[Security] Bump yarn from 1.7.0 to 1.19.2

[dependabot-preview[bot]]

Bumps yarn from 1.7.0 to 1.19.2. This update includes a security fix.

Vulnerabilities fixed

*Sourced from The GitHub Security Advisory Database.* > **High severity vulnerability that affects yarn** > Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. > > Affected versions: < 1.17.3

Release notes

*Sourced from [yarn's releases](https://github.com/yarnpkg/yarn/releases).* > ## v1.19.2 > No release notes provided. > > ## v1.19.1 > No release notes provided. > > ## v1.19.0 > No release notes provided. > > ## v1.18.0 > No release notes provided. > > ## v1.17.3 > No release notes provided. > > ## v1.17.2 > No release notes provided. > > ## v1.17.1 > No release notes provided. > > ## v1.17.0 > No release notes provided. > > ## v1.16.0 > No release notes provided. > > ## v1.15.2 > No release notes provided. > > ## v1.15.1 > No release notes provided. > > ## v1.15.0 > No release notes provided. > > ## v1.14.0 > No release notes provided. > > ## v1.13.0 > - Implements a new `package.json` field: `peerDependenciesMeta` > > [#6671](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6671) - [**Maël Nison**](https://twitter.com/arcanis) > > - Adds an `optional` settings to `peerDependenciesMeta` to silence missing peer dependency warnings > > [#6671](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6671) - [**Maël Nison**](https://twitter.com/arcanis) > > - Implements `yarn policies set-version [range]`. Check [the documentation]() for usage & tips. > > ... (truncated)

Changelog

*Sourced from [yarn's changelog](https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md).* > # Changelog > > Please add one entry in this file for each change in Yarn's behavior. Use the same format for all entries, including the third-person verb. Make sure you don't add more than one line of text to keep it clean. Thanks! > > ## Master > > - Folders like `.cache` won't be pruned from the `node_modules` after each install. > > [#7699](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7699) - [**Maël Nison**](https://twitter.com/arcanis) > > - Correctly installs workspace child dependencies when workspace child not symlinked to root. > > [#7289](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7289) - [**Daniel Tschinder**](https://github.com/danez) > > - Makes running scripts with Plug'n Play possible on node 13. > > [#7650](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7650) - [**Sander Verweij**](https://github.com/sverweij) > > - Change run command to check cwd/node_modules/.bin for commands. Fixes run in workspaces. > > [#7151](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7151) - [**Jeff Valore**](https://twitter.com/codingwithspike) > > ## 1.19.1 > > **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. > > - Computes the `--modules-folder` & friends paths based on the cwd. > > [#7607](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7607) - [**mbpreble**](https://github.com/mbpreble) > > - Stores the sha512 in the cache even when not provided by the server. > > [#7591](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7591) - [**Maël Nison**](https://twitter.com/arcanis) / [#7595](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7595) - [**Michael**](https://github.com/Blasz) > > - Uses the right Node binary when using `yarn-path`. > > [#7592](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7592) - [**Maël Nison**](https://twitter.com/arcanis) > > ## 1.19.0 > > **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. > > - Fixes a potential vulnerability regarding how the build artifacts are stored > > Reported by [**ChALkeR**](https://github.com/ChALkeR), fixed by [**Maël Nison**](https://twitter.com/arcanis) > > ## 1.18.0 > > - Suggests using the Yarn 2 development trunk on PnP-enabled projects > > ... (truncated)

Commits

- [`823b64c`](https://github.com/yarnpkg/yarn/commit/823b64c4597ba33050dbe71415223ecd77b609ef) v1.19.2 - [`999b2b4`](https://github.com/yarnpkg/yarn/commit/999b2b45c95f8f14c2997838ccf5a55cbcc28d42) Prevents cache removal when running an install ([#7699](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/7699)) - [`a9f57e5`](https://github.com/yarnpkg/yarn/commit/a9f57e5c59636abc4592fed821c0305b42dc8656) Correctly install workspace child deps when workspace child not symlinked to ... - [`62e83f3`](https://github.com/yarnpkg/yarn/commit/62e83f335e4769d70a0d18c23e7e3d551386ab8b) make running with Plug'n Play possible on node 13 ([#7650](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/7650)) - [`bac6c54`](https://github.com/yarnpkg/yarn/commit/bac6c54af6c52876440c68d53c55e990e7bd3182) ci(circleci): prevent timeout on circle-ci macos node10 build ([#7651](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/7651)) - [`45ea61b`](https://github.com/yarnpkg/yarn/commit/45ea61bbc1f1066e837d3402edba834ef5982176) fix(run): add cwd/node_modules/.bin to run command search path ([#7151](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/7151)) - [`3e0a32c`](https://github.com/yarnpkg/yarn/commit/3e0a32c990cfc340899a9c911282f88cf69215b3) Update CHANGELOG.md - [`d03a083`](https://github.com/yarnpkg/yarn/commit/d03a0830d07af230e0e7669948a4773be0e2e790) Update CHANGELOG.md - [`213433c`](https://github.com/yarnpkg/yarn/commit/213433c2902a2d9bd208894a75a0691f42b9e5cb) Update CHANGELOG.md - [`cabd2c5`](https://github.com/yarnpkg/yarn/commit/cabd2c5d07910d99dc47cb5736899f24aa720fc0) v1.19.1 - Additional commits viewable in [compare view](https://github.com/yarnpkg/yarn/compare/v1.7.0...v1.19.2)

Maintainer changes

This version was pushed to npm by [danbuild](https://www.npmjs.com/~danbuild), a new releaser for yarn since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #103.