-
-
Notifications
You must be signed in to change notification settings - Fork 727
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: upgrade to yarn v4 #7230
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Dependency ReviewThe following issues were found:
|
@@ -70,5 +74,6 @@ | |||
"react-router": "6.23.1", | |||
"replace-in-file": "7.2.0", | |||
"typescript": "4.8.4" | |||
} | |||
}, | |||
"packageManager": "[email protected]" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to do @4
here in case there's a vulnerability and a patch release?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a fair question, but the regex validator here requires an absolute version. Though, you're allowed to do ^4.2.2 I believe.
@@ -50,9 +50,9 @@ jobs: | |||
YARN_1="yarn --mutex network --cwd ./current" | |||
YARN_2="yarn --mutex network --cwd ./main" | |||
|
|||
$YARN_1 install --ignore-scripts &> /dev/null && $YARN_1 build:backend --strictNullChecks true 2> .stderr-current > .out-current & | |||
$YARN_1 install &> /dev/null && $YARN_1 build:backend --strictNullChecks true 2> .stderr-current > .out-current & |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can ignore this file as it's not working as intended... although we could test if running it with yarn 4 fixes it 🤔
52bd795
to
0ac291f
Compare
b5d5ee8
to
d652f8f
Compare
@@ -17,5 +17,5 @@ jobs: | |||
uses: actions/dependency-review-action@v4 | |||
with: | |||
fail-on-severity: moderate | |||
allow-licenses: Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, CC0-1.0, Unlicense | |||
allow-licenses: Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, CC0-1.0, Unlicense, Null, BlueOak-1.0.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like adding Null
here is making the action fail. Maybe an alternative solution is to add jackspeak to allow-dependencies-licenses.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm, good catch, it seemed like Null was a license ID, but looking at the license list, that's a non-existing identifier. Will update.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Thanks for pointing it out.
I see the dependency review still failing. this is due to the spdx parser not handling packages with dual licensing ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job with this, I vote we try it out 👍
This has been on our TODO list for a long time, I guess using v6 as a linchpin to finally do it isn't too bad. This is an initial attempt just following official step-by-step on yarn's homepage.