Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unpin the default Yarn version from 1.9.x #569

Merged
merged 1 commit into from Oct 3, 2018
Merged

Unpin the default Yarn version from 1.9.x #569

merged 1 commit into from Oct 3, 2018

Conversation

jmorrell
Copy link
Contributor

Now that 1.11.0 is released with yarnpkg/yarn#6413 merged, Heroku users should see fewer failed builds due to 500 responses from the registry.

@jmorrell jmorrell requested a review from a team as a code owner September 26, 2018 02:17
@edmorley
Copy link
Member

edmorley commented Sep 26, 2018
edited

Hi! Until users update their committed yarn.lock files to include the new integrity field for each package (see yarnpkg/yarn#5042), yarn will do extra work when installing since it will fetch all of the packages to retrospectively work out their hash. (And adding the integrity field requires them to upgrade to yarn 1.10.0 or later locally, refresh the lockfile and commit the result, which many won't do for some time.)

Testing locally it seems the extra work even occurs when using --frozen-lockfile (like this buildpack does), which means that if I run yarn --frozen-lockfile twice in a row (as happens with subsequent buildpack deploys where no dependencies changed) the second operation takes significantly longer (for example 110s instead of 4s, for the first project I checked locally).

Possible workarounds might be:

  • temporarily set unsafe-disable-integrity-migration true in .yarnrc (or via equivalent CLI param/environment variable, if that's possible) until more projects have updated their yarn.lock (or even make this conditional on whether the substring 'integrity sha' appears in their committed yarn.lock)
  • add a buildpack warnings check saying "no integrity hash found, we recommend updating to the latest yarn and refreshing your lockfile"
  • holding off merging this PR until more people are on yarn >=1.10.0 locally
  • file an upstream yarn issue asking them to stop the redundant work being performed when using --frozen-lockfile

Thoughts?

Edit - upstream issues:

This was referenced Sep 26, 2018
Open
Closed
@jmorrell
Copy link
Contributor Author

jmorrell commented Oct 1, 2018

@edmorley Thanks for putting this on my radar!

I'm fine holding off on this for a few days and seeing if the yarn team resolves the issue in a new version. From the conversation, it sounds like they understand the issue and are likely to fix it relatively soon.

If not, I like the idea of adding a warning.

@edmorley
Copy link
Member

edmorley commented Oct 2, 2018

A PR is open to disable the auto-migration :-)
yarnpkg/yarn#6465

@arcanis
Copy link

arcanis commented Oct 3, 2018

1.12 is out - let me know if the issue is fixed for you, I'll soon move it to stable unless we get critical reports 🙂

Unpin the default Yarn version from 1.9.x
f98c3e2 
Now that 1.11.0 is released with yarnpkg/yarn#6413 merged,
Heroku users should see fewer failed builds due to 500 responses from
the registry.
CaseyFaist
CaseyFaist approved these changes Oct 3, 2018
View reviewed changes
Copy link

@CaseyFaist CaseyFaist left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Version change approved 👍

@jmorrell jmorrell merged commit 549a36a into master Oct 3, 2018
@jmorrell jmorrell deleted the unpin-yarn branch October 3, 2018 19:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CaseyFaist CaseyFaist CaseyFaist approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jmorrell @edmorley @arcanis @CaseyFaist