Upgrades from yarn 1.x to yarn berry (4.x) #147
Conversation
This directory does not exist.
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
[`yarn global` is deprecated in Yarn 2.x](https://yarnpkg.com/migration/guide#use-yarn-dlx-instead-of-yarn-global), instead `yarn dlx` is recommended for temporary installs.
Re: "setup" script deletedThe "setup" script in That's because Luckily, the Potential solutions:
I chose option (2) to keep the number of actual dependencies low. Added detailed setup and usage instructions in the top level README. |
Existing concerns and bugs on
|
|
Testing that "scripts": {
+ "firebase-yarn-berry-test": "firebase --version"
}, |
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an invalid package.json?Package has an invalid package.json and can cause installation problems if you try to use it. Fix syntax errors in the invalid package.json and publish a new version with a valid package.json. Consumers can use npm overrides to force a version that does not have this problem if one exists. What's wrong with native code?Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs. Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
|
The last commit that merges master into my branch seems to have broken the build :( Looks like the build is failing because of a TS compilation error Running "yarn run build"
--
15:33:59.823 | Linting and checking validity of types ...
15:34:04.181 | Failed to compile.
15:34:04.181 |
15:34:04.182 | ./pages/_app.tsx:17:12
15:34:04.182 | Type error: 'Component' cannot be used as a JSX component.
15:34:04.183 | Its element type 'Component<any, any, any> \| ReactElement<any, any> \| null' is not a valid JSX element.
15:34:04.183 | Type 'Component<any, any, any>' is not assignable to type 'Element \| ElementClass \| null'.
15:34:04.183 | Type 'Component<any, any, any>' is not assignable to type 'ElementClass'.
15:34:04.183 | The types returned by 'render()' are incompatible between these types.
15:34:04.183 | Type 'React.ReactNode' is not assignable to type 'import("/vercel/path0/node_modules/@types/react-dom/node_modules/@types/react/ts5.0/index").ReactNode'.
15:34:04.183 |
15:34:04.183 | 15 \| >
15:34:04.183 | 16 \| <SessionProvider session={session}>
15:34:04.183 | > 17 \| <Component {...pageProps} />
15:34:04.183 | \| ^
15:34:04.183 | 18 \| </SessionProvider>
15:34:04.184 | 19 \| </GoogleReCaptchaProvider>
15:34:04.184 | 20 \| <Analytics />
15:34:04.300 | Error: Command "yarn run build" exited with 1Might have to do with this PR that was merged 6h ago: The PR:
|
|
I hypothesise that the build error originates here. Upgrading back to $ cd apps/web
$ yarn add @types/[email protected]
$ yarn run build
✓ Linting and checking validity of types
✓ Creating an optimized production build
✓ Compiled successfully
✓ Collecting page data
✓ Generating static pages (2/2)
✓ Collecting build traces
✓ Finalizing page optimization
Route (pages) Size First Load JS
┌ /_app 0 B 93.8 kB
├ λ /[chain] 14.6 kB 108 kB
├ └ css/ab4939cb46ff182c.css 2 kB
├ ○ /404 178 B 94 kB
├ λ /api/auth/[...nextauth] 0 B 93.8 kB
└ λ /api/faucet 0 B 93.8 kB
+ First Load JS shared by all 94.5 kB
├ chunks/framework-8e279965036b6169.js 45.4 kB
├ chunks/main-3099200c5c7ddf87.js 32.9 kB
├ chunks/pages/_app-331eabd72a9d2c3b.js 13.8 kB
├ chunks/webpack-266e854748dabb79.js 1.74 kB
└ css/442e2a1785394bda.css 669 B
λ (Server) server-side renders at runtime (uses getInitialProps or getServerSideProps)
○ (Static) automatically rendered as static HTML (uses no initial props) |
…mismatch The version was downgraded in a previous commit on master.
|
Build is fixed ✅ But socket.dev complains. This was not happening before I merged 
|
arthurgousset
changed the title
That's how `husky` is installed with yarn 2. Ref: https://typicode.github.io/husky/getting-started.html#automatic-recommended
|
I noticed
I'm wondering if I can delete Can you think of any reason why I shouldn't remove it @aaronmgdr ? |
|
Also asked the socket team about an alert that is inconsistent on Slack:
Edit: This is a bug on socket.dev side
|
|
Noting that I checked these two socket alerts. The use of native code looks good to me. 
|
|
agree no need for husky in firebase package. just in root |
`husky` is already a dependency at the top-level.
|
Removed |
Description
Upgrades our yarn package manager from 1.x to "yarn berry" (current yarn 4.x).
Migration steps
References
Tested
An explanation of how the changes were tested or an explanation as to why they don't need to be.
Top level
./package.jsonWeb workspace
web/package.jsonFirebase workspace
firebase/package.jsonRelated issues
Backwards compatibility
This change is backwards compatible. All scripts work as expected or are updated accordingly.
Documentation
No additional docs for yarn berry needed. The version is specified in the top level
package.jsonunder