Bump yarn to 4.5.3 (#11123)

jeffwidman · web-flow · commit 21cb4925eeb1 · 2024-12-13T11:29:26.000-08:00
* Bump yarn to 4.5.3 * Update test to match new handling of peer deps This is the failing test: https://github.com/dependabot/dependabot-core/blob/8f037cf1be97f2a0c1f383d74479ebe2a48e0c17/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb#L855-L875 Full commit including lockfiles: 1dcda58 Interestingly, it doesn't fail in Yarn `4.3.1` as seen in: * #8265 Poking through the changelog between 4.3.1 and 4.5.3, this seems to be relevant upstream PR: * yarnpkg/berry#6517 My understanding of peer dependency handling in Yarn is hazy at best, but after reading the PR description, it _looks_ like the algorithm changed and now the peer dependency can be updated and not necessarily held back. That would explain [this test failure](https://github.com/dependabot/dependabot-core/actions/runs/12307737164/job/34351931150?pr=11123#step:5:56): ``` 1) Dependabot::NpmAndYarn::UpdateChecker::VersionResolver#latest_resolvable_version with a yarn berry lockfile when updating a dependency with a peer requirement is expected to eq #<Gem::Version "15.2.0"> Failure/Error: it { is_expected.to eq(Gem::Version.new("15.2.0")) } expected: #<Gem::Version "15.2.0"> got: #<Gem::Version "16.3.1"> (compared using ==) Diff: @@ -1 +1 @@ -Gem::Version.new("15.2.0") +Gem::Version.new("16.3.1") # ./spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb:873:in `block (5 levels) in <top (required)>' # /home/dependabot/common/spec/spec_helper.rb:66:in `block (2 levels) in <top (required)>' # /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock/rspec.rb:39:in `block (2 levels) in <top (required)>' ```
diff --git a/npm_and_yarn/Dockerfile b/npm_and_yarn/Dockerfile
@@ -7,7 +7,7 @@ ARG COREPACK_VERSION=0.24.0
 ARG PNPM_VERSION=9.15.0
 
 # Check for updates at https://github.com/yarnpkg/berry/releases
-ARG YARN_VERSION=4.1.1
+ARG YARN_VERSION=4.5.3
 
 
 # See https://github.com/nodesource/distributions#installation-instructions
diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb
@@ -870,7 +870,7 @@
           )
         end
 
-        it { is_expected.to eq(Gem::Version.new("15.2.0")) }
+        it { is_expected.to eq(Gem::Version.new("16.3.1")) }
       end
     end
 

Original file line number	Diff line number	Diff line change
`@@ -870,7 +870,7 @@`
`870`	`870`	`)`
`871`	`871`	`end`
`872`	`872`
`873`		`- it { is_expected.to eq(Gem::Version.new("15.2.0")) }`
	`873`	`+ it { is_expected.to eq(Gem::Version.new("16.3.1")) }`
`874`	`874`	`end`
`875`	`875`	`end`
`876`	`876`