Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🚀 Breaking changes for Yarn 4 #3591

Closed
5 of 13 tasks
Tracked by #12
arcanis opened this issue Oct 19, 2021 · 36 comments
Closed
5 of 13 tasks
Tracked by #12

🚀 Breaking changes for Yarn 4 #3591

arcanis opened this issue Oct 19, 2021 · 36 comments
Labels
enhancement New feature or request
Milestone

Comments

@arcanis
Copy link
Member

arcanis commented Oct 19, 2021

This issue is just there to keep track of which changes we might want to do once we'll get to the next major release. Doesn't mean it'll be anytime soon 🙂 Will be updated as time passes and we think about more things.

@arcanis arcanis added the enhancement New feature or request label Oct 19, 2021
@arcanis arcanis pinned this issue Oct 19, 2021
@brillout
Copy link

Drop Node 12 support (EOL will be 2022-04-30)

This is a no-go for OSS devs. E.g. I run vite-plugin-ssr's test suite against Node 12 to make sure vite-plugin-ssr works with Node 12.

@arcanis
Copy link
Member Author

arcanis commented Oct 30, 2021

This is a no-go for OSS devs. E.g. I run vite-plugin-ssr's test suite against Node 12 to make sure vite-plugin-ssr works with Node 12.

We don't intend to support Node versions that aren't maintained anymore by Node themselves. Not only to make our life easier, but also because some of our dependencies do that too, and need to be kept updated (thus making such Node requirements a necessity).

@brillout
Copy link

Ok makes sense. Even if v4 releases a couple of months earlier than 2022-04-30 that would be ok. Sorry for the noise.

@evanw
Copy link

evanw commented Feb 4, 2022

From this comment it sounds like Yarn 4 might also change the data format:

I'm considering switching to a pure JSON format in the next Yarn major (and we'd publish this JSON as a formal spec that third-party resolvers can rely upon)

I went looking for the corresponding issue for that and ended up here. Should that be on this list too?

@arcanis
Copy link
Member Author

arcanis commented Feb 5, 2022

I added an item to the list 👍

@edvardchen
Copy link
Contributor

We'll be exploring a new resolution algorithm that will prevent most of the attacks similar to the recent color.js hijacking.
from https://dev.to/arcanis/yarn-32-libc-yarn-explain-next-major--o22

Is there any way to follow, the implementation or design or discussion? @arcanis

@pcjmfranken
Copy link

The only installation instructions provided in the docs are for corepack. Since corepack is not always an option (security concerns, having no npm, etc.) it would be nice if the manual instructions could be added back.

@milesj
Copy link

milesj commented Apr 17, 2022

@pcjmfranken Corepack doesn't require npm. It's built into Node.js as of v14.19, which everyone should be using since v12 is EOL in a few days.

@pcjmfranken
Copy link

pcjmfranken commented Apr 17, 2022

@milesj Corepack is actually built into1 the NPM that ships with the official Node distributions. Also, custom Node builds can opt out of Corepack's inclusion independently of NPM's.

You're right in that corepack should be available in the majority of environments, but it's certainly not a given.

Footnotes

  1. You can see the files being added to the node_modules directory here: https://github.com/nodejs/node/blob/master/tools/install.py#L82-L121

@magnattic
Copy link

magnattic commented Apr 22, 2022

The default value change for enableGlobalCache should be well documented when yarn 4 is released. This tripped me up when switching since we sync our local cache folder into our docker dev environment and I was confused why docker didn't work anymore. I expect this might happen to a few other people.

@merceyz merceyz added this to the 4.0.0 milestone May 8, 2023
@devinrhode2
Copy link
Contributor

Hey @arcanis, could any of these changes be cherry picked into v3?

@merceyz
Copy link
Member

merceyz commented May 9, 2023

No, breaking changes can't be backported.

@PowerKiKi
Copy link
Contributor

Yarn 4.0 first rc release is now over 1 year old. And there's been 43 rc releases since then. And the 4.0.0 milestone has no other opened issue.

Is there anything that is blocking a final release of Yarn 4.0.0 ? Is there a rough ETA of when this might happen ?

I am aware that we can use rc releases in the meantime, but it does look a bit unusual to have such a long period of time for rc. If it is stable, then it should probably be released, but if it isn't, then we probably should populate the milestone to reflect what is missing, shouldn't we ?

@arcanis
Copy link
Member Author

arcanis commented May 9, 2023

Is there anything that is blocking a final release of Yarn 4.0.0 ?

Time! It's always time. Most of the work is done, but there's always a couple of smallish improvements we want to make around some "details". Myself I have a couple of things around JS constraints, and @merceyz mentioned he'd like to close #4952 first to make the migration smoother. There's also the website revamp, but it'll likely be shipped separately.

Is there a rough ETA of when this might happen ?

Probably soon, but no ETA.

@PowerKiKi
Copy link
Contributor

Myself I have a couple of things around JS constraints

Could you create issues assigned to 4.0.0 for those things ? then the community might be able to help, at least a bit ?

@landsman
Copy link

landsman commented Jul 8, 2023

Where I can find waiting issues to be done? Milestone is the right place? Because there is only this issue present there. https://github.com/yarnpkg/berry/milestone/2

@lockieluke
Copy link

everyone's been talking about how good yarn 4 is but where on earth are the yarn 4 builds

@adrian-gierakowski
Copy link

yarn set version 4.0.0-rc.48

@danielpza
Copy link
Sponsor

danielpza commented Aug 3, 2023

everyone's been talking about how good yarn 4 is but where on earth are the yarn 4 builds

yarn set version 4.0.0-rc.48

also yarn set version canary https://yarnpkg.com/cli/set/version

@lockieluke
Copy link

where can i find the change logs

@coolbaluk
Copy link

coolbaluk commented Aug 28, 2023

Dependabot updates seem broken due to the cache key change, and each PR will include a mass replacement of zips with vendoring enabled.

I know it's technically unrelated, but thought it's useful to have it documented here.

Edit: When a release for v4 is created, they should pick it up as per here:

https://github.com/dependabot/dependabot-core/blob/main/npm_and_yarn/Dockerfile#L6-L7

@arcanis
Copy link
Member Author

arcanis commented Aug 28, 2023

Will they? From the look of it they use Corepack, so if your package manager is pinned via either packageManager or yarnPath, you should only get updated PR after you migrate to v4, right?

@coolbaluk
Copy link

Will they? From the look of it they use Corepack, so if your package manager is pinned via either packageManager or yarnPath, you should only get updated PR after you migrate to v4, right?

@arcanis It would have been nice, but my guess is they are still using v3 even with the above configured. This is the behaviour I'm seeing:

Screenshot 2023-08-28 at 19 16 47

With:

"packageManager": "yarn@4.0.0-rc.50" and yarnPath: .yarn/releases/yarn-4.0.0-rc.50.cjs

I will write an issue on their side.

@coolbaluk
Copy link

^ Just an update on the above, it was an oversight on my side that I eventually discovered - it was the difference between darwin & linux in the OS that was causing the replacement, not the key change.

I've set it in .yarnrc now, there's no issue with dependabot.

@trivikr
Copy link
Contributor

trivikr commented Oct 22, 2023

Since yarn 4.0 stable is released in https://github.com/yarnpkg/berry/releases/tag/%40yarnpkg%2Fcli%2F4.0.0, this issue can be closed.

@SimenB
Copy link

SimenB commented Oct 22, 2023

getting an overview of what breaking changes are relevant to different use cases of yarn would be nice, and not just a list of the commits

@arcanis
Copy link
Member Author

arcanis commented Oct 22, 2023

We will have a blog post tomorrow getting into the high level changes. I'll keep the issue open until then (we just wanted to tag the release beforehand to avoid having to rush a fix if something broke during the deploy process).

@herzaso
Copy link

herzaso commented Oct 23, 2023

This release made all of our builds to fail.

Here is an excerpt from one of our docker files:

FROM node:16.19.0-bullseye-slim

RUN yarn config set scripts-prepend-node-path true
RUN yarn set version 3.3.1

This image, seem to include the latest version of yarn (4 from several hours ago) and since we rely on 3.3.1 we try to set it.

This is the error that we see:

Step 7/18 : RUN yarn set version 3.3.1
 ---> Running in c2e50735b75c
Usage Error: This tool requires a Node version compatible with >=18.12.0 (got 16.19.0). Upgrade Node, or set `YARN_IGNORE_NODE=1` in your environment.
Yarn Package Manager - 4.0.0

Changing the line to RUN YARN_IGNORE_NODE=1 yarn set version 3.3.1 does fix the issue, just thought you should know about it

@wojtekmaj
Copy link
Contributor

@herzaso I think the error messages are clear enough. This is an expected behavior.

And do yourself a favor and upgrade Node.js to a version that has not reached end of life yet.

@herzaso
Copy link

herzaso commented Oct 23, 2023

@wojtekmaj as I said, the error was clear and we managed to fix, but enterprises move slow. We are in the process of moving to Node 20

@arcanis
Copy link
Member Author

arcanis commented Oct 23, 2023

Here we go: https://yarnpkg.com/blog/release/4.0 !

@trusktr

This comment was marked as off-topic.

@arcanis

This comment was marked as off-topic.

@yarnpkg yarnpkg locked as resolved and limited conversation to collaborators Oct 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests