Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump yarn-lib #9378

Closed
Netail opened this issue Mar 27, 2024 · 7 comments
Closed

Bump yarn-lib #9378

Netail opened this issue Mar 27, 2024 · 7 comments
Labels
L: javascript T: tech-debt ⚙️

Comments

@Netail
Copy link

Netail commented Mar 27, 2024
edited
Loading

Code improvement description

Yarn in yarn-lib got bumped to 1.22.22 (dependabot/yarn-lib#56), however the package update has to be published to NPM and then the published version has to be updated in here
@github-actions github-actions bot added L: dart:pub Dart packages via pub L: git:submodules Git submodules L: go:modules Golang modules L: javascript labels Mar 27, 2024
@jakecoffman jakecoffman removed L: go:modules Golang modules L: git:submodules Git submodules L: dart:pub Dart packages via pub labels Mar 28, 2024
@Netail
Copy link
Author

Netail commented Apr 2, 2024
edited
Loading

It currently introduces the bug back when dependabot creates a PR :(
@jakecoffman @abdulapopoola @jeffwidman if any of you can publish the new yarn-lib version to the registry, I can create a PR in this repository

@BPScott
Copy link

BPScott commented Apr 17, 2024

Echoing the above request.
I am also running into problems as a result of dependabot's yarn v1 version not handling hoisting when transitive dependencies listed aliases as dependencies - which is fixed by yarn 1.22.22.

@pavera
Copy link
Contributor

pavera commented Apr 17, 2024

I've published the yarn-lib package to npm and am working to get dependabot to create the update PR in this repo.

@pavera pavera mentioned this issue Apr 18, 2024
Merged
@pavera
Copy link
Contributor

pavera commented Apr 18, 2024

I've now deployed and merged the yarn-lib bump. This should be resolved.

@pavera pavera closed this as completed Apr 18, 2024
@Netail
Copy link
Author

Netail commented Apr 18, 2024

Thank you :)

@BPScott
Copy link

BPScott commented Apr 18, 2024

Thanks @pavera! When do you expect this to be released? I see that a dependabot release was made just before #9531 was merged, are there plans for a fast-follow release to get this yarn fix in or shall it be next week?

@jeffwidman
Copy link
Member

@BPScott typically the code for :dependabot: is deployed daily if not more frequently to GitHub cloud.

The weekly release is primarily for the convenience of others who want to leverage Dependabot in custom ways via a versioned ruby gem.

So if you need it via RubyGems, you'll have to wait for the weekly release... otherwise it's already live.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: javascript T: tech-debt ⚙️
Projects
Dependabot
Status: Done
Milestone
No milestone
Development

No branches or pull requests
5 participants
@BPScott @jeffwidman @pavera @jakecoffman @Netail