-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency: Upgrade Yarn to v4 #24565
Conversation
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is new author?A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package. Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
@@ -84,23 +84,23 @@ commands: | |||
jobs: | |||
pretty-docs: | |||
executor: | |||
class: small | |||
class: medium |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CI would consistently silently bail on yarn install
, this fixed that. We were likely running out of memory.
See "Install" step here silently stopping at "Fetch" step, causing the command to fail completely later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
autodeleted by Yarn 4, included by default in core now
compressionLevel: mixed | ||
|
||
enableGlobalCache: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this was auto set by Yarn 4. I believe this was the default in Yarn 3 but not Yarn 4, so I didn't want to change it.
@JReinhold We should definitely run a snapshot release on this branch to see whether the |
LGTM! I'd recommend doing what Valentin said, other than that it looks good. |
@valentinpalkovic @yannbf I've released a canary and tested it out in Mealdrop, it works fine. |
Fixes #24552
What I did
Upgrade our internal usage of Yarn to v4.
References:
Checklist for Contributors
Testing
The changes in this PR are covered in the following automated tests:
Manual testing
git clean -xdf
(beware, will delete all uncommitted files)yarn start
which should take you through the whole tasks pipeline and see that it worksgit clean -xdf
againyarn task --task=compile --no-link
to see that it also compiles in--no-link
modecd scripts
yarn release:version --exact 0.0.0-canary-test-yarn.0
yarn release:publish --tag canary
to see that it correctly attempts to publish. It should output a long list ofYN0033: No authentication configured for request
errors because you don't have the npm token set, which is the correct output.This section is mandatory for all contributions. If you believe no manual test is necessary, please state so explicitly. Thanks!
Documentation
MIGRATION.MD
Checklist for Maintainers
When this PR is ready for testing, make sure to add
ci:normal
,ci:merged
orci:daily
GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found incode/lib/cli/src/sandbox-templates.ts
Make sure this PR contains one of the labels below:
Available labels
bug
: Internal changes that fixes incorrect behavior.maintenance
: User-facing maintenance tasks.dependencies
: Upgrading (sometimes downgrading) dependencies.build
: Internal-facing build tooling & test updates. Will not show up in release changelog.cleanup
: Minor cleanup style change. Will not show up in release changelog.documentation
: Documentation only changes. Will not show up in release changelog.feature request
: Introducing a new feature.BREAKING CHANGE
: Changes that break compatibility in some way with current major version.other
: Changes that don't fit in the above categories.🦋 Canary release
This pull request has been released as version
0.0.0-pr-24565-sha-2d556c14
. Install it by pinning all your Storybook dependencies to that version.More information
0.0.0-pr-24565-sha-2d556c14
upgrade-yarn-4
2d556c14
1698148668
)To request a new release of this pull request, mention the
@storybookjs/core
team.core team members can create a new canary release here or locally with
gh workflow run --repo storybookjs/storybook canary-release-pr.yml --field pr=24565