fix(deps): update yarn monorepo

[mend-5034428]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@yarnpkg/core (source)	4.0.0-rc.42 -> 4.2.0
@yarnpkg/extensions (source)	2.0.0-rc.22 -> 2.0.4
@yarnpkg/fslib (source)	3.0.0-rc.25 -> 3.1.1
@yarnpkg/libzip (source)	3.0.0-rc.25 -> 3.1.0
@yarnpkg/nm (source)	4.0.0-rc.42 -> 4.0.5
@yarnpkg/parsers (source)	3.0.0-rc.42 -> 3.0.2

---

Release Notes

yarnpkg/berry (@​yarnpkg/core)

v4.2.0

Compare Source

v4.1.6

Compare Source

v4.1.5

Compare Source

v4.1.4

Compare Source

v4.1.3

Compare Source

v4.1.2

Compare Source

v4.1.1

Compare Source

v4.1.0

Compare Source

• Tweaks -,--verbose in yarn workspaces foreach; -v will now only print the prefixes, -vv will be necessary to also print the timings.

• Adds a new --json option to yarn run when called without script name

• Fixes node-modules linker link: dependencies mistreatment as inner workspaces, when they point to a parent folder of a workspace

• Fixes spurious "No candidates found" errors

• Fixes missing executable permissions when using nodeLinker: pnpm

• Fixes packages being incorrectly flagged as optional

• Fixes cache key corruptions due to uncontrolled git merges

• Fixes yarn version apply --all --dry-run making unexpected changes

• Fixes yarn npm login when the remote registry is Verdaccio

v4.0.5

Compare Source

v4.0.4

Compare Source

v4.0.3

Compare Source

v4.0.2

Compare Source

v4.0.1

Compare Source

• Fixes creation of symlinks for node-modules linker when inner workspace depends on outer workspace
• Fixes progress bars when the terminal is too large
• Fixes crashes while running Yarn within Docker within GitHub Actions
• Fixes yarn npm audit --ignore NUM which didn't apply to deprecations
• Fixes yarn npm audit --json which didn't print the right output format
• Fixes an incorrect type export in @yarnpkg/core
• Implements back the yarn explain peer-requirements command

v4.0.0

Compare Source

Major Changes

• With Node.js 16's now being End of Life'd, we dropped support for Node.js versions lower than 18.12.

• Some important defaults have changed:

  • yarn init and yarn set version will prefer using packageManager rather than yarnPath when possible (when they detect COREPACK_ROOT in your environment variables).

  • yarn init will no longer use zero-install by default. You still can enable it, but it should make it easier to start one-of projects without having to rewrite the configuration afterwards.

    • As a result, enableGlobalCache now defaults to true. If your project uses Zero-Installs, the first yarn install you run after migrating to 4.0 will automatically set enableGlobalCache: false in your local .yarnrc.yml.

  • yarn workspaces foreach now requires one of --all, --recursive, --since, or --worktree to be explicitly specified; the previous default was --worktree, but it was rarely what users expected.

  • compressionLevel now defaults to 0 rather than mixed. It's been proved significantly faster on installs, and the size impact was reasonable enough to change the default. Note that it benefits you even if you use Zero-Installs: as per our tests, a zero-compression is actually easier to handle for Git (you can see by yourself with those examples using compressionLevel: 0 vs compressionLevel: mixed).

    • To avoid making the upgrade too disruptive, Yarn will check whether Zero-Installs are enabled the first time you run yarn install after migrating from 3.6 to 4.0. If you do, it will automatically set the old default (compressionLevel: mixed) in your .yarnrc.yml file. You can then remove it whenever you feel ready to actually change the compression settings.

• All official Yarn plugins are now included by default in the bundle we provide. You no longer need to run yarn plugin import for official plugins (you still need to do it for third-party plugins, of course).

  • This doesn't change anything to the plugin API we provide, which will keep being maintained.
  • Yarn still has a modular architecture and uses the exact same APIs as contrib plugins; all that changes is how we distribute our own features.

• Yarn's UI during installs has been greatly improved:

  • Packages added and removed from the lockfile are now explicitly reported.
  • Fluctuations in the project cache size are now reported as a single line.
  • Unactionable warnings (node-gyp and transitive peer dependency errors) have been removed.
  • Skipped builds are now only reported during initial installs and manual yarn rebuild calls.
  • The Yarn version is now displayed on installs to help us investigate issues when reported as screenshots.
  • Deprecation checks have been moved to yarn npm audit.

• Some settings were renamed or removed:

  • caFilePath is now httpsCaFilePath
  • preferAggregateCacheInfo has been removed (it's now always on)
  • pnpDataPath has been removed to adhere to our new PnP specification. For consistency, all PnP files will now be hardcoded to a single value so that third-party tools can implement the PnP specification without relying on the Yarn configuration.

• The yarn npm audit command has been reimplemented:

  • The audit registry must now implement the /-/npm/v1/security/advisories/bulk endpoint.
  • The npmAuditRegistry can be used to temporarily route audit queries to the npm registry.
  • Deprecations are now returned by default. To silence them, use yarn npm audit ! --no-deprecations.

• Some legacy layers have been sunset:

  • Plugins cannot access the Clipanion 2 APIs anymore (upgrade to Clipanion 3)
  • Plugins cannot access the internal copy of Yup anymore (use Typanion instead)
  • Yarn will no longer remove the old Yarn 2.x .pnp.js file when migrating.
  • The --assume-fresh-project flag of yarn init has been removed.

API Changes

The following changes only affect people writing Yarn plugins:

• The ZipFS and ZipOpenFS classes have been moved from @yarnpkg/fslib to @yarnpkg/libzip. They no longer need or accept the libzip parameter.

  • Reading the zip archives is now done on the Node.js side for performance; as a result, the open, ZIP_CREATE, and ZIP_TRUNCATE bindings are no longer needed for ZipFS and have also been removed.

• The dependencies field sent returned by Resolver#resolve must now be the result of a Configuration#normalizeDependencyMap call. This change is prompted by a refactoring of how default protocols (ie npm:) are injected into descriptors. The previous implementation caused various descriptors to never be normalized, which made it difficult to know what were the descriptors each function should expect.

  • Similarly, the descriptors returned by Resolve#getResolutionDependencies are now expected to be the result of Configuration#normalizeDependency calls.

  • Note that this only applies to the dependencies field; the peerDependencies field is unchanged, as it must only contains semver ranges without any protocol (with an exception for workspace:, but that's not relevant here).

• The Resolve#getResolutionDependencies function must now return an object of arbitrary string keys and descriptor values (instead of a map with DescriptorHash keys). Those descriptors will be resolved and assigned to the same keys as the initial object. This change allows resolvers to wrap resolution dependencies from other resolvers, which wasn't possible before since it'd have caused the key to change.

• The generateLoader function in @yarnpkg/pnp no longer generates the $$SETUP_STATE function, it now needs to be present in the loader passed to the function.

• The getCustomDataKey function in Installer from @yarnpkg/core has been moved to Linker.

• renderForm's options argument is now required to enforce that custom streams are always specified.

• npmConfigUtils.getAuditRegistry no longer takes a Manifest as its first argument.

• The FetchOptions.skipIntegrityCheck option has been removed. Use FetchOptions.cacheOptions.skipIntegrityCheck instead.

• MapConfigurationValue has been removed. Use miscUtils.ToMapValue instead.

• Manifest.isManifestFieldCompatible and Manifest.prototype.isCompatibleWith{OS,CPU} have been removed. Use Manifest.prototype.getConditions and structUtils.isPackageCompatible instead.

• versionUtils.{fetchBase,fetchRoot,fetchChangedFiles} have been moved from @yarnpkg/plugin-version to @yarnpkg/plugin-git. Use gitUtils.{fetchBase,fetchRoot,fetchChangedFiles} instead.

• For consistency reasons:

  • Link{Resolver,Fetcher} have been renamed to Portal{Resolver,Fetcher}
  • RawLink{Resolver,Fetcher} have been renamed to Link{Resolver,Fetcher}

• FakeFS classes are now required to implement lutimes{Sync,Promise}.

• workspace.dependencies has been removed. Use workspace.anchoredPackage.dependencies instead.

• The Installer class must now return BuildRequest structures instead of BuildDirective[]. This lets you mark that the build must be skipped, and the reason why.

• startCacheReport has been removed, and is now part of the output generated by fetchEverything.

• forgettableNames & forgettableBufferSize have been removed (the only messages using them have been removed, making the forgettable logs implementation obsolete).

• workspace.locator has been removed. You can instead use:

  • workspace.anchoredLocator to get the locator that's used throughout the dependency tree.
  • workspace.manifest.version to get the workspace version.

• configuration.{packageExtensions,refreshPackageExtensions} have been removed. Use configuration.getPackageExtensions instead.

• configuration.normalizePackage now requires a packageExtensions option.

• ProjectLookup has been removed. Both Configuration.find and Configuration.findProjectCwd now always do a lockfile lookup.

Installs

• Yarn now caches npm version metadata, leading to faster resolution steps and decreased network data usage.
• The pnpm linker avoids creating symlinks that lead to loops on the file system, by moving them higher up in the directory structure.
• The pnpm linker no longer reports duplicate "incompatible virtual" warnings.

Features

• enableOfflineMode is a new setting that, when set, will instruct Yarn to only use the metadata and archives already stored on the local machine rather than download them from the registry. This can be useful when performing local development under network-constrained environments (trains, planes, ...).
• yarn run bin now injects the environment variables defined in .env.yarn when spawning a process. This can be configured using the injectEnvironmentFiles variable.
• yarn workspaces foreach now automatically enables the yarn workspaces foreach ! --verbose flag in interactive terminals.
• Constraints can now be written in JavaScript. See the revamped documentation for more information.

Bugfixes

• yarn dlx will no longer report false-positive UNUSED_PACKAGE_EXTENSION warnings
• yarn workspace will now set $INIT_CWD to the CLI working directory rather than the workspace root.

Shell

• The builtin shell now supports whitespace-only commands.

Compatibility

• The patched filesystem now supports FileHandle.readLines.
• PnP now reports missing files when in watch mode.

v4.0.0-rc.53

Compare Source

v4.0.0-rc.52

Compare Source

v4.0.0-rc.51

Compare Source

v4.0.0-rc.50

Compare Source

v4.0.0-rc.49

Compare Source

v4.0.0-rc.48

Compare Source

v4.0.0-rc.47

Compare Source

v4.0.0-rc.46

Compare Source

v4.0.0-rc.45

Compare Source

v4.0.0-rc.44

Compare Source

v4.0.0-rc.43

Compare Source

yarnpkg/berry (@​yarnpkg/extensions)

v2.0.4

Compare Source

v2.0.3

Compare Source

v2.0.2

Compare Source

v2.0.1

Compare Source

v2.0.0

Compare Source

yarn set version 2.0.0

Remember that a migration guide is available to help you port your applications to Yarn 2.

Notable fixes

• Using yarn link will now properly resolve peer dependencies based on the package that requires the linked package rather than the dependencies installed in the linked project folder.

• Packages will now only be built when one of their dependencies is changed in some way. Note that this includes both direct dependencies and transitive dependencies, which might trigger unintuitive rebuilds in some case (for example, since node-sass depends on lodash.assign, upgrading lodash.assign will trigger a rebuild). This will be improved in a later release by introducing a new runtime field for the dependenciesMeta object that will exclude the package from the build key computation (feel free to start setting this flag as of now, even if it won't have any effect until then).

• Registry hostnames finally aren't part of the lockfile anymore. It means that you can switch the registry at any time by changing the npmRegistryServer settings. One unfortunate limitation is that this doesn't apply to registries that use non-standard paths for their archives (ie /@​scope/name/-/name-version.tgz). One such example is NPM Enterprise, which will see the full path being stored in the lockfile.

• The --immutable option (new name for --frozen-lockfile) will now properly report when the lockfile would be changed because of entry removals (it would previously only reject new entries, not removals).

Notable changes

• We dropped support for Node 8, which has reached its end of life in December.

• Accessing registries through http is now forbidden by default (Yarn will throw an exception and require to use https instead). This can be overruled on a per-hostname basis by using unsafeHttpWhitelist.

• The meaning of devDependencies is slightly altered. Until then dev dependencies were described as "dependencies we only use in development". Given that we now advocate for all your packages to be stored within the repository (in order to guarantee reproducible builds), this doesn't really make sense anymore. As a result, our description of dev dependencies is now "dependencies that aren't installed by the package consumers". It doesn't really change anything else than the name, but the more you know.

  • One particular note is that you cannot install production dependencies only at the moment. We plan to add back this feature at a later time, but given that enabling Zero-Installs would cause your repository to contain all your packages anyway (prod & dev), this feature isn't deemed as important as it used to be.

• Running yarn link <package> now has a semi-permanent effect in that <package> will be added as a dependency of your active workspace (using the new portal: protocol). Apart from that the workflow stays the same, meaning that running yarn link somewhere will add the local path to the local registry, and yarn link <package> will add a dependency to the previously linked package.

  • To disable such a link, just remove its resolution entry and run yarn install again.

• The Yarn configuration has been revamped and will not read the .npmrc files anymore. This used to cause a lot of confusion as to where the configuration was coming from, so the logic is now very simple: Yarn will look in the current directory and all its ancestors for .yarnrc.yml files.

  • Note that the configuration files are now called .yarnrc.yml and thus are expected to be valid YAML. The available settings are listed here.

• The lockfiles now generated should be compatible with Yaml, while staying compatible with old-style lockfiles. Old-style lockfiles will be automatically migrated, but that will require some round-trips to the registry to obtain more information that wasn't stored previously, so the first install will be slightly slower.

• The cache files are now zip instead of tgz. This has an impact on cold install performances, because the currently available registries don't support it, which requires us to convert it on our side. Zero-Install is one way to offset this cost, and we're hoping that registries will consider offering zip as an option in the future.

  • We chose zip because of its perfect combination in terms of tooling ubiquity and random access performances (tgz would require to decompress the whole archive to access a single file).

Package manifests (package.json)

To see a comprehensive documentation about each possible field, please check our documentation.

• Two new fields are now supported in the publishConfig key of your manifests: the main, bin, and module fields will be used to replace the value of their respective top-level counterparts in the manifest shipped along with the generated file.

  • The typings and types fields will also be replaced if you use the TypeScript plugin.

• Two new fields are now supported at the root of the manifest: dependenciesMeta and peerDependenciesMeta (peerDependenciesMeta actually was supported in Yarn 1 as well, but dependenciesMeta is a new addition). These fields are meant to store dependency settings unique to each package.

  • Both of these new fields, and all settings the support, are entirely optional. Yarn will keep doing what you expect if they're not there - they're just a mechanism to expose more fine-grained settings.

  • Some of those settings can only be declared in the project top-level manifest and will be ignored anywhere else (for example built), while others will have a per-package effect (for example optional). As a rule of thumb, dependenciesMeta settings are always project-wide (and thus are only taken into account in the top-level package.json) while peerDependenciesMeta settings are package-specific.

  • The dependenciesMeta field covers dependencies declared in either of the dependencies and devDependencies fields.

  • The dependenciesMeta field accepts two types of keys: either a generic package name (lodash), or a specialized package version ([email protected]). This later syntax only works for the top-level manifest and will thus be ignored when seen in a dependency / transitive dependency.

• The dependenciesMeta[].comment field is expected to be a string field. Even though it isn't actually used anywhere at the moment, we suggest you to write comments regarding the reason why some packages are used here rather than anywhere else. This might prove useful for plugin authors.

• The dependenciesMeta[].built field is a boolean flag; setting it to false will cause the package manager to ignore this package when considering the list of packages that need to be built. If the project uses enable-scripts: false, the warning that would have traditionally been emitted will be downgraded into a simple notice. This settings is project-wide.

• The peerDependenciesMeta[].optional field is a boolean flag; setting it to true will stop the package manager from emitting a warning when the specified peer dependency is missing (you typically want to use it if you provide optional integrations with specific third-party packages and don't want to pollute your users' installs with a bunch of irrelevant warnings). This settings is package-specific.

• The resolutions field no longer support the glob syntax within its patterns, as it was redundant with its own glob-less syntax and caused unnecessary confusion.

  {
    "resolutions": {
  -    "**/@​babel/core": "7.5.5",
  +    "@​babel/core": "7.5.5",
    }
  }
  

Workspaces

• Workspaces can now be referenced using the special workspace: protocol. This protocol accepts either a relative path to the workspace, or a semver range that will be compared against the version fields from candidate workspaces.

• Workspaces don't have to specify a version anymore. If referenced through the workspace: resolver, the engine will assume that they have the version 0.0.0 (which makes workspace:* a good way to say "shut up and take my workspace").

  • That being said, workspaces referenced through the workspace: protocol will see their referenced changed at pack-time if the target workspace defines a version. An error will be thrown otherwise and the package won't be packable.

• Workspaces can now contain sub-workspaces. This follow the same restriction than before, meaning that any workspace that wishes to expose sub-workspaces must be declared private: true.

CLI

• The npm-specific commands (such as yarn login or yarn publish) have been moved into a specific namespace (yarn npm login / yarn npm publish). This doesn't affect the yarn pack command which is considered generic enough for the top-level.

• Running yarn <path> add ... will run the add command into the location pointed by <path>. This is true for any command. The only limitation is that <path> must be either be ., .., or must contain a slash (in order to disambiguate with script and command names).

• Running yarn add -P <package> will use * by default instead of resolving a new range for <package>. This change only affects peer dependencies (-P), and can be disabled by manually specifying the range (yarn add -P lodash@^4.0.0).

• Running yarn add <package> -i will now make suggestions based on the dependencies from your other workspaces. This behavior can be made a default by setting preferInteractive to true in your settings.

• Running yarn foo:bar will run the foo:bar script regardless of what workspace declares it as long as only one workspace declares it. This change only affects scripts whose names contains at least one colon.

• Running yarn remove -A <package> will remove <package> from all the dependency sets from all your workspaces, regardless of what your cwd is.

• Running yarn set resolution <package> <resolution> will force the resolver to use a specific resolution for the given package descriptor. Note that the descriptor passed as parameter must be exactly the same as the one you want to override. This command is a handy tool to manually optimize some ranges that could benefit from overlapping.

• Running yarn up <package> will upgrade <package> in all of your workspaces at once (only if they already use the specified package - those that don't won't see it being added). Adding the -i flag will also cause Yarn to ask you to confirm for each workspace.

• Running yarn config --why will tell you the source for each value in your configuration. We recommend using it when you're not sure to understand why Yarn would have a particular settings.

• Running yarn pack will no longer always include nested README, CHANGELOG, LICENSE or LICENCE files (note that those files will still be included if found at the root of the workspace being packed, as is usually the case). If you rely on this (somewhat unintended) behavior you can add those files manually to the files field of your package.json.

• The yarn upgrade-interactive command has been moved into a plugin that needs to be installed through yarn plugin import interactive-tools. It's also been rewritten, and we'll keep improving over time.

Miscellaneous

• A new protocol is now supported, portal:. Portals are very much like link: in that they directly point to a location on the disk, but unlike links they also take into account the dependencies of the target location (whereas links don't care about these). To give you a better idea, portals are what you use when you want to target a package, whereas links are what you use when you want to target a non-package folder (for example your src directory, or similar).

• A new protocol is now supported, patch:. The patch protocol can be used to automatically apply changes to the sources of a package. It's very similar to patch-package, but is directly integrated within Yarn (including its cache and checksum systems).

v2.0.0-rc.35

Compare Source

v2.0.0-rc.34

Compare Source

v2.0.0-rc.33

Compare Source

v2.0.0-rc.32

Compare Source

v2.0.0-rc.31

Compare Source

v2.0.0-rc.30

Compare Source

v2.0.0-rc.29

Compare Source

v2.0.0-rc.28

Compare Source

v2.0.0-rc.27

Compare Source

v2.0.0-rc.26

Compare Source

v2.0.0-rc.25

Compare Source

v2.0.0-rc.24

Compare Source

v2.0.0-rc.23

Compare Source

yarnpkg/berry (@​yarnpkg/fslib)

v3.1.1

Compare Source

• Updates the PnP compatibility layer for TypeScript 4.5

v3.1.0

Compare Source

Commands

• The yarn workspaces list and yarn workspaces foreach commands now both support a new --since option that lets you filter the workspace list by changes (only workspaces that changed since the specified commit will be iterated on). This feature is still a little experimental, especially when used with -R,--recursive.
• The yarn workspaces foreach command now handles the fact that a script containing : only becomes global if it exists in exactly one workspace.
• The yarn workspaces foreach command now supports --jobs 1 and --jobs unlimited.
• The yarn init -2 command will now add the packageManager field to your project manifest.

Settings

• The pattern matcher from logFilters will now match any part of the log entry.

Installs

• A new nodeLinker: pnpm mode will let you install packages using the pnpm install strategy, where packages are stored flat and referenced by each others through symlinks. This mode is still a little experimental, so please send our way bugs you might find.
• Yarn won't install anymore packages that don't match the current OS. Should you need to (for example if you check-in your cache), use the supportedArchitectures field to manually enforce the presence of specific architectures.
• The nmMode: hardlinks-global setting will now be automatically downgraded to nmMode: hardlinks-local when global caches and install folders are kept on different devices, thus letting the install continue normally. A warning will still be produced explaining this behaviour.
• The node_modules linker maximizes chances to end-up with only one top-level node_modules in the case of using workspaces
• The nmSelfReferences setting has been added to the nm linker to control whether workspaces are allowed to require themselves - results in creation of self-referencing symlinks. yarn workspaces focus will not create self-referencing symlinks for excluded workspaces anymore.
• Yarn can now install workspaces from remote git repositories that use npm if npm@>=7.x is installed on the system.
• The hoisting algorithm should be faster, improving the install time for recurrent node_modules installs.

Miscellaneous Features

• Workspaces can now be referred to using workspace:^ and workspace:~. When published, those markers will turn into the actual version (just like what used to happen with workspace:*), except that they'll be prefixed with the relevant semver prefix (respectively ^ and ~).
• A new npmAuditRegistry setting will let you define which registry to use when running audits. If unset, we'll fallback to the currently configured publish registry (we'll likely change this behavior in Yarn 4 to rather use the fetch registry).

Bugfixes

• Direct portal dependencies for node_modules installs will now be given priority during hoisting, preventing cases when indirect regular dependencies would block the way for direct portal dependencies.
• The pnpify binary can now be used from inside directories containing spaces.
• The CLI bundles built from sources will now output the commit hash instead of the tree hash, as part of their --version string.
• Nested workspaces are properly hoisted by node-modules linker.
• Self-referencing symlinks won't be created for anonymous workspaces when using the node-modules linker, since they cannot be used from the code anyway.
• The cache is now fully atomic when moving files across devices, and is more efficient in general.
• The PnP patch will now properly pick up changes to the fs module, allowing users to patch it.
• When using PnP, require.resolve('pnpapi') will be handled correctly even when using exports.
• The install state will no longer be invalidated after running commands that modify the lockfile; this should bring a significant performance improvement when running commands such as yarn run immediately after adding or removing dependencies inside large monorepos.
• Optional peer dependencies now imply an optional peer dependency on the corresponding @types version. This matches the behaviour for peer dependencies.

Compatibility

• Yarn will now generate an experimental ESM loader when it detects you may need it. This can be disabled (or enabled) using pnpEnableEsmLoader.
• The PnP compatibility patch for resolve will no longer resolve missing modules to a file with the same name that would happen to be located next to the issuer.
• Fixes the SDK to account for a breaking change in VSCode >=1.61.

v3.0.2

Compare Source

• Updated TypeScript patch to cover TypeScript 4.4.
• Fixed VirtualFS.mapToBase to preserve . characters (was converting them to empty strings).

v3.0.1

Compare Source

• Fixes an edge case with the PnP loader when calling readdir with null as second parameter (instead of undefined).

v3.0.0

Compare Source

Breaking Changes

• Node 10 isn't supported anymore.
• Plugins can't access yup anymore (we migrated to Typanion as part of Clipanion v3).
  • To upgrade workspace-tools, remove it from your .yarnrc.yml, upgrade, then import it back.
• The enableImmutableInstalls will now default to true on CI (we still recommend to explicitly use --immutable on the CLI).
  • You can re-allow mutations by adding YARN_ENABLE_IMMUTABLE_INSTALLS=false in your environment variables.
• The initVersion and initLicense configuration options have been removed. initFields should be used instead.
• Yarn will now generate .pnp.cjs files (instead of .pnp.js) when using PnP, regardless of what the type field inside the manifest is set to.
• The virtual folder (used to disambiguate peer dependencies) got renamed from $$virtual into __virtual__.
• The -a alias flag of yarn workspaces foreach got removed; use -A,--all instead, which is strictly the same.
• The old PnPify SDK folder (.vscode/pnpify) won't be cleaned up anymore.
• The --skip-builds flag from yarn install got renamed into --mode=skip-build.
• The bstatePath configuration option has been removed. The build state (.yarn/build-state.yml) has been moved into the install state (.yarn/install-state.gz)
• The cache files need to be regenerated. We had to change their timestamps in order to account for a flaw in the zip spec that was causing problems with some third-party tools.
• @yarnpkg/pnpify has been refactored into 3 packages:
  • @yarnpkg/sdks now contains the Editor SDKs
  • @yarnpkg/pnpify now contains the PnPify CLI compatibility tool that creates in-memory node_modules
  • @yarnpkg/nm now contains the node_modules tree builder and hoister
• @yarnpkg/plugin-node-modules has been renamed to @yarnpkg/plugin-nm
• The --clipanion=definitions commands supported by our CLIs will now expose the definitions on the entry point (rather than on .command)

API

• structUtils.requirableIdent got removed; use structUtils.stringifyIdent instead, which is strictly the same.
• configuration.format got removed; use formatUtils.pretty instead, which is strictly the same, but type-safe.
• httpUtils.Options['json'] got removed; use httpUtils.Options['jsonResponse'] instead, which is strictly the same.
• PackageExtension['description'] got removed, use formatUtils.json(packageExtension, formatUtils.Type.PACKAGE_EXTENSION) instead, which is strictly the same.
• Project.generateBuildStateFile has been removed, the build state is now in Project.storedBuildState.
• Project.tryWorkspaceByDescriptor and Project.getWorkspaceByDescriptor now match on virtual descriptors.

Installs

• Workspaces now get self-references even when under the node-modules linker (just like how it already worked with the pnp linker). This means that a workspace called foo can now safely assume that calls to require('foo/package.json') will always work, removing the need for absolute aliases in the majority of cases.

• The node-modules linker now does its best to support the portal: protocol. This support comes with two important limitations:

  • Projects that make use of such dependencies will have to be run with the --preserve-symlinks Node option if they wish to access their dependencies.
  • Because Yarn installs will never modify files outside of the project due to security reasons, sub-dependencies of packages with portal: must be hoisted outside of the portal. Failing that (for example if the portal package depends on something incompatible with the version hoisted via another package), the linker will produce an error and abandon the install.

• The node-modules linker can now utilize hardlinks. The new setting nmMode: classic | hardlinks-local | hardlinks-global specifies which node_modules strategy should be used:

  • classic - standard node_modules layout, without hardlinks
  • hardlinks-local - standard node_modules layout with hardlinks inside the project only
  • hardlinks-global - standard node_modules layout with hardlinks pointing to global content storage across all the projects using this option

Bugfixes

• Yarn now has a proper governance model.
• The node-modules linker will now ensure that the generated install layouts are terminal, by doing several rounds when needed.
• The node-modules linker will no longer print warnings about postinstall scripts when a workspace depends on another workspace listing install scripts.
• Peer dependencies depending on their own parent are now properly hoisted by the node-modules linker.
• Boolean values will be properly interpreted when specified inside the configuration file via the ${ENV_VAR} syntax.
• Should any of preinstall, install, postinstall fail, the remaining scripts will be skipped.
• The git: protocol will now default to fetching HEAD (rather than the hardcoded master).
• The SIGTERM signal will now be propagated to child processes.
• The PnP linker now schedules packages to be rebuilt if their unplugged folder is removed
• yarn config unset will now correctly unset non-nested properties
• The TypeScript SDK now
• And a bunch of smaller fixes.

Settings

• Various initFields edge cases have been fixed.
• The preferAggregateCacheInfo flag will now also aggregate cleanup reports.
• A new enableMessageNames flag can be set to false to exclude the YNxxxx from the output.

Commands

• yarn init can now be run even from within existing projects (will create missing files).
• yarn init and yarn set version will set the packageManager field.
• yarn set version now downloads binaries from the official Yarn website (rather than GitHub).
• yarn set version from sources will now upgrade the builtin plugins as well unless --skip-plugins is set.
• yarn version apply now supports a new --prerelease flag which replaces how prereleases were previously handled.
• yarn run should be significantly faster to boot on large projects.
• yarn workspaces foreach --verbose will now print when processes start and end, even if they don't have an output.
• yarn workspaces foreach now supports a --from <glob> flag, which when combined with -R will target workspaces reachable from the 'from' glob.
• yarn patch-commit can now be used as many times as you want on the same patch folder.
• yarn patch-commit now supports a new -s,--save flag which will save the patch instead of just printing it.
• yarn up now supports a new -R,--recursive flag which will upgrade the specified package, regardless where it is.
• yarn config unset is a new command that will remove a setting from the local configuration (or home if -H is set).
• yarn exec got support for running shell scripts using Yarn's portable shell.
• yarn plugin import can now install specific versions of the official plugins.
• yarn plugin import will now download plugins compatible with the current CLI by default.
• yarn unlink has been added which removes resolutions previously set by yarn link.

Builtin Shell

• The shell now supports background jobs, with color-coded output.
• It now also supports redirections from file descriptors.

Compatibility

• Running yarn install inside a Yarn v1 project will now automatically enable the node-modules linker. This should solve most of the problems people have had in their migrations. We still recommend to keep the default PnP for new projects, but the choice is yours.
• The patched filesystem now supports file URLs, bigint, and fstat.
• An official ESBuild resolver is now provided under the name @yarnpkg/esbuild-plugin-pnp. We use it to bundle Yarn itself!
• PnP projects can now use the Node exports field - regardless of the Node version.
• The PnP hook now supports the node: protocol (new in Node 16)
• The Prettier SDK does not use PnPify anymore since it was its only remaining use, and was fairly invasive; as a result, the Prettier plugins must be specified in Prettier's plugins configuration property.
• Zip terminal links can now be clicked from within VSCode
• Builtin patches that fail to apply will no longer cause an error (they'll emit a warning and the original sources will be used instead).
  • Remember that patches are a problem for our team too, and that we only do this because we don't have any other option available to us right now - if you wish to help, consider upvoting the relevant pull request in the TypeScript repository or, if you work at Microsoft, perhaps mention to your TypeScript team next door that fixing this would benefit you.

Miscellaneous

• Reporting for HTTP errors has been improved, which should help you investigate registry issues.

v3.0.0-rc.53

Compare Source

v3.0.0-rc.52

Compare Source

v3.0.0-rc.51

Compare Source

v3.0.0-rc.50

Compare Source

v3.0.0-rc.49

Compare Source

v3.0.0-rc.48

---

Configuration

📅 Schedule: Branch creation - "on Friday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

[mend-5034428]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 142 workspace projects
Progress: resolved 0, reused 1, downloaded 0, added 0
/tmp/renovate/github/cvent/pnpm-fork/pkg-manager/plugin-commands-installation:
 ERR_PNPM_UNSUPPORTED_ENGINE  Unsupported environment (bad pnpm and/or Node.js version)

This error happened while installing a direct dependency of /tmp/renovate/github/cvent/pnpm-fork/pkg-manager/plugin-commands-installation

Your Node version is incompatible with "nexus.core.cvent.org/@yarnpkg/parsers/3.0.2".

Expected version: >=18.12.0
Got: 16.14.0

This is happening because the package's manifest has an engines.node field specified.
To fix this issue, install the required Node version.