Update dependency yarn to v1.22.0 [SECURITY]

This PR contains the following updates:

Package	Type	Update	Change
yarn	devDependencies	minor	`1.9.2` -> `1.22.0`

GitHub Vulnerability Alerts

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.

Release Notes

yarnpkg/yarn

### [`v1.22.0`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1220) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.21.1...v1.22.0) - Allows some dots in binary names again [#7811](https://togithub.com/yarnpkg/yarn/pull/7811) - [**Valery Bugakov**](https://togithub.com/valerybugakov) - Better error handling on `yarn set version` [#7848](https://togithub.com/yarnpkg/yarn/pull/7848) - [**Nick Olinger**](https://togithub.com/olingern) - Passes arguments following `--` when running a workspace script (`yarn workspace pkg run command -- arg`) [#7776](https://togithub.com/yarnpkg/yarn/pull/7776) - [**Jeff Valore**](https://twitter.com/rally25rs) - Fixes an issue where the archive paths were incorrectly sanitized [#7831](https://togithub.com/yarnpkg/yarn/pull/7831) - [**Maël Nison**](https://twitter.com/arcanis) - Implements `yarn init -2` [#7862](https://togithub.com/yarnpkg/yarn/pull/7862) - [**Maël Nison**](https://twitter.com/arcanis) - Implements `yarn set version ` as an alias for `policies set-version` [#7862](https://togithub.com/yarnpkg/yarn/pull/7862) - [**Maël Nison**](https://twitter.com/arcanis) ### [`v1.21.1`](https://togithub.com/yarnpkg/yarn/compare/v1.21.0...v1.21.1) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.21.0...v1.21.1) ### [`v1.21.0`](https://togithub.com/yarnpkg/yarn/compare/v1.19.2...v1.21.0) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.19.2...v1.21.0) ### [`v1.19.2`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1192) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.19.1...v1.19.2) - Folders like `.cache` won't be pruned from the `node_modules` after each install. [#7699](https://togithub.com/yarnpkg/yarn/pull/7699) - [**Maël Nison**](https://twitter.com/arcanis) - Correctly installs workspace child dependencies when workspace child not symlinked to root. [#7289](https://togithub.com/yarnpkg/yarn/pull/7289) - [**Daniel Tschinder**](https://togithub.com/danez) - Makes running scripts with Plug'n Play possible on node 13. [#7650](https://togithub.com/yarnpkg/yarn/pull/7650) - [**Sander Verweij**](https://togithub.com/sverweij) - Change run command to check cwd/node_modules/.bin for commands. Fixes run in workspaces. [#7151](https://togithub.com/yarnpkg/yarn/pull/7151) - [**Jeff Valore**](https://twitter.com/codingwithspike) ### [`v1.19.1`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1191) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.19.0...v1.19.1) **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. - Computes the `--modules-folder` & friends paths based on the cwd. [#7607](https://togithub.com/yarnpkg/yarn/pull/7607) - [**mbpreble**](https://togithub.com/mbpreble) - Stores the sha512 in the cache even when not provided by the server. [#7591](https://togithub.com/yarnpkg/yarn/pull/7591) - [**Maël Nison**](https://twitter.com/arcanis) / [#7595](https://togithub.com/yarnpkg/yarn/pull/7595) - [**Michael**](https://togithub.com/Blasz) - Uses the right Node binary when using `yarn-path`. [#7592](https://togithub.com/yarnpkg/yarn/pull/7592) - [**Maël Nison**](https://twitter.com/arcanis) ### [`v1.19.0`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1190) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.18.0...v1.19.0) **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. - Fixes a potential vulnerability regarding how the build artifacts are stored Reported by [**ChALkeR**](https://togithub.com/ChALkeR), fixed by [**Maël Nison**](https://twitter.com/arcanis) ### [`v1.18.0`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1180) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.17.3...v1.18.0) - Suggests using the Yarn 2 development trunk on PnP-enabled projects [#7512](https://togithub.com/yarnpkg/yarn/pull/7512) - [**Maël Nison**](https://twitter.com/arcanis) - Preserves linked packages when calling `yarn create` [#7543](https://togithub.com/yarnpkg/yarn/pull/7543) - [**Nick McCurdy**](https://togithub.com/nickmccurdy) - Fixes the offline mirror filenames when using Verdaccio [#7499](https://togithub.com/yarnpkg/yarn/pull/7499) - [**xv2**](https://togithub.com/xv2) - Fixes using `link:.` to refer to the package folder [#7512](https://togithub.com/yarnpkg/yarn/pull/7512) - [**Maël Nison**](https://twitter.com/arcanis) - Runs the `prepare` lifecycle of git dependencies even if `NODE_ENV` is set to `production`. [#7398](https://togithub.com/yarnpkg/yarn/pull/7398) - [**John Firebaugh**](https://togithub.com/jfirebaugh) - Fixes the `postversion` lifecycle method not being called when using `--no-git-tag-version`. [#7154](https://togithub.com/yarnpkg/yarn/pull/7154) - [**Hampus Tågerud**](https://togithub.com/hampustagerud) - Ignores potentially large vscode keys in package.json to avoid E2BIG errors. [#7419](https://togithub.com/yarnpkg/yarn/pull/7419) - [**Eric Amodio**](https://twitter.com/eamodio) - Enforces https for the Yarn and npm registries. [#7393](https://togithub.com/yarnpkg/yarn/pull/7393) - [**Maël Nison**](https://twitter.com/arcanis) - Adds support for reading `yarnPath` from v2-produced `.yarnrc.yml` files. [#7350](https://togithub.com/yarnpkg/yarn/pull/7350) - [**Maël Nison**](https://twitter.com/arcanis) ### [`v1.17.3`](https://togithub.com/yarnpkg/yarn/compare/v1.17.2...v1.17.3) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.17.2...v1.17.3) ### [`v1.17.2`](https://togithub.com/yarnpkg/yarn/compare/v1.17.1...v1.17.2) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.17.1...v1.17.2) ### [`v1.17.1`](https://togithub.com/yarnpkg/yarn/compare/v1.17.0...v1.17.1) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.17.0...v1.17.1) ### [`v1.17.0`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1170) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.16.0...v1.17.0) - Adds prereleases flags and prerelease identifier to `yarn version`. [#7336](https://togithub.com/yarnpkg/yarn/pull/7336) - [**Daniel Seijo**](https://togithub.com/daniseijo) - Fixes audits when used with `yarn add` & `yarn upgrade` [#7326](https://togithub.com/yarnpkg/yarn/pull/7326) - [**David Sanders**](https://togithub.com/dsanders11) - Adds support for the `--offline` flag to `yarn global add` [#7330](https://togithub.com/yarnpkg/yarn/pull/7330) - [**Francis Crick**](https://guthub.com/fcrick) - Yarn will tolerate Yaml at parse time. Full support isn't ready yet and will only come at the next major. [#7300](https://togithub.com/yarnpkg/yarn/pull/7300) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes a bug when using the `link:` protocol with a folder that doesn't contain a `package.json` [#7337](https://togithub.com/yarnpkg/yarn/pull/7337) - [**Maël Nison**](https://twitter.com/arcanis) ### [`v1.16.0`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1160) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.15.2...v1.16.0) - Retries downloading a package on `yarn install` when we get a ETIMEDOUT error. [#7163](https://togithub.com/yarnpkg/yarn/pull/7163) - [**Vincent Bailly**](https://togithub.com/VincentBailly) - Implements `yarn audit --level [severity]` flag to filter the audit command's output. [#6716](https://togithub.com/yarnpkg/yarn/pull/6716) - [**Rogério Vicente**](https://twitter.com/rogeriopvl) - Implements `yarn audit --groups group_name [group_name ...]`. [#6724](https://togithub.com/yarnpkg/yarn/pull/6724) - [**Tom Milligan**](https://togithub.com/tommilligan) - Exposes the script environment variables to `yarn create` spawned processes. [#7127](https://togithub.com/yarnpkg/yarn/pull/7127) - [**Eli Perelman**](https://togithub.com/eliperelman) - Prevents EPIPE errors from being printed. [#7194](https://togithub.com/yarnpkg/yarn/pull/7194) - [**Abhishek Reddy**](https://togithub.com/arbscht) - Adds support for the npm enterprise URLs when computing the offline mirror filenames. [#7200](https://togithub.com/yarnpkg/yarn/pull/7200) - [**John Millikin**](https://john-millikin.com) - Tweaks the lockfile parser logic to parse a few extra cases [#7210](https://togithub.com/yarnpkg/yarn/pull/7210) - [**Maël Nison**](https://twitter.com/arcanis) ### [`v1.15.2`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1152) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.15.1...v1.15.2) The 1.15.1 doesn't exist due to a release hiccup. - Reverts a behavior causing boggus interactions between PowerShell and `yarn global` [#6954](https://togithub.com/yarnpkg/yarn/pull/6954) - [**briman0094**](https://togithub.com/briman0094) - Fixes a bug where non-zero exit codes were converted to a generic 1 when running `yarn run` [#6926](https://togithub.com/yarnpkg/yarn/pull/6926) - [**Kyle Fang**](https://togithub.com/zhigang1992) - Fixes production / development reporting when running `yarn audit` [#6970](https://togithub.com/yarnpkg/yarn/pull/6970) - [**Adam Richardson**](https://togithub.com/as3richa) ### [`v1.15.1`](https://togithub.com/yarnpkg/yarn/compare/v1.15.0...v1.15.1) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.15.0...v1.15.1) ### [`v1.15.0`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1150) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.14.0...v1.15.0) - Removes `--scripts-prepend-node-path` as Yarn's default behavior makes this obsolete [#7057](https://togithub.com/yarnpkg/yarn/pull/7057/files) - [**Jason Grout**](https://togithub.com/jasongrout) - Fixes the advisory link printed by `yarn audit` [#7091](https://togithub.com/yarnpkg/yarn/pull/7091) - [**Jakob Krigovsky**](https://togithub.com/sonicdoe) - Fixes `npm_config_` environment variable parsing to support those prefixed with underscore (ex: `_auth`) [#7070](https://togithub.com/yarnpkg/yarn/pull/7070) - [**Nicholas Boll**](https://togithub.com/NicholasBoll) - Fixes yarn `upgrade --latest` for dependencies using `>` or `>=` range specifier [#7080](https://togithub.com/yarnpkg/yarn/pull/7080) - [**Xukai Wu**](https://togithub.com/shilcare) - Fixes `--modules-folder` handling in several places (ex: `yarn check` now respects `--modules-folder`) [#6850](https://togithub.com/yarnpkg/yarn/pull/6850) - [**Jeff Valore**](https://twitter.com/codingwithspike) - Removes `rootModuleFolders` (internal variable which wasn't used anywhere) [#6846](https://togithub.com/yarnpkg/yarn/pull/6846) - [**Jeff Valore**](https://twitter.com/codingwithspike) - Adds support for setting `global-folder` from `.yarnrc` files [#7056](https://togithub.com/yarnpkg/yarn/pull/7056) - [**Hsiao-nan Cheung**](https://togithub.com/niheaven) - Makes `yarn version` cancellable via ctrl-c or empty string [#7064](https://togithub.com/yarnpkg/yarn/pull/7064) - [**Olle Lauri Boström**](https://togithub.com/ollelauribostrom) - Adds support for `yarn policies set-version berry` [#7041](https://togithub.com/yarnpkg/yarn/pull/7041/files) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes yarn `upgrade --scope` when using exotic (github) dependencies [#7017](https://togithub.com/yarnpkg/yarn/pull/7017) - [**Jeff Valore**](https://twitter.com/codingwithspike) - Fixes occasionally mismatching upper/lowecases of drive letters in win32 pnp check [#7007](https://togithub.com/yarnpkg/yarn/pull/7007) - [**Christoph Werner**](https://togithub.com/codepunkt) - Fixes the error reporting for non-HTTP network errors (such as invalid certificates) [#6968](https://togithub.com/yarnpkg/yarn/pull/6968) - [**Chih-Hsuan Yen**](https://togithub.com/yan12125) - Changes the location where the `--require ./.pnp.js` flag gets added into `NODE_OPTIONS`: now at the front (bis) [#6951](https://togithub.com/yarnpkg/yarn/pull/6951) - [**John-David Dalton**](https://twitter.com/jdalton) - Packages won't be auto-unplugged anymore if `ignore-scripts` is set in the yarnrc file [#6983](https://togithub.com/yarnpkg/yarn/pull/6983) - [**Micha Reiser**](https://togithub.com/MichaReiser) - Enables displaying Emojis on [Terminus](https://togithub.com/Eugeny/terminus) by default [#7093](https://togithub.com/yarnpkg/yarn/pull/7093) - [**David Refoua**](https://togithub.com/DRSDavidSoft) - Run the engines check before executing `run` scripts. [#7013](https://togithub.com/yarnpkg/yarn/issues/7013) - [**Eloy Durán**](https://togithub.com/alloy) ### [`v1.14.0`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1140) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.13.0...v1.14.0) - Improves PnP compatibility with Node 6 [#6871](https://togithub.com/yarnpkg/yarn/pull/6871) - [**Robert Jackson**](https://togithub.com/rwjblue) - Fixes PnP detection with workspaces (`installConfig` is now read at the top-level) [#6878](https://togithub.com/yarnpkg/yarn/pull/6878) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes an interaction between `yarn pack` and bundled dependencies [#6908](https://togithub.com/yarnpkg/yarn/pull/6908) - [**Travis Hoover**](https://twitter.com/thoov) - Adds support for `GITHUB_TOKEN` in `yarn policies set-version` [#6912](https://togithub.com/yarnpkg/yarn/pull/6912) - [**Billy Vong**](https://togithub.com/billyvg) - Fixes an issue where `resolve` would forward an incomplete basedir to the PnP hook [#6882](https://togithub.com/yarnpkg/yarn/pull/6882) - [**Zoran Regvart**](https://togithub.com/zregvart) - Fixes the command that `yarn unlink` recommends to run as a followup (now `yarn install --force`) [#6931](https://togithub.com/yarnpkg/yarn/pull/6931) - [**Justin Sacbibit**](https://togithub.com/justinsacbibit) - Changes the location where the `--require ./.pnp.js` flag gets added into `NODE_OPTIONS`: now at the front [#6942](https://togithub.com/yarnpkg/yarn/pull/6942) - [**John-David Dalton**](https://twitter.com/jdalton) - Fixes a bug where `os` and `platform` requirements weren't properly checked when `engines` was missing [#6976](https://togithub.com/yarnpkg/yarn/pull/6976) - [**Micha Reiser**](https://togithub.com/MichaReiser) ### [`v1.13.0`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1130) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.12.3...v1.13.0) - Implements a new `package.json` field: `peerDependenciesMeta` [#6671](https://togithub.com/yarnpkg/yarn/pull/6671) - [**Maël Nison**](https://twitter.com/arcanis) - Adds an `optional` settings to `peerDependenciesMeta` to silence missing peer dependency warnings [#6671](https://togithub.com/yarnpkg/yarn/pull/6671) - [**Maël Nison**](https://twitter.com/arcanis) - Implements `yarn policies set-version [range]`. Check [the documentation](<>) for usage & tips. [#6673](https://togithub.com/yarnpkg/yarn/pull/6673) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes a resolution issue when a package had an invalid `main` entry [#6682](https://togithub.com/yarnpkg/yarn/pull/6682) - [**Maël Nison**](https://twitter.com/arcanis) - Decreases the size of the generated `$PATH` environment variable for a better Windows support [#6683](https://togithub.com/yarnpkg/yarn/issues/6683) - [**Rowan Lonsdale**](https://togithub.com/hWorblehat) - Fixes postinstall scripts for third-party packages when they were referencing a binary from their own dependencies [#6712](https://togithub.com/yarnpkg/yarn/pull/6712) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes yarn audit exit code overflow [#6748](https://togithub.com/yarnpkg/yarn/issues/6748) - [**Andrey Vetlugin**](https://togithub.com/antrew) - Stops automatically unplugging packages with postinstall script when running under `--ignore-scripts` [#6820](https://togithub.com/yarnpkg/yarn/pull/6820) - [**Maël Nison**](https://twitter.com/arcanis) - Adds transparent support for the [`resolve`](https://togithub.com/browserify/resolve) package when using Plug'n'Play [#6816](https://togithub.com/yarnpkg/yarn/pull/6816) - [**Maël Nison**](https://twitter.com/arcanis) - Properly reports the error codes when the npm registry throws 500's [#6817](https://togithub.com/yarnpkg/yarn/pull/6817) - [**Maël Nison**](https://twitter.com/arcanis) ### [`v1.12.3`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1123) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.12.1...v1.12.3) **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. - Fixes an issue with `yarn audit` when using workspaces [#6625](https://togithub.com/yarnpkg/yarn/pull/6639) - [**Jeff Valore**](https://twitter.com/codingwithspike) - Uses `NODE_OPTIONS` to instruct Node to load the PnP hook, instead of raw CLI arguments **Caveat:** This change might cause issues for PnP users having a space inside their cwd (cf [nodejs/node#24065](https://togithub.com/nodejs/node/pull/24065)) [#6479](https://togithub.com/yarnpkg/yarn/pull/6629) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes Gulp when used with Plug'n'Play [#6623](https://togithub.com/yarnpkg/yarn/pull/6623) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes an issue with `yarn audit` when the root package was missing a name [#6611](https://togithub.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://togithub.com/bugzpodder) - Fixes an issue with `yarn audit` when a package was depending on an empty range [#6611](https://togithub.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://togithub.com/bugzpodder) - Fixes an issue with how symlinks are setup into the cache on Windows [#6621](https://togithub.com/yarnpkg/yarn/pull/6621) - [**Yoad Snapir**](https://togithub.com/yoadsn) - Upgrades `inquirer`, fixing `upgrade-interactive` for users using both Node 10 and Windows [#6635](https://togithub.com/yarnpkg/yarn/pull/6635) - [**Philipp Feigl**](https://togithub.com/pfeigl) - Exposes the path to the PnP file using `require.resolve('pnpapi')` [#6643](https://togithub.com/yarnpkg/yarn/pull/6643) - [**Maël Nison**](https://twitter.com/arcanis) ### [`v1.12.1`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1121) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.12.0...v1.12.1) - Ensures the engine check is ran before showing the UI for `upgrade-interactive` [#6536](https://togithub.com/yarnpkg/yarn/pull/6536) - [**Orta Therox**](https://togithub.com/orta) - Restores Node v4 support by downgrading `cli-table3` [#6535](https://togithub.com/yarnpkg/yarn/pull/6535) - [**Mark Stacey**](https://togithub.com/Gudahtt) - Prevents infinite loop when parsing corrupted lockfiles with unterminated strings [#4965](https://togithub.com/yarnpkg/yarn/pull/4965) - [**Ryan Hendrickson**](https://togithub.com/rhendric) - Environment variables now have to **start** with `YARN_` (instead of just contain it) to be considered [#6518](https://togithub.com/yarnpkg/yarn/pull/6518) - [**Michael Gmelin**](https://blog.grem.de) - Fixes the `extensions` option when used by `resolveRequest` [#6479](https://togithub.com/yarnpkg/yarn/pull/6479) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes handling of empty string entries for `bin` in package.json [#6515](https://togithub.com/yarnpkg/yarn/pull/6515) - [**Ryan Burrows**](https://togithub.com/rhburrows) - Adds support for basic auth for registries with paths, such as artifactory [#5322](https://togithub.com/yarnpkg/yarn/pull/5322) - [**Karolis Narkevicius**](https://twitter.com/KidkArolis) - Adds 2FA (Two Factor Authentication) support to publish & alike [#6555](https://togithub.com/yarnpkg/yarn/pull/6555) - [**Krzysztof Zbudniewek**](https://togithub.com/neonowy) - Fixes how the `files` property is interpreted to bring it in line with npm [#6562](https://togithub.com/yarnpkg/yarn/pull/6562) - [**Bertrand Marron**](https://togithub.com/tusbar) - Fixes Yarn invocations on Darwin when the `yarn` binary was symlinked [#6568](https://togithub.com/yarnpkg/yarn/pull/6568) - [**Hidde Boomsma**](https://togithub.com/hboomsma) - Fixes `require.resolve` when used together with the `paths` option [#6565](https://togithub.com/yarnpkg/yarn/pull/6565) - [**Maël Nison**](https://twitter.com/arcanis) ### [`v1.12.0`](https://togithub.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1120) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.11.1...v1.12.0) - Adds initial support for PnP on Windows [#6447](https://togithub.com/yarnpkg/yarn/pull/6447) - [**John-David Dalton**](https://twitter.com/jdalton) - Adds `yarn audit` (and the `--audit` flag for all installs) [#6409](https://togithub.com/yarnpkg/yarn/pull/6409) - [**Jeff Valore**](https://togithub.com/rally25rs) - Adds a special logic to PnP for ESLint compatibility (temporary, until [eslint/eslint#10125](https://togithub.com/eslint/eslint/issues/10125) is fixed) [#6449](https://togithub.com/yarnpkg/yarn/pull/6449) - [**Maël Nison**](https://twitter.com/arcanis) - Makes the PnP hook inject a `process.versions.pnp` variable when setup (equals to `VERSIONS.std`) [#6464](https://togithub.com/yarnpkg/yarn/pull/6464) - [**Maël Nison**](https://twitter.com/arcanis) - Disables by default (configurable) the automatic migration of the `integrity` field. **It will be re-enabled in 2.0.** [#6465](https://togithub.com/yarnpkg/yarn/pull/6465) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes the display name of the faulty package when the NPM registry returns corrupted data [#6455](https://togithub.com/yarnpkg/yarn/pull/6455) - [**Grey Baker**](https://togithub.com/greysteil) - Prevents crashes when running `yarn outdated` and the NPM registry forgets to return the `latest` tag [#6454](https://togithub.com/yarnpkg/yarn/pull/6454) - [**mad-mike**](https://togithub.com/mad-mike) - Fixes `yarn run` when used together with workspaces and PnP [#6444](https://togithub.com/yarnpkg/yarn/pull/6444) - [**Maël Nison**](https://twitter.com/arcanis) - Fixes an edge case when peer dependencies were resolved multiple levels deep (`webpack-dev-server`) [#6443](https://togithub.com/yarnpkg/yarn/pull/6443) - [**Maël Nison**](https://twitter.com/arcanis) ### [`v1.11.1`](https://togithub.com/yarnpkg/yarn/compare/v1.11.0...v1.11.1) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.11.0...v1.11.1) ### [`v1.11.0`](https://togithub.com/yarnpkg/yarn/compare/v1.10.1...v1.11.0) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.10.1...v1.11.0) ### [`v1.10.1`](https://togithub.com/yarnpkg/yarn/compare/v1.10.0...v1.10.1) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.10.0...v1.10.1) ### [`v1.10.0`](https://togithub.com/yarnpkg/yarn/releases/v1.10.0) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.9.4...v1.10.0) - **Use UV_FS_COPYFILE_FICLONE flag in fs.copyFile when available ([#6302](https://togithub.com/yarnpkg/yarn/issues/6302))** [Andrew Sun](mailto:as-com@users.noreply.github.com) - Wed, 5 Sep 2018 11:41:32 +0100 - **Reverts [#2454](https://togithub.com/yarnpkg/yarn/issues/2454) ([#6321](https://togithub.com/yarnpkg/yarn/issues/6321))** [Maël Nison](mailto:nison.mael@gmail.com) - Wed, 5 Sep 2018 11:40:45 +0100 - **ConsoleReporter: do not color if !isTTY ([#6336](https://togithub.com/yarnpkg/yarn/issues/6336))** [John Ruble](mailto:johnruble@gmail.com) - Wed, 5 Sep 2018 10:20:24 +0100 - **test: Fail early if the local yarn build is missing ([#6351](https://togithub.com/yarnpkg/yarn/issues/6351))** [Ed Morley](mailto:501702+edmorley@users.noreply.github.com) - Mon, 3 Sep 2018 23:33:13 +0100 - **fix(resolution): Normalise non-HTTPS NPM registry URLs too ([#6353](https://togithub.com/yarnpkg/yarn/issues/6353))** [Ed Morley](mailto:501702+edmorley@users.noreply.github.com) - Mon, 3 Sep 2018 23:26:54 +0100 - **fix incomplete sanitization ([#6328](https://togithub.com/yarnpkg/yarn/issues/6328))** [Sam Lanning](mailto:sam@samlanning.com) - Sun, 2 Sep 2018 10:27:41 +0100 - **fix(build): Apply bundle fix to legacy build ([#6303](https://togithub.com/yarnpkg/yarn/issues/6303))** [Mark Stacey](mailto:markjstacey@gmail.com) - Tue, 28 Aug 2018 18:48:38 +0100 - **Update update-homebrew.sh ([#6297](https://togithub.com/yarnpkg/yarn/issues/6297))** [Simen Bekkhus](mailto:sbekkhus91@gmail.com) - Wed, 22 Aug 2018 23:45:34 -0700 - **Bugfix [#3724](https://togithub.com/yarnpkg/yarn/issues/3724) ([#6275](https://togithub.com/yarnpkg/yarn/issues/6275))** [Avraham Ostreicher](mailto:aharone27@gmail.com) - Wed, 22 Aug 2018 20:36:33 +0100 - **Changed isValidLicense Check ([#6134](https://togithub.com/yarnpkg/yarn/issues/6134))** [Matt Q](mailto:irrationalrockprogramming@gmail.com) - Wed, 22 Aug 2018 20:33:46 +0100 - **Upgrade gulp v4 ([#6143](https://togithub.com/yarnpkg/yarn/issues/6143))** [Antoine du Hamel](mailto:duhamelantoine1995@gmail.com) - Wed, 22 Aug 2018 20:32:02 +0100 - **Add Windows command executable that use powershell. ([#6093](https://togithub.com/yarnpkg/yarn/issues/6093))** [Mike MacCana](mailto:mike.maccana@gmail.com) - Tue, 21 Aug 2018 10:47:59 +0100 - **Fixes the bundle build ([#6274](https://togithub.com/yarnpkg/yarn/issues/6274))** [Maël Nison](mailto:nison.mael@gmail.com) - Fri, 17 Aug 2018 10:54:07 +0100 - **fix(create): invoke correct path when using scoped package ([#6271](https://togithub.com/yarnpkg/yarn/issues/6271))** [fenduru](mailto:fenduru@users.noreply.github.com) - Thu, 16 Aug 2018 10:35:46 +0100 - **Added ability to run script on all workspaces ([#6244](https://togithub.com/yarnpkg/yarn/issues/6244))** [Kyle Welch](mailto:kwelch0626+github@gmail.com) - Mon, 13 Aug 2018 23:04:00 +0100 - **fix(cli-create): fix scoped creation ([#6239](https://togithub.com/yarnpkg/yarn/issues/6239))** [Vladimir Starkov](mailto:iamstarkov@users.noreply.github.com) - Mon, 13 Aug 2018 12:57:08 +0100 - **Fix: Correctly load v8-compile-cache ([#6261](https://togithub.com/yarnpkg/yarn/issues/6261))** [Andres Suarez](mailto:zertosh@gmail.com) - Sat, 11 Aug 2018 22:45:46 -0700 - **Adds an auto-add-integrity option ([#6255](https://togithub.com/yarnpkg/yarn/issues/6255))** [Maël Nison](mailto:nison.mael@gmail.com) - Fri, 10 Aug 2018 15:07:38 +0100 - **deps: upgrade deps to get rid of Buffer constructor ([#6208](https://togithub.com/yarnpkg/yarn/issues/6208))** [Antoine du Hamel](mailto:duhamelantoine1995@gmail.com) - Fri, 10 Aug 2018 13:21:32 +0100 - **Don&[#39](https://togithub.com/yarnpkg/yarn/issues/39);t compute integrity when network restricted ([#6248](https://togithub.com/yarnpkg/yarn/issues/6248))** [Maël Nison](mailto:nison.mael@gmail.com) - Fri, 10 Aug 2018 12:51:37 +0100 - **Fix performance of PackageHoister.seed ([#6251](https://togithub.com/yarnpkg/yarn/issues/6251))** [Rafał Lindemann](mailto:rl@stamina.pl) - Thu, 9 Aug 2018 18:05:58 +0100 - **ci(perf): Set maxWorkers to match the number of cores available ([#6249](https://togithub.com/yarnpkg/yarn/issues/6249))** [Mark Stacey](mailto:markjstacey@gmail.com) - Thu, 9 Aug 2018 15:42:14 +0100 - **test(warning): Jest: Ignore build directory modules to avoid module name collision ([#6252](https://togithub.com/yarnpkg/yarn/issues/6252))** [Mark Stacey](mailto:markjstacey@gmail.com) - Thu, 9 Aug 2018 15:40:55 +0100 - **Disables tarball fetching on windows ([#6211](https://togithub.com/yarnpkg/yarn/issues/6211))** [Maël Nison](mailto:nison.mael@gmail.com) - Tue, 7 Aug 2018 11:12:58 +0100 - **test(request-cache): Update request-cache `hawk` version ([#6227](https://togithub.com/yarnpkg/yarn/issues/6227))** [Mark Stacey](mailto:markjstacey@gmail.com) - Mon, 6 Aug 2018 18:58:10 +0100 - **test: Fix `yarn run <failing script>` test on Windows ([#6222](https://togithub.com/yarnpkg/yarn/issues/6222))** [Mark Stacey](mailto:markjstacey@gmail.com) - Mon, 6 Aug 2018 18:53:07 +0100 - **Make yarn not to add /usr/bin to PATH if already there ([#6178](https://togithub.com/yarnpkg/yarn/issues/6178))** [x-yuri](mailto:x.yuri.83@gmail.com) - Fri, 3 Aug 2018 11:30:54 +0100 - **Fixes to PR 6007 ([#6207](https://togithub.com/yarnpkg/yarn/issues/6207))** [Clinton Wood](mailto:clint@anotherway.co.za) - Fri, 3 Aug 2018 11:28:01 +0100 - **Fix perf regression ([#6204](https://togithub.com/yarnpkg/yarn/issues/6204))** [Maël Nison](mailto:nison.mael@gmail.com) - Fri, 3 Aug 2018 10:21:34 +0100 - **fix(cli): reword manifest ([#6154](https://togithub.com/yarnpkg/yarn/issues/6154))** [Masato Ohba](mailto:masato.ohba@quipper.com) - Thu, 2 Aug 2018 10:44:10 +0100 - **feat(checksums): add integrity field with sha512 authentication to yarn.lock ([#5042](https://togithub.com/yarnpkg/yarn/issues/5042))** [Aram Drevekenin](mailto:grimsniffer@gmail.com) - Wed, 1 Aug 2018 16:26:34 +0100 - **Bumps hawk ([#6194](https://togithub.com/yarnpkg/yarn/issues/6194))** [Maël Nison](mailto:nison.mael@gmail.com) - Wed, 1 Aug 2018 15:17:17 +0100 - **fix: Show essential output for list commands when using --silent option ([#6158](https://togithub.com/yarnpkg/yarn/issues/6158))** [Robert (Jamie) Munro](mailto:rjmunro@arjam.net) - Sun, 29 Jul 2018 20:58:02 +0100 - **Added a got field to incompatible engine message ([#6161](https://togithub.com/yarnpkg/yarn/issues/6161))** [Shubham Kanodia](mailto:shubhamsizzles@gmail.com) - Sun, 29 Jul 2018 20:56:46 +0100 - **Fixes windows filtering ([#6149](https://togithub.com/yarnpkg/yarn/issues/6149))** [Maël Nison](mailto:nison.mael@gmail.com) - Wed, 25 Jul 2018 16:08:51 +0100 - **Allow bundleDependencies to be respected during `pack` ([#5966](https://togithub.com/yarnpkg/yarn/issues/5966))** [Travis Hoover](mailto:thoov7@gmail.com) - Wed, 25 Jul 2018 09:09:29 +0100 - **Fixes request mock on Node 10.7 ([#6132](https://togithub.com/yarnpkg/yarn/issues/6132))** [Maël Nison](mailto:nison.mael@gmail.com) - Mon, 23 Jul 2018 16:17:58 +0100 ### [`v1.9.4`](https://togithub.com/yarnpkg/yarn/releases/v1.9.4) [Compare Source](https://togithub.com/yarnpkg/yarn/compare/v1.9.2...v1.9.4) No changes, release process improvements

Renovate configuration

:date: Schedule: "" (UTC).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

amilajack / erb-serialport-example