Tests should include all major Yarn versions

IBM / audit-ci

Audit NPM, Yarn, PNPM, and Bun dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories

Apache License 2.0

263 stars 43 forks source link

Tests should include all major Yarn versions #302

Closed sargunv closed 5 months ago

sargunv commented 1 year ago

Currently the tests include Yarn v1 and v2. They should also include v3, and perhaps v4 rc builds?

Since v2 and later (Berry) are all very similar, potentially refactor the test code to reuse the same tests for all major Berry versions.

arcanis commented 1 year ago

Note that someone mentioned a bug when used with the 4.0: https://github.com/yarnpkg/berry/issues/5781#issuecomment-1755344002 (we rewrote the command to use a different npm endpoint, which unfortunately doesn't return the same data; you should probably test v1, v3, and v4).

quinnturner commented 5 months ago

I have added test cases for Yarn v2 and v3 in audit-ci's latest v7 release. We currently do not support Yarn v4, as documented in my comment here: https://github.com/IBM/audit-ci/issues/332#issuecomment-2143534686.

If you wish to support Yarn v4 and have solid use-cases, please let me know by commenting on that thread!