The place to start for issues with areas of Chocolatey that are infrastructure related, or really any issues could be started here. There is also choco for the CLI client, Chocolatey GUI for the GUI.
Is Your Feature Request Related To A Problem? Please describe.
In Yarn 3, there is no built in (reliable) way to run audits on packages to check for vulnerabilities. There is the yarn npm audit command, but that has proven to be unreliable and does not give back accurate results. See https://github.com/yarnpkg/berry/issues/3778#issuecomment-975157825. There is also a ways to still run npm audit, however after testing this on two peoples devices and getting different results, this has also proven to be inaccurate. We need an automated way to check for vulnerabilities in the yarn.lock file before we merge new updates to choco-theme.
Describe The Solution. Why is it needed?
In Yarn 4, this command has been re-implemented and problems have been fixed. Upgrading all projects to Yarn 4.1 will allow us to scan for vulnerabilities in choco-theme before it gets implemented on other repositories.
Is Your Feature Request Related To A Problem? Please describe.
In Yarn 3, there is no built in (reliable) way to run audits on packages to check for vulnerabilities. There is the
yarn npm auditcommand, but that has proven to be unreliable and does not give back accurate results. See https://github.com/yarnpkg/berry/issues/3778#issuecomment-975157825. There is also a ways to still runnpm audit, however after testing this on two peoples devices and getting different results, this has also proven to be inaccurate. We need an automated way to check for vulnerabilities in the yarn.lock file before we merge new updates to choco-theme.Describe The Solution. Why is it needed?
In Yarn 4, this command has been re-implemented and problems have been fixed. Upgrading all projects to Yarn 4.1 will allow us to scan for vulnerabilities in choco-theme before it gets implemented on other repositories.
Additional Context.
Related Issues
n/a
┆Issue is synchronized with this Gitlab issue by Unito