed, the build state is now inProject.storedBuildState
.Project.tryWorkspaceByDescriptor
andProject.getWorkspaceByDescriptor
now match on virtual descriptors.Installs
Workspaces now get self-references even when under the
node-modules
linker (just like how it already worked with thepnp
linker). This means that a workspace calledfoo
can now safely assume that calls torequire('foo/package.json')
will always work, removing the need for absolute aliases in the majority of cases.The node-modules linker now does its best to support the
portal:
protocol. This support comes with two important limitations:--preserve-symlinks
Node option if they wish to access their dependencies.portal:
must be hoisted outside of the portal. Failing that (for example if the portal package depends on something incompatible with the version hoisted via another package), the linker will produce an error and abandon the install.The node-modules linker can now utilize hardlinks. The new setting
nmMode: classic | hardlinks-local | hardlinks-global
specifies whichnode_modules
strategy should be used:classic
- standardnode_modules
layout, without hardlinkshardlinks-local
- standardnode_modules
layout with hardlinks inside the project onlyhardlinks-global
- standardnode_modules
layout with hardlinks pointing to global content storage across all the projects using this optionBugfixes
node-modules
linker will now ensure that the generated install layouts are terminal, by doing several rounds when needed.node-modules
linker will no longer print warnings about postinstall scripts when a workspace depends on another workspace listing install scripts.${ENV_VAR}
syntax.preinstall
,install
,postinstall
fail, the remaining scripts will be skipped.git:
protocol will now default to fetchingHEAD
(rather than the hardcodedmaster
).SIGTERM
signal will now be propagated to child processes.yarn config unset
will now correctly unset non-nested propertiesSettings
initFields
edge cases have been fixed.preferAggregateCacheInfo
flag will now also aggregate cleanup reports.enableMessageNames
flag can be set tofalse
to exclude theYNxxxx
from the output.Commands
yarn init
can now be run even from within existing projects (will create missing files).yarn init
andyarn set version
will set thepackageManager
field.yarn set version
now downloads binaries from the official Yarn website (rather than GitHub).yarn set version from sources
will now upgrade the builtin plugins as well unless--skip-plugins
is set.yarn version apply
now supports a new--prerelease
flag which replaces how prereleases were previously handled.yarn run
should be significantly faster to boot on large projects.yarn workspaces foreach --verbose
will now print when processes start and end, even if they don't have an output.yarn workspaces foreach
now supports a--from <glob>
flag, which when combined with-R
will target workspaces reachable from the 'from' glob.yarn patch-commit
can now be used as many times as you want on the same patch folder.yarn patch-commit
now supports a new-s,--save
flag which will save the patch instead of just printing it.yarn up
now supports a new-R,--recursive
flag which will upgrade the specified package, regardless where it is.yarn config unset
is a new command that will remove a setting from the local configuration (or home if-H
is set).yarn exec
got support for running shell scripts using Yarn's portable shell.yarn plugin import
can now install specific versions of the official plugins.yarn plugin import
will now download plugins compatible with the current CLI by default.yarn unlink
has been added which removes resolutions previously set byyarn link
.Builtin Shell
Compatibility
yarn install
inside a Yarn v1 project will now automatically enable thenode-modules
linker. This should solve most of the problems people have had in their migrations. We still recommend to keep the default PnP for new projects, but the choice is yours.bigint
, andfstat
.@yarnpkg/esbuild-plugin-pnp
. We use it to bundle Yarn itself!exports
field - regardless of the Node version.node:
protocol (new in Node 16)plugins
configuration property.Miscellaneous
v2.7.2
Compare Source
yarnpkg/berry (yarn)
v4.0.2
Compare Source
v4.0.1
Compare Source
v4.0.0
Compare Source
Major Changes
With Node.js 16's now being End of Life'd, we dropped support for Node.js versions lower than 18.12.
Some important defaults have changed:
yarn set version
will prefer usingpackageManager
rather thanyarnPath
when possible.yarn init
will no longer use zero-install by default. You still can enable it, but it should make it easier to start one-of projects without having to rewrite the configuration afterwards.yarn workspaces foreach
now requires one of--all
,--recursive
,--since
, or--worktree
to be explicitly specified; the previous default was--worktree
, but it was rarely what users expected.All official Yarn plugins are now included by default in the bundle we provide. You no longer need to run
yarn plugin import
for official plugins (you still need to do it for third-party plugins, of course).Yarn's UI during installs has been greatly improved:
node-gyp
and transitive peer dependency errors) have been removed.yarn rebuild
calls.yarn npm audit
.Some settings were renamed or removed:
caFilePath
is nowhttpsCaFilePath
preferAggregateCacheInfo
has been removed (it's now always on)pnpDataPath
has been removed to adhere to our new PnP specification. For consistency, all PnP files will now be hardcoded to a single value so that third-party tools can implement the PnP specification without relying on the Yarn configuration.The
yarn npm audit
command has been reimplemented:/-/npm/v1/security/advisories/bulk
endpoint.npmAuditRegistry
can be used to temporarily route audit queries to the npm registry.yarn npm audit ! --no-deprecations
.Some legacy layers have been sunset:
.pnp.js
file when migrating.--assume-fresh-project
flag ofyarn init
has been removed.API Changes
The following changes only affect people writing Yarn plugins:
The
ZipFS
andZipOpenFS
classes have been moved from@yarnpkg/fslib
to@yarnpkg/libzip
. They no longer need or accept thelibzip
parameter.open
,ZIP_CREATE
, andZIP_TRUNCATE
bindings are no longer needed forZipFS
and have also been removed.The
dependencies
field sent returned byResolver#resolve
must now be the result of aConfiguration#normalizeDependencyMap
call. This change is prompted by a refactoring of how default protocols (ienpm:
) are injected into descriptors. The previous implementation caused various descriptors to never be normalized, which made it difficult to know what were the descriptors each function should expect.Similarly, the descriptors returned by
Resolve#getResolutionDependencies
are now expected to be the result ofConfiguration#normalizeDependency
calls.Note that this only applies to the
dependencies
field; thepeerDependencies
field is unchanged, as it must only contains semver ranges without any protocol (with an exception forworkspace:
, but that's not relevant here).The
Resolve#getResolutionDependencies
function must now return an object of arbitrary string keys and descriptor values (instead of a map withDescriptorHash
keys). Those descriptors will be resolved and assigned to the same keys as the initial object. This change allows resolvers to wrap resolution dependencies from other resolvers, which wasn't possible before since it'd have caused the key to change.The
generateLoader
function in@yarnpkg/pnp
no longer generates the$$SETUP_STATE
function, it now needs to be present in theloader
passed to the function.The
getCustomDataKey
function inInstaller
from@yarnpkg/core
has been moved toLinker
.renderForm
'soptions
argument is now required to enforce that custom streams are always specified.npmConfigUtils.getAuditRegistry
no longer takes aManifest
as its first argument.The
FetchOptions.skipIntegrityCheck
option has been removed. UseFetchOptions.cacheOptions.skipIntegrityCheck
instead.MapConfigurationValue
has been removed. UsemiscUtils.ToMapValue
instead.Manifest.isManifestFieldCompatible
andManifest.prototype.isCompatibleWith{OS,CPU}
have been removed. UseManifest.prototype.getConditions
andstructUtils.isPackageCompatible
instead.versionUtils.{fetchBase,fetchRoot,fetchChangedFiles}
have been moved from@yarnpkg/plugin-version
to@yarnpkg/plugin-git
. UsegitUtils.{fetchBase,fetchRoot,fetchChangedFiles}
instead.For consistency reasons:
Link{Resolver,Fetcher}
have been renamed toPortal{Resolver,Fetcher}
RawLink{Resolver,Fetcher}
have been renamed toLink{Resolver,Fetcher}
FakeFS
classes are now required to implementlutimes{Sync,Promise}
.workspace.dependencies
has been removed. Useworkspace.anchoredPackage.dependencies
instead.The
Installer
class must now returnBuildRequest
structures instead ofBuildDirective[]
. This lets you mark that the build must be skipped, and the reason why.startCacheReport
has been removed, and is now part of the output generated byfetchEverything
.forgettableNames
&forgettableBufferSize
have been removed (the only messages using them have been removed, making the forgettable logs implementation obsolete).workspace.locator
has been removed. You can instead use:workspace.anchoredLocator
to get the locator that's used throughout the dependency tree.workspace.manifest.version
to get the workspace version.configuration.{packageExtensions,refreshPackageExtensions}
have been removed. Useconfiguration.getPackageExtensions
instead.configuration.normalizePackage
now requires apackageExtensions
option.ProjectLookup
has been removed. BothConfiguration.find
andConfiguration.findProjectCwd
now always do a lockfile lookup.Installs
pnpm
linker avoids creating symlinks that lead to loops on the file system, by moving them higher up in the directory structure.pnpm
linker no longer reports duplicate "incompatible virtual" warnings.Features
enableOfflineMode
is a new setting that, when set, will instruct Yarn to only use the metadata and archives already stored on the local machine rather than download them from the registry. This can be useful when performing local development under network-constrained environments (trains, planes, ...).yarn run bin
now injects the environment variables defined in.env.yarn
when spawning a process. This can be configured using theinjectEnvironmentFiles
variable.yarn workspaces foreach
now automatically enables theyarn workspaces foreach ! --verbose
flag in interactive terminals.Bugfixes
yarn dlx
will no longer report false-positiveUNUSED_PACKAGE_EXTENSION
warningsyarn workspace
will now set$INIT_CWD
to the CLI working directory rather than the workspace root.Shell
Compatibility
FileHandle.readLines
.v3.7.0
Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.