Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Yarn v3 #5322

Closed
BruceHaley opened this issue Jun 29, 2022 · 6 comments
Closed

Support Yarn v3 #5322

BruceHaley opened this issue Jun 29, 2022 · 6 comments
Labels
T: feature-request Requests for new features

Comments

@BruceHaley
Copy link

We can no longer use dependabot because it does not support yarn v3 (or v2).

Do you have any plans to support v3?

Can you suggest a workaround?

Thank you.
@BruceHaley BruceHaley added the T: feature-request Requests for new features label Jun 29, 2022
@KamilaBorowska
Copy link

This is a duplicate of nuxt/framework#1297.

@jlosito jlosito mentioned this issue Oct 20, 2022
Closed
@bmulholland
Copy link

bmulholland commented Oct 26, 2022
edited
Loading

Following instructions for Yarn's v2 upgrade, which I did shortly after #1297 was released, actually upgrades to the latest Yarn version, not v2 (specifically yarn set version berry, which currently installs v3.2.4). Further, when committing that, dependabot doesn't throw an appropriate error or warning. Instead, it silently stops creating PRs because every dependabot run times out ("timeout running job"). (@jurre, FYI it's easy to accidentally create this situation, and I suspect others will be reporting it soon. Maybe knowing this will save you some time investigating.)

Also, it turns out yarn v2 only supports up to typescript 4.4[1] when linking to node_modules (that is, no PnP[2]), so this means that, in this situation, dependabot does not support typescript > 4.4. Yarn v3 has more patches[1] and, if the patch doesn't work, it at least doesn't block the install.

Personally, I only figured out I was on an unsupported Yarn v3 when I came to file an issue that Yarn v2 support was timing out dependabot. Now I'm trying to roll back to Yarn v2, and I'm having to downgrade Typescript to an older version. Frustratingly, the latest version of typescript is supported in both Yarn v1 and v3.

[1] Note that trunk yarn has patches for later versions; these just aren't backported, because (before this dependabot restriction) I imagine everyone could just upgrade to Yarn 3. https://github.com/yarnpkg/berry/blob/master/packages/plugin-compat/extra/typescript/gen-typescript-patch.js#L93
[2] And unfortunately, some tools, like Nuxt, don't yet support PnP.

@bmulholland
Copy link

bmulholland commented Oct 26, 2022
edited
Loading

Actually, Yarn v1 seems generally much better supported than v2, where everyone has moved to v3. So the current dependabot v2 support requires several sacrifices.

Beyond typescript, above, yarn plugin import is broken on Yarn v2:

% yarn plugin import interactive-tools
➤ YN0000: Downloading https://github.com/yarnpkg/berry/raw/master/packages/plugin-interactive-tools/bin/%40yarnpkg/plugin-interactive-tools.js
➤ YN0001: HTTPError: Response code 404 (Not Found)
    at se.<anonymous> (.../.yarn/releases/yarn-2.4.3.cjs:23:10082)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
➤ YN0000: Failed with errors in 0s 624ms

@KamilaBorowska
Copy link

KamilaBorowska commented Oct 26, 2022
edited
Loading

Following instructions for Yarn's v2 upgrade, which I did shortly after nuxt/framework#1297 was released, actually upgrades to the latest Yarn version, not v2 (specifically yarn set version berry, which currently installs v3.2.4). Further, when committing that, dependabot doesn't throw an appropriate error or warning. Instead, it silently stops creating PRs because every dependabot run times out ("timeout running job"). (@jurre, FYI it's easy to accidentally create this situation, and I suspect others will be reporting it soon. Maybe knowing this will save you some time investigating.)

Also, it turns out yarn v2 only supports up to typescript 4.4[1] when linking to node_modules (that is, no PnP[2]), so this means that, in this situation, dependabot does not support typescript > 4.4. Yarn v3 has more patches[1] and, if the patch doesn't work, it at least doesn't block the install.

Personally, I only figured out I was on an unsupported Yarn v3 when I came to file an issue that Yarn v2 support was timing out dependabot. Now I'm trying to roll back to Yarn v2, and I'm having to downgrade Typescript to an older version. Frustratingly, the latest version of typescript is supported in both Yarn v1 and v3.

[1] Note that trunk yarn has patches for later versions; these just aren't backported, because (before this dependabot restriction) I imagine everyone could just upgrade to Yarn 3. https://github.com/yarnpkg/berry/blob/master/packages/plugin-compat/extra/typescript/gen-typescript-patch.js#L93 [2] And unfortunately, some tools, like Nuxt, don't yet support PnP.

Dependabot supports Yarn v3 (https://github.blog/changelog/2022-10-20-dependabot-can-now-generate-security-and-version-updates-for-yarn-v2-and-v3/), if you have any issues with it, it probably would be a good idea to make a separate issue for it.

@bmulholland
Copy link

Oh interesting, I thought it was only Yarn v2. Thanks!

@jeffwidman
Copy link
Member

Closing as we now support Yarn v3, as mentioned ☝️.

@larixer larixer mentioned this issue Nov 15, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: feature-request Requests for new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bmulholland @jeffwidman @KamilaBorowska @BruceHaley