chore(deps): update yarn to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
yarn (source)	3.8.5 -> 4.4.1

---

Release Notes

yarnpkg/berry (yarn)

v4.4.1

Compare Source

v4.4.0

Compare Source

v4.3.1

Compare Source

v4.3.0

Compare Source

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

v4.1.1

Compare Source

v4.1.0

Compare Source

• Tweaks -,--verbose in yarn workspaces foreach; -v will now only print the prefixes, -vv will be necessary to also print the timings.

• Adds a new --json option to yarn run when called without script name

• Fixes node-modules linker link: dependencies mistreatment as inner workspaces, when they point to a parent folder of a workspace

• Fixes spurious "No candidates found" errors

• Fixes missing executable permissions when using nodeLinker: pnpm

• Fixes packages being incorrectly flagged as optional

• Fixes cache key corruptions due to uncontrolled git merges

• Fixes yarn version apply --all --dry-run making unexpected changes

• Fixes yarn npm login when the remote registry is Verdaccio

v4.0.2

Compare Source

v4.0.1

Compare Source

v4.0.0

Compare Source

Major Changes

• With Node.js 16's now being End of Life'd, we dropped support for Node.js versions lower than 18.12.

• Some important defaults have changed:

  • yarn set version will prefer using packageManager rather than yarnPath when possible.
  • yarn init will no longer use zero-install by default. You still can enable it, but it should make it easier to start one-of projects without having to rewrite the configuration afterwards.
  • yarn workspaces foreach now requires one of --all, --recursive, --since, or --worktree to be explicitly specified; the previous default was --worktree, but it was rarely what users expected.

• All official Yarn plugins are now included by default in the bundle we provide. You no longer need to run yarn plugin import for official plugins (you still need to do it for third-party plugins, of course).

  • This doesn't change anything to the plugin API we provide, which will keep being maintained.
  • Yarn still has a modular architecture and uses the exact same APIs as contrib plugins; all that changes is how we distribute our own features.

• Yarn's UI during installs has been greatly improved:

  • Packages added and removed from the lockfile are now explicitly reported.
  • Fluctuations in the project cache size are now reported as a single line.
  • Unactionable warnings (node-gyp and transitive peer dependency errors) have been removed.
  • Skipped builds are now only reported during initial installs and manual yarn rebuild calls.
  • The Yarn version is now displayed on installs to help us investigate issues when reported as screenshots.
  • Deprecation checks have been moved to yarn npm audit.

• Some settings were renamed or removed:

  • caFilePath is now httpsCaFilePath
  • preferAggregateCacheInfo has been removed (it's now always on)
  • pnpDataPath has been removed to adhere to our new PnP specification. For consistency, all PnP files will now be hardcoded to a single value so that third-party tools can implement the PnP specification without relying on the Yarn configuration.

• The yarn npm audit command has been reimplemented:

  • The audit registry must now implement the /-/npm/v1/security/advisories/bulk endpoint.
  • The npmAuditRegistry can be used to temporarily route audit queries to the npm registry.
  • Deprecations are now returned by default. To silence them, use yarn npm audit ! --no-deprecations.

• Some legacy layers have been sunset:

  • Plugins cannot access the Clipanion 2 APIs anymore (upgrade to Clipanion 3)
  • Plugins cannot access the internal copy of Yup anymore (use Typanion instead)
  • Yarn will no longer remove the old Yarn 2.x .pnp.js file when migrating.
  • The --assume-fresh-project flag of yarn init has been removed.

API Changes

The following changes only affect people writing Yarn plugins:

• The ZipFS and ZipOpenFS classes have been moved from @yarnpkg/fslib to @yarnpkg/libzip. They no longer need or accept the libzip parameter.

  • Reading the zip archives is now done on the Node.js side for performance; as a result, the open, ZIP_CREATE, and ZIP_TRUNCATE bindings are no longer needed for ZipFS and have also been removed.

• The dependencies field sent returned by Resolver#resolve must now be the result of a Configuration#normalizeDependencyMap call. This change is prompted by a refactoring of how default protocols (ie npm:) are injected into descriptors. The previous implementation caused various descriptors to never be normalized, which made it difficult to know what were the descriptors each function should expect.

  • Similarly, the descriptors returned by Resolve#getResolutionDependencies are now expected to be the result of Configuration#normalizeDependency calls.

  • Note that this only applies to the dependencies field; the peerDependencies field is unchanged, as it must only contains semver ranges without any protocol (with an exception for workspace:, but that's not relevant here).

• The Resolve#getResolutionDependencies function must now return an object of arbitrary string keys and descriptor values (instead of a map with DescriptorHash keys). Those descriptors will be resolved and assigned to the same keys as the initial object. This change allows resolvers to wrap resolution dependencies from other resolvers, which wasn't possible before since it'd have caused the key to change.

• The generateLoader function in @yarnpkg/pnp no longer generates the $$SETUP_STATE function, it now needs to be present in the loader passed to the function.

• The getCustomDataKey function in Installer from @yarnpkg/core has been moved to Linker.

• renderForm's options argument is now required to enforce that custom streams are always specified.

• npmConfigUtils.getAuditRegistry no longer takes a Manifest as its first argument.

• The FetchOptions.skipIntegrityCheck option has been removed. Use FetchOptions.cacheOptions.skipIntegrityCheck instead.

• MapConfigurationValue has been removed. Use miscUtils.ToMapValue instead.

• Manifest.isManifestFieldCompatible and Manifest.prototype.isCompatibleWith{OS,CPU} have been removed. Use Manifest.prototype.getConditions and structUtils.isPackageCompatible instead.

• versionUtils.{fetchBase,fetchRoot,fetchChangedFiles} have been moved from @yarnpkg/plugin-version to @yarnpkg/plugin-git. Use gitUtils.{fetchBase,fetchRoot,fetchChangedFiles} instead.

• For consistency reasons:

  • Link{Resolver,Fetcher} have been renamed to Portal{Resolver,Fetcher}
  • RawLink{Resolver,Fetcher} have been renamed to Link{Resolver,Fetcher}

• FakeFS classes are now required to implement lutimes{Sync,Promise}.

• workspace.dependencies has been removed. Use workspace.anchoredPackage.dependencies instead.

• The Installer class must now return BuildRequest structures instead of BuildDirective[]. This lets you mark that the build must be skipped, and the reason why.

• startCacheReport has been removed, and is now part of the output generated by fetchEverything.

• forgettableNames & forgettableBufferSize have been removed (the only messages using them have been removed, making the forgettable logs implementation obsolete).

• workspace.locator has been removed. You can instead use:

  • workspace.anchoredLocator to get the locator that's used throughout the dependency tree.
  • workspace.manifest.version to get the workspace version.

• configuration.{packageExtensions,refreshPackageExtensions} have been removed. Use configuration.getPackageExtensions instead.

• configuration.normalizePackage now requires a packageExtensions option.

• ProjectLookup has been removed. Both Configuration.find and Configuration.findProjectCwd now always do a lockfile lookup.

Installs

• Yarn now caches npm version metadata, leading to faster resolution steps and decreased network data usage.
• The pnpm linker avoids creating symlinks that lead to loops on the file system, by moving them higher up in the directory structure.
• The pnpm linker no longer reports duplicate "incompatible virtual" warnings.

Features

• enableOfflineMode is a new setting that, when set, will instruct Yarn to only use the metadata and archives already stored on the local machine rather than download them from the registry. This can be useful when performing local development under network-constrained environments (trains, planes, ...).
• yarn run bin now injects the environment variables defined in .env.yarn when spawning a process. This can be configured using the injectEnvironmentFiles variable.
• yarn workspaces foreach now automatically enables the yarn workspaces foreach ! --verbose flag in interactive terminals.
• Constraints can now be written in JavaScript. See the revamped documentation for more information.

Bugfixes

• yarn dlx will no longer report false-positive UNUSED_PACKAGE_EXTENSION warnings
• yarn workspace will now set $INIT_CWD to the CLI working directory rather than the workspace root.

Shell

• The builtin shell now supports whitespace-only commands.

Compatibility

• The patched filesystem now supports FileHandle.readLines.
• PnP now reports missing files when in watch mode.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:21609
    throw new Error(
          ^

Error: Error when performing the request to https://registry.npmjs.org/yarn/latest; for troubleshooting help, see https://github.com/nodejs/corepack#troubleshooting
    at fetch (/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:21609:11)
    at async fetchAsJson (/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:21623:20)
    ... 4 lines matching cause stack trace ...
    at async Object.runMain (/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:23096:5) {
  [cause]: TypeError: globalThis.fetch is not a function
      at fetch (/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:21603:33)
      at async fetchAsJson (/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:21623:20)
      at async fetchLatestStableVersion (/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:21550:20)
      at async fetchLatestStableVersion2 (/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:21672:14)
      at async Engine.getDefaultVersion (/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:22292:23)
      at async Engine.executePackageManagerRequest (/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:22390:47)
      at async Object.runMain (/opt/containerbase/tools/corepack/0.29.3/16.20.2/node_modules/corepack/dist/lib/corepack.cjs:23096:5)
}

[changeset-bot]

⚠️ No Changeset found

Latest commit: bda1b6c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Warning

Rate limit exceeded

@renovate[bot] has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 22 minutes and 30 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Commits

Files that changed from the base of the PR and between fccb14d and bda1b6c.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.72%. Comparing base (fccb14d) to head (bda1b6c).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop     #724   +/-   ##
========================================
  Coverage    96.72%   96.72%           
========================================
  Files           91       91           
  Lines         2291     2291           
  Branches       511      511           
========================================
  Hits          2216     2216           
  Misses          60       60           
  Partials        15       15           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Decipher]

Can't upgrade to v4 until the @nuxt/kit update: #693

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 4.x releases. But if you manually upgrade to 4.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.