chore(package.json): Update dependencies and node version

[1p22geo]

What kind of change does this PR introduce?

• Use node v20.9.0+ (or anything > 20.9.0) as specified in README instead of stricly requiring node == 20.0.0 (as it was in package.json)
• Update to use latest yarn
• Yarn is a package manager and not a dependency, it is not needed in runtime. Yarn installs the dependencies, so no need to mention it in dependencies in package.json

Issue Number:
There weren't any, as it is not technically a bug. Yet.

Screenshots/videos:

Sorry, none here.

If relevant, did you update the documentation?

Not relevant.

Summary

why upgrade yarn

I know that package.json updates are stricly forbidden for this repository (there is even a CI workflow to fail PRs which changed it) but this is kinda important.

I know it will cause major pain, especially for CI runs, but I can help with migrating workflows to yarn 4.

Does this PR introduce a breaking change?

Yes.

[1p22geo]

Hold on, I am fixing the build errors...

[1p22geo]

Builds and CI succeed now, and the only thing failing is the unauthorized file edit workflow. All workflows and builds use latest yarn and node now.

[benjagm]

Thanks a lot for this PR! We'll need some extra time to review it but hope to provide feedback tomorrow the latest.

[1p22geo]

Sorry for the tons of unnecessary updates here, I just wanted to fix conflicts with upstream (after merging #729 and #730 which also updated package.json and yarn.lock).

[aialok]

See comment. Apart from the comment (LGTM).

[1p22geo]

• No more yarn workspaces focus, everywhere yarn install --frozen-lockfile
• node ^20.9.0 in package.json
• node 20.9.0 in github actions

[aialok]

@1p22geo Please make sure you always fetch latest upstream as this is going to be major changes in our codebase.

Thank you : )

[1p22geo]

I see the errors, fixing now...

[aialok]

LGTM 🚀

Warning: This PR might introduce breaking changes in production, as there are complete changes in our yarn.lock file and yarn is now in an upgraded version.

Thank you @1p22geo : )

[benjagm]

Hi @1p22geo do you mind if we change the target branch to try the deployment first in cloudflare? Once that works well merge the temorary branch to main.

[1p22geo]

Hi @1p22geo do you mind if we change the target branch to try the deployment first in cloudflare? Once that works well merge the temorary branch to main.

Of course, I've only tried it with latest node. Once any errors occur, I'd be happy to help fix.

[1p22geo]

Updated to upstream and resolved conflicts.

[1p22geo]

BTW may I know how is the whole "temporary deployment" thing going? Are there any errors that need to be fixed, or is it just difficult to set up?

[benjagm]

Thanks for your contribution!

[benjagm]

BTW may I know how is the whole "temporary deployment" thing going? Are there any errors that need to be fixed, or is it just difficult to set up?

We have been busy!! Merged!

[benjagm]

I tested everything in cloudflare and I needed to add yarn back as dependency because we are using it to generate the sitemap files at deployment time. You can see the content fo the branch here: https://github.com/json-schema-org/website/tree/web-node-20-9-0

This is the build command we are running in cloudflare : next build && next-sitemap --config next-sitemap.config.js

Now everything is working in web-node-20-9-0 and we are ready to merge to main.

[1p22geo]

Why is it yarn 1.22 again? I added Yarn 4...

[1p22geo]

packageManager is yarn 4.2 (latest)

website/package.json

Line 76 in 674ac5d

"packageManager": "[email protected]"

but you added yarn 1.22?

website/package.json

Line 45 in 674ac5d

"yarn": "1.22.22",

[benjagm]

Last version of yarn is 1.22

https://github.com/yarnpkg/yarn/releases

[1p22geo]

Then am I a time traveller?

[1p22geo]

I literally gave you this link in the PR description https://yarnpkg.com/migration/overview

[benjagm]

:-) I am not an expert. I am just trying to keep the website running while managing the community

[1p22geo]

Also, it's the stale repo.
https://github.com/yarnpkg/berry

[1p22geo]

Ah wait, somehow yarn@latest is yarn 1.22, but yarn@stable is yarn 4.2
npm install yarn or yarn add yarn will add yarn 1.22 (default)
yarn add yarn@stable or yarn set version stable will install ACTUAL latest

[benjagm]

It seems than the last yarn version available as dependency is the 1.22.22 version:

• https://yarnpkg.com/search?q=yarn
• https://yarnpkg.com/package?q=yarn&name=yarn

[1p22geo]

Wait, you said you run next build && next-sitemap --config next-sitemap.config.js on the Cloudflare worker.

But next is not a regular binary file. To run it you need either yarn or npx or a package.json script. Which means that yarn is installed already, before running anything. (or some other package manager)

yarn is the thing that's doing the installing, so it shouldn't really be installing itself.

Also you can run yarn set version stable to install yarn v4

Did it really not work without yarn in the dependencies?

[benjagm]

Hi again @1p22geo. We are not using cloudflare workers, we are using cloudflare pages. If we remove yarn from the dependencies this is the error we get in the cloudflare deployment:

13:45:10.141 | Verify run directory
-- | --
13:45:10.142 | Executing user command: next build && next-sitemap --config next-sitemap.config.js
13:45:10.145 | /opt/build/bin/build: line 39: next: command not found
13:45:10.149 | Failed: build command exited with code: 127
13:45:11.023 | Failed: error occurred while running build command

As soon as I add yarn to the dependencies it works like a charm.

I'd like to clarify that we are not expert frontend developers, we are a group o people passionate about JSON Schema, the Specification and its tooling. These type of changes that maybe are trivial for you, may be more complex for us. Our expertise field is the spec, JSON Schemas design and processing and developer tooling .... so please bear with us.

[jdesrosiers]

I agree that it doesn't make sense for yarn to be a dependency. Ideally you would call yarn run build instead of next build && next-sitemap --config next-sitemap.config.js in Cloudflare Pages. It runs the same commands, but does so in the context of the installed dependencies (like next and next-sitemap). @benjagm, can we give that a try on Cloudflare Pages without yarn in the dependencies and see if that works?

[jdesrosiers]

@benjagm I remembered that I have access the Cloudflare Pages, so I tried it myself. I changed the command to yarn build and redeployed the branch without the yarn dependency. Everything deployed fine, but it seems Cloudflare Pages decided to use yarn 1.22.4 rather than 4.2.2 as declared in package.json.

17:28:44.100 | Installing yarn at version 1.22.4

It seems that it doesn't respect the packageManager field. Not sure if there's a way around that problem, but I'd say that's a blocker for upgrading to yarn v4 if that problem can't be solved.

After my testing, I changed all the settings back to how they were before. I'll let you decide whether or not to make the change permanent.

[jdesrosiers]

So, I found out that Cloudflare Pages has v1 and v2 build systems. The v2 build system respects packageManager, but we were using v1. I did another test deployment, this time using the v2 build system and yarn bulid as the build command. Everything seems to have worked and it's using the right version of yarn this time.

17:49:54.036 | Preparing [email protected] for immediate activation...

@benjagm, I reverted all the Cloudflare configuration changes I made so you have a chance to do more thorough testing (I did little more than make sure it built without errors) before making the changes permanent.

[jdesrosiers]

@1p22geo I want to thank you for taking the time to do this upgrade. Keeping dependencies up-to-date is a very important security practice.

That said, I want to call your attention to an interaction that occurred in this thread.

Then am I a time traveller?

I literally gave you this link in the PR description https://yarnpkg.com/migration/overview

Some of us found these comments to be disrespectful. I know cultural differences as well as language barriers can lead to misunderstandings especially in async written communications like this, but I wanted you to know this was how it was received and I hope you'll adjust as I'm sure you don't mean to offend anyone. @benjagm might not be a web development expert, but this website and many other things in this community wouldn't exist without his efforts. He deserves our respect.

Thanks again for your contributions and I'm glad to have you as part of this community.

[benjagm]

Thanks everyone! @jdesrosiers Good finding with the v1 vs v2 build system of cloudflare. I changed it and it starts using the modern Yarn. That works.

I'd like to recall that we are doing all of this use site-map to generate the sitemap xml files and improve our SEO. These are the scripts we have configured in package.json:

  "scripts": {
    "build": "next build",
    "postbuild": "next-sitemap --config next-sitemap.config.js",

I have checked the result of using yarn run build in cloudflare and unfortunately it doesn't the postbuild script necessary to generate the sitemap. After doing some research i found this question in their forum and I ended up using yarn run build && yarn run postbuild and now everything works as expected:

• Yarn removed from dependencies
• Yarn as package manager with V 4.2.2
• Sitemap generate properly in cloudflare

This is the new PR to master branch: #757

[jdesrosiers]

I'm surprised that postbuild doesn't run automatically when you run build. I thought that was its purpose. Anyway, that's why I left it for you to verify things were working 😄.