chore(deps): update yarn to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
yarn (source)	3.0.1 -> 4.3.1

---

Release Notes

yarnpkg/berry (yarn)

v4.3.1

Compare Source

v4.3.0

Compare Source

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

v4.1.1

Compare Source

v4.1.0

Compare Source

• Tweaks -,--verbose in yarn workspaces foreach; -v will now only print the prefixes, -vv will be necessary to also print the timings.

• Adds a new --json option to yarn run when called without script name

• Fixes node-modules linker link: dependencies mistreatment as inner workspaces, when they point to a parent folder of a workspace

• Fixes spurious "No candidates found" errors

• Fixes missing executable permissions when using nodeLinker: pnpm

• Fixes packages being incorrectly flagged as optional

• Fixes cache key corruptions due to uncontrolled git merges

• Fixes yarn version apply --all --dry-run making unexpected changes

• Fixes yarn npm login when the remote registry is Verdaccio

v4.0.2

Compare Source

v4.0.1

Compare Source

v4.0.0

Compare Source

Major Changes

• With Node.js 16's now being End of Life'd, we dropped support for Node.js versions lower than 18.12.

• Some important defaults have changed:

  • yarn set version will prefer using packageManager rather than yarnPath when possible.
  • yarn init will no longer use zero-install by default. You still can enable it, but it should make it easier to start one-of projects without having to rewrite the configuration afterwards.
  • yarn workspaces foreach now requires one of --all, --recursive, --since, or --worktree to be explicitly specified; the previous default was --worktree, but it was rarely what users expected.

• All official Yarn plugins are now included by default in the bundle we provide. You no longer need to run yarn plugin import for official plugins (you still need to do it for third-party plugins, of course).

  • This doesn't change anything to the plugin API we provide, which will keep being maintained.
  • Yarn still has a modular architecture and uses the exact same APIs as contrib plugins; all that changes is how we distribute our own features.

• Yarn's UI during installs has been greatly improved:

  • Packages added and removed from the lockfile are now explicitly reported.
  • Fluctuations in the project cache size are now reported as a single line.
  • Unactionable warnings (node-gyp and transitive peer dependency errors) have been removed.
  • Skipped builds are now only reported during initial installs and manual yarn rebuild calls.
  • The Yarn version is now displayed on installs to help us investigate issues when reported as screenshots.
  • Deprecation checks have been moved to yarn npm audit.

• Some settings were renamed or removed:

  • caFilePath is now httpsCaFilePath
  • preferAggregateCacheInfo has been removed (it's now always on)
  • pnpDataPath has been removed to adhere to our new PnP specification. For consistency, all PnP files will now be hardcoded to a single value so that third-party tools can implement the PnP specification without relying on the Yarn configuration.

• The yarn npm audit command has been reimplemented:

  • The audit registry must now implement the /-/npm/v1/security/advisories/bulk endpoint.
  • The npmAuditRegistry can be used to temporarily route audit queries to the npm registry.
  • Deprecations are now returned by default. To silence them, use yarn npm audit ! --no-deprecations.

• Some legacy layers have been sunset:

  • Plugins cannot access the Clipanion 2 APIs anymore (upgrade to Clipanion 3)
  • Plugins cannot access the internal copy of Yup anymore (use Typanion instead)
  • Yarn will no longer remove the old Yarn 2.x .pnp.js file when migrating.
  • The --assume-fresh-project flag of yarn init has been removed.

API Changes

The following changes only affect people writing Yarn plugins:

• The ZipFS and ZipOpenFS classes have been moved from @yarnpkg/fslib to @yarnpkg/libzip. They no longer need or accept the libzip parameter.

  • Reading the zip archives is now done on the Node.js side for performance; as a result, the open, ZIP_CREATE, and ZIP_TRUNCATE bindings are no longer needed for ZipFS and have also been removed.

• The dependencies field sent returned by Resolver#resolve must now be the result of a Configuration#normalizeDependencyMap call. This change is prompted by a refactoring of how default protocols (ie npm:) are injected into descriptors. The previous implementation caused various descriptors to never be normalized, which made it difficult to know what were the descriptors each function should expect.

  • Similarly, the descriptors returned by Resolve#getResolutionDependencies are now expected to be the result of Configuration#normalizeDependency calls.

  • Note that this only applies to the dependencies field; the peerDependencies field is unchanged, as it must only contains semver ranges without any protocol (with an exception for workspace:, but that's not relevant here).

• The Resolve#getResolutionDependencies function must now return an object of arbitrary string keys and descriptor values (instead of a map with DescriptorHash keys). Those descriptors will be resolved and assigned to the same keys as the initial object. This change allows resolvers to wrap resolution dependencies from other resolvers, which wasn't possible before since it'd have caused the key to change.

• The generateLoader function in @yarnpkg/pnp no longer generates the $$SETUP_STATE function, it now needs to be present in the loader passed to the function.

• The getCustomDataKey function in Installer from @yarnpkg/core has been moved to Linker.

• renderForm's options argument is now required to enforce that custom streams are always specified.

• npmConfigUtils.getAuditRegistry no longer takes a Manifest as its first argument.

• The FetchOptions.skipIntegrityCheck option has been removed. Use FetchOptions.cacheOptions.skipIntegrityCheck instead.

• MapConfigurationValue has been removed. Use miscUtils.ToMapValue instead.

• Manifest.isManifestFieldCompatible and Manifest.prototype.isCompatibleWith{OS,CPU} have been removed. Use Manifest.prototype.getConditions and structUtils.isPackageCompatible instead.

• versionUtils.{fetchBase,fetchRoot,fetchChangedFiles} have been moved from @yarnpkg/plugin-version to @yarnpkg/plugin-git. Use gitUtils.{fetchBase,fetchRoot,fetchChangedFiles} instead.

• For consistency reasons:

  • Link{Resolver,Fetcher} have been renamed to Portal{Resolver,Fetcher}
  • RawLink{Resolver,Fetcher} have been renamed to Link{Resolver,Fetcher}

• FakeFS classes are now required to implement lutimes{Sync,Promise}.

• workspace.dependencies has been removed. Use workspace.anchoredPackage.dependencies instead.

• The Installer class must now return BuildRequest structures instead of BuildDirective[]. This lets you mark that the build must be skipped, and the reason why.

• startCacheReport has been removed, and is now part of the output generated by fetchEverything.

• forgettableNames & forgettableBufferSize have been removed (the only messages using them have been removed, making the forgettable logs implementation obsolete).

• workspace.locator has been removed. You can instead use:

  • workspace.anchoredLocator to get the locator that's used throughout the dependency tree.
  • workspace.manifest.version to get the workspace version.

• configuration.{packageExtensions,refreshPackageExtensions} have been removed. Use configuration.getPackageExtensions instead.

• configuration.normalizePackage now requires a packageExtensions option.

• ProjectLookup has been removed. Both Configuration.find and Configuration.findProjectCwd now always do a lockfile lookup.

Installs

• Yarn now caches npm version metadata, leading to faster resolution steps and decreased network data usage.
• The pnpm linker avoids creating symlinks that lead to loops on the file system, by moving them higher up in the directory structure.
• The pnpm linker no longer reports duplicate "incompatible virtual" warnings.

Features

• enableOfflineMode is a new setting that, when set, will instruct Yarn to only use the metadata and archives already stored on the local machine rather than download them from the registry. This can be useful when performing local development under network-constrained environments (trains, planes, ...).
• yarn run bin now injects the environment variables defined in .env.yarn when spawning a process. This can be configured using the injectEnvironmentFiles variable.
• yarn workspaces foreach now automatically enables the yarn workspaces foreach ! --verbose flag in interactive terminals.
• Constraints can now be written in JavaScript. See the revamped documentation for more information.

Bugfixes

• yarn dlx will no longer report false-positive UNUSED_PACKAGE_EXTENSION warnings
• yarn workspace will now set $INIT_CWD to the CLI working directory rather than the workspace root.

Shell

• The builtin shell now supports whitespace-only commands.

Compatibility

• The patched filesystem now supports FileHandle.readLines.
• PnP now reports missing files when in watch mode.

v3.8.3

Compare Source

v3.8.2

Compare Source

v3.8.1

Compare Source

v3.8.0

Compare Source

v3.7.0

Compare Source

v3.6.4

Compare Source

v3.6.3

Compare Source

v3.6.2

Compare Source

v3.6.1

Compare Source

v3.6.0

Compare Source

v3.5.1

Compare Source

v3.5.0

Compare Source

v3.4.1

Compare Source

• Fixes an accidental backport error in yarn init.

v3.4.0

Compare Source

Node.js parity

• PnP now supports the Node --conditions flag.
• PnP now supports the Node --watch flag on Node 18 (it previously only supported it on Node 19).

Bugfixes

• The PnP API module (pnpapi) can now be imported from ESM modules.
• ZipFS.prototype.getBufferAndClose will not error on empty archives resulting from an unlink after write.
• Fixes various issues around postinstall script inter-dependencies.
• Removes the message prefixes (YN0000) from yarn workspaces foreach.

Compatibility

• Updates the PnP compatibility layer for TypeScript v5.0.0-beta.

v3.3.1

Compare Source

v3.3.0

Compare Source

Installs

• The node-modules linker avoids creation of circular symlinks
• The node-modules linker no longer creates duplicate copies inside of aliased packages
• The node-modules linker locates binaries correctly when the same version of the package is duplicated inside root workspace and another workspace
• Improved performance for hardlinks-global node-modules linker mode by 1.5x

Compatibility

• Updates the PnP compatibility layer for TypeScript v4.9.2-rc.

v3.2.4

Compare Source

Compatibility

• The patched filesystem now supports fchown.
• PnP now handles private import mappings.
• Updates the PnP compatibility layer for TypeScript v4.8.4 and v4.9.1-beta.
• PnP now reports loaded modules when in watch mode.

v3.2.3

Compare Source

Bugfixes

• When Corepack is enabled Yarn will now use the current CLI to prepare external Yarn classic projects, matching the behaviour of when Corepack is disabled.

Compatibility

• Updates the PnP compatibility layer for TypeScript 4.8.1-rc
• The ESM loader now supports unflagged JSON modules.

v3.2.2

Compare Source

Compatibility

• The patched filesystem now supports ftruncate.
• The patched filesystem now supports fchmod.
• The patched filesystem now supports throwIfNoEntry.
• The PnP filesystem now handles most of the FileHandle methods
• Updates the PnP compatibility layer for TypeScript 4.8 Beta
• The npm_package_json environment variable is now set by Yarn.

v3.2.1

Compare Source

Installs

• The pnpm linker no longer tries to remove node_modules directory, when node-modules linker is active
• The node-modules linker does not fail anymore if portal dependency points to an external project with multiple interdependent workspaces
• The node-modules linker has received various improvements:
  • applies hoisting algorithm on aliased dependencies
  • reinstalls modules that have their directories removed from node_modules by the user
  • improves portal hoisting
  • supports supportedArchitectures

Bugfixes

• The PnP ESM loader is now able to handle symlinked extensionless entrypoints.

v3.2.0

Compare Source

Various improvements have been made in the core to improve performance. Additionally:

Commands

• The yarn workspaces foreach run command is now able to run binaries.
• The yarn npm info command now supports displaying information about a tagged version of a package (e.g. yarn npm info vue@next).
• A new yarn explain command has been added. It can be used to explain an error code, or list all available error codes.
  • For example, try to run yarn explain YN0002.
• The yarn npm publish command now accepts a new --otp option, to set the One-Time Password from the CLI.
  • A better error message will also be shown when a query fails due to an invalid OTP.
• yarn upgrade-interactive now has improved paging:
  • Yarn will display as many suggestions as can fit in the viewport (rather than a fixed-size list).
  • The suggestions that fit in the viewport will be fetched in the foreground and will load one-by-one.
  • The suggestions that don't will be fetched in the background and will be loaded in batches to increase responsiveness and reduce input lag.
  • Most notably, you won't have to wait for all of the suggestions to be fetched (which took a very long time before on large monorepos) before you can start navigating through the list.

Installs

• The node-modules linker now tolerates if node_modules is a symbolic link, and doesn't recreate it.
• On top of the cpu and arch fields, Yarn now support a new libc field which can be used in tandem with optionalDependencies to avoid downloading packages that have been linked against incompatible standard libraries (we currently support two values: glibc and musl).
• The pnpm linker has received various improvements:
  • It will now remove the node_modules/.store and node_modules folders if they are empty.
  • It now supports running binaries of soft links.
  • It will now create self-references for packages that don't depend on other versions of themselves.
  • It will now remove scope folders (e.g. node_modules/@​yarnpkg) if they are empty or after removing a scoped dependency.
• All .pnp.cjs files with inlined data will now store the data in a JSON string literal instead of an object literal to improve startup performance.

Compatibility

• The shell now treats backslashes same as Bash (so it mostly ignore them).
  • Could potentially be a breaking change, but the old behavior caused portability issues with a few packages, so we had to make this change (especially since the portable shell is intended to help portability).
• The shell now supports ${FOO:+}.
• The PnP filesystem now handles read and readSync using options.
• The PnP filesystem now handles UNC paths using forward slashes.
• The PnP filesystem now sets the proper path property on streams created by createReadStream() and obtained from zip archives.
• The PnP runtime now throws an ERR_REQUIRE_ESM error when attempting to require an ES Module, matching the default Node.js behaviour.
• Updates the PnP compatibility layer for TypeScript 4.6 Beta (it's possible we'll need to publish another patch update once the 4.6 enters stable).

Bugfixes

• @yarnpkg/pnpify now escapes paths correctly.
• The ESM loader is now enabled regardless of the entrypoint module type, this fixes support for dynamic imports in commonjs modules when the entrypoint is also commonjs.
• The ESM loader is now able to resolve relative imports with search parameters.
• The node field inside the npm_config_user_agent Yarn sets will now include a leading v.
• Yarn is now able to recover from a corrupted install state.
• Yarn is now able to migrate classic lockfiles containing unconventional tarball URLs.
• The nm linker hoists portals after hoisting their dependencies first.
• Fixed a crash caused by a bad interaction between aliased packages and peer dependencies.
• The ESBuild plugin will no longer allow access to Node.js builtins if the platform isn't set to Node.
• SemVer ranges with build metadata can now be resolved.
• The YARN_IGNORE_NODE environment variable will now be parsed using the same mechanism as env variable configuration settings (i.e. both 1/0 and true/false will be accepted)

ZipFS Extension

• You can now unmount zip folders by right-clicking on their workspaces.

Miscellaneous Features

• Reporting for Git errors has been improved.
• The resolution step now has a progress indicator.
• The experimental ESM loader warning emitted by Node.js is now suppressed.
• Private registries can now be authenticated using private keys and certificates.
• A new wrapNetworkRequest hook now lets you wrap network requests (for example to log them).

v3.1.1

Compare Source

• Updates the PnP compatibility layer for TypeScript 4.5

v3.1.0

Commands

• The yarn workspaces list and yarn workspaces foreach commands now both support a new --since option that lets you filter the workspace list by changes (only workspaces that changed since the specified commit will be iterated on). This feature is still a little experimental, especially when used with -R,--recursive.
• The yarn workspaces foreach command now handles the fact that a script containing : only becomes global if it exists in exactly one workspace.
• The yarn workspaces foreach command now supports --jobs 1 and --jobs unlimited.
• The yarn init -2 command will now add the packageManager field to your project manifest.

Settings

• The pattern matcher from logFilters will now match any part of the log entry.

Installs

• A new nodeLinker: pnpm mode will let you install packages using the pnpm install strategy, where packages are stored flat and referenced by each others through symlinks. This mode is still a little experimental, so please send our way bugs you might find.
• Yarn won't install anymore packages that don't match the current OS. Should you need to (for example if you check-in your cache), use the supportedArchitectures field to manually enforce the presence of specific architectures.
• The nmMode: hardlinks-global setting will now be automatically downgraded to nmMode: hardlinks-local when global caches and install folders are kept on different devices, thus letting the install continue normally. A warning will still be produced explaining this behaviour.
• The node_modules linker maximizes chances to end-up with only one top-level node_modules in the case of using workspaces
• The nmSelfReferences setting has been added to the nm linker to control whether workspaces are allowed to require themselves - results in creation of self-referencing symlinks. yarn workspaces focus will not create self-referencing symlinks for excluded workspaces anymore.
• Yarn can now install workspaces from remote git repositories that use npm if npm@>=7.x is installed on the system.
• The hoisting algorithm should be faster, improving the install time for recurrent node_modules installs.

Miscellaneous Features

• Workspaces can now be referred to using workspace:^ and workspace:~. When published, those markers will turn into the actual version (just like what used to happen with workspace:*), except that they'll be prefixed with the relevant semver prefix (respectively ^ and ~).
• A new npmAuditRegistry setting will let you define which registry to use when running audits. If unset, we'll fallback to the currently configured publish registry (we'll likely change this behavior in Yarn 4 to rather use the fetch registry).

Bugfixes

• Direct portal dependencies for node_modules installs will now be given priority during hoisting, preventing cases when indirect regular dependencies would block the way for direct portal dependencies.
• The pnpify binary can now be used from inside directories containing spaces.
• The CLI bundles built from sources will now output the commit hash instead of the tree hash, as part of their --version string.
• Nested workspaces are properly hoisted by node-modules linker.
• Self-referencing symlinks won't be created for anonymous workspaces when using the node-modules linker, since they cannot be used from the code anyway.
• The cache is now fully atomic when moving files across devices, and is more efficient in general.
• The PnP patch will now properly pick up changes to the fs module, allowing users to patch it.
• When using PnP, require.resolve('pnpapi') will be handled correctly even when using exports.
• The install state will no longer be invalidated after running commands that modify the lockfile; this should bring a significant performance improvement when running commands such as yarn run immediately after adding or removing dependencies inside large monorepos.
• Optional peer dependencies now imply an optional peer dependency on the corresponding @types version. This matches the behaviour for peer dependencies.

Compatibility

• Yarn will now generate an experimental ESM loader when it detects you may need it. This can be disabled (or enabled) using pnpEnableEsmLoader.
• The PnP compatibility patch for resolve will no longer resolve missing modules to a file with the same name that would happen to be located next to the issuer.
• Fixes the SDK to account for a breaking change in VSCode >=1.61.

v3.0.2

• Updated TypeScript patch to cover TypeScript 4.4.
• Fixed VirtualFS.mapToBase to preserve . characters (was converting them to empty strings).

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.