-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New update #38
New update #38
Conversation
Codecov upload limit reached
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The container build error was:
error Your lockfile needs to be updated, but yarn was run with
--frozen-lockfile
I've tried re-running the container build in case this was a transient error; e.g. sometimes GitHub Actions fails to connect to npm. However, the build failed again. I tried to rebuild the yarn
lock file locally but ran into the problem in the comment below.
Could you please talk me through your method of upgrading yarn to fix the security issues?
Additionally, I think we need to update the following dependencies:
nth-check
to at least 2.0.1 or greaterobject-path
to at least 0.11.8 or later
It probably wouldn't hurt to update all dependencies. Can you use yarn upgrade
to see what gets updated?
web/ensign-landing-page/.yarnrc.yml
Outdated
nodeLinker: node-modules | ||
|
||
plugins: | ||
- path: .yarn/plugins/@yarnpkg/plugin-version.cjs | ||
spec: "@yarnpkg/plugin-version" | ||
|
||
yarnPath: .yarn/releases/yarn-3.2.4.cjs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm getting the following error when I try to run yarn
:
node:internal/modules/cjs/loader:959
throw err;
^
Error: Cannot find module '/Users/benjamin/Workspace/go/src/github.com/rotationalio/ensign/web/ensign-landing-page/.yarn/releases/yarn-3.2.4.cjs'
at Module._resolveFilename (node:internal/modules/cjs/loader:956:15)
at Module._load (node:internal/modules/cjs/loader:804:27)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
at node:internal/main/run_main_module:17:47 {
code: 'MODULE_NOT_FOUND',
requireStack: []
}
What steps should I take to install yarn locally? Could we add these steps to the readme?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated yarn to the latest version by running yarn set version stable and I got that from this page: https://yarnpkg.com/getting-started/install
I ran yarn upgrade, but received a message stating that I should run yarn install, so I did that. I just looked at the documentation again and ran yarn upgrade-interactive, after installing another tool, and these are now the packages listed as needing to be updated. I can do that now and then push again.
@testing-library/user-event ----------------- ◉ ^13.5.0 ------ ◯ ^14.4.3 ------
react-router-dom ---------------------------- ◉ ^6.4.1 ------- ◯ ^6.4.2 -------
react-router -------------------------------- ◉ ^6.4.1 ------- ◯ ^6.4.2 -------
web-vitals ---------------------------------- ◉ ^2.1.4 ------- ◯ ^3.0.3 -------
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's a link where yarn upgrade-interactive is mentioned along with the plugin that I had to install for it to work. https://yarnpkg.com/cli/upgrade-interactive
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I upgraded the dependencies mentioned in my last message. nth-check and object-path were also upgraded. I realized that I missed your message about installing yarn. I ran corepack enable
because I have node installed and running yarn set version stable
should install the latest version of yarn.
@daniellemaxwell ok, so if I remove the For now, I've deleted the |
@bbengfort After I submitted the configuration module PR without an issue, I had a feeling that the .yarnrc.yml file was causing an issue. The plugins aren't necessary as they were added to run yarn version check and yarn upgrade-interactive while I was trying to figure things out. In this case, setting the version isn't important, so I think that all should be good now. |
@daniellemaxwell ok cool; I just wanted to try one more thing real quick - I did some research and found this: https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored -- if we go with the "no zero-installs" approach, then we can commit the yarn release and plugins; if the container builds work I'm happy to go that route. |
Ok, I've put us back to yarn v1.22.19 since I couldn't figure out the yarn 3 container builds. If you run:
You should have the correct yarn version to generate |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once merged we'll take a look at the security alerts and make sure they're resolved!
Scope of changes
Upgraded yarn to the latest release.
Fixes SC-10010
Type of change
Acceptance criteria
Describe how reviewers can test this change to be sure that it works correctly. Add a checklist if possible.
Author checklist
Reviewer(s) checklist