New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not remove integrity property in Yarn lockfiles #955
Comments
@hassankhan I believe that the cause is that We solved usage of the wrong version by forcibly installing the latest yarn version in our build pipeline at CodeShip. All the new Greenkeeper PRs since have stopped stripping the integrity hashes away. Though since GreenKeeper is the one triggering the lockfile I am not quite sure why it is working now as opposed to before or if there even was something else that happened to change. |
Hi @Koslun, thanks for the response! I'll wait till the next PRs come through on any of my repos and will update the issue as appropriate 👍 |
@Koslun seems problem is still there, this pr just created a few hours before btw, I actually doubt that greenkeeper should use newest yarn as some users may not ready to upgrade, lot of LoC will be introduced after user yarn install again |
+1 @foray1010 , I've seen the same issue rear its head on a few of my repositories again |
@foray1010 For our part, we did not have an Either way I think your suggestion of checking for the presence of the But workaround right now seems to be to be simply use version |
The integrity field was added in yarnpkg/yarn#5042 released in v1.10.0, but since they realized it may be a breaking change, it was disabled for existing entries in yarnpkg/yarn#6465. |
So the best approach for Greenkeeper seems to be upgrading to 1.12.1, and then it will not add integrity fields to existing lockfiles but update those with integrity fields. |
I'm using yarn@1.12.1 in CI, and yet Greenkeeper still removes integrity hashes. Really want to get this resolved! I searched this repo and the lockfile repo for text instances of "yarn" in order to submit a PR, but it looks like the version of yarn used in CI is not part of the code base. |
Is it not possible to control the yarn engine or have green keeper respect the one specified in package.json? |
We also have issues with Greenkeeper's 2nd commit on every PR: |
@willdurand hi fellow Mozillian! Quite a few Mozilla projects are using Renovate instead of Greenkeeper now, since its Yarn lockfile integration works much better amongst other things. If you'd like to chat about it ping me on IRC (:emorley) :-) |
Has Greenkeeper updated it’s yarn version? I’m seeing the integrity fields being added in the latest PRs. |
It seems Greenkeeper is (somewhat unnecessarily) stripping the integrity hashes from Yarn lockfiles. Could this behaviour be changed? Thanks for running such a great service! 👍
The text was updated successfully, but these errors were encountered: