Upgrade to Yarn v4 #289
Upgrade to Yarn v4 #289
Conversation
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
mcmire
force-pushed
the
upgrade-to-yarn-v4
branch
2 times, most recently
from
aeeb31d to
c3a6f44
Compare
|
@SocketSecurity ignore npm/[email protected] These are indirect dependencies of Jest. |
|
@SocketSecurity ignore npm/[email protected] These are also indirect dependencies of Jest. |
mcmire
force-pushed
the
upgrade-to-yarn-v4
branch
2 times, most recently
from
8a4f1af to
5f2af88
Compare
- Add `packageManager` to `package.json` - Add `allow-scripts` Yarn plugin - Add Yarn constraints (but modified to suit this package, whose build pipeline is not fully standardized with the module template) - Remove `setup` script (since `allow-scripts` gets called automatically now) - Replace `prepublishOnly` script with `prepack` - Update GitHub workflow to install Yarn via Corepack - Update Yarn-specific section of `.gitignore` - Update installation instructions in README - Upgrade `eslint-plugin-jsdoc` as the version we were using was previously not compatible with the version of Node we are using, but Yarn v1 did not pick this up. Fix lint violations to match.
mcmire
force-pushed
the
upgrade-to-yarn-v4
branch
from
5f2af88 to
d9b814f
Compare
This commit aligns this repo more closely with our module template.
packageManagertopackage.jsonallow-scriptsYarn pluginsetupscript (sinceallow-scriptsgets called automatically now)prepublishOnlyscript withprepack.gitignoreeslint-plugin-jsdocas the version we were using was previously not compatible with the version of Node we are using, but Yarn v1 did not pick this up. Fix lint violations to match.Closes #285.