[Security] Bump yarn from 1.7.0 to 1.21.1

[dependabot-preview[bot]]

Bumps yarn from 1.7.0 to 1.21.1. This update includes a security fix.

Vulnerabilities fixed

*Sourced from The GitHub Security Advisory Database.* > **High severity vulnerability that affects yarn** > Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. > > Affected versions: < 1.17.3

Release notes

*Sourced from [yarn's releases](https://github.com/yarnpkg/yarn/releases).* > ## v1.21.1 > No release notes provided. > > ## v1.21.0 > No release notes provided. > > ## v1.20.0 > No release notes provided. > > ## v1.19.2 > No release notes provided. > > ## v1.19.1 > No release notes provided. > > ## v1.19.0 > No release notes provided. > > ## v1.18.0 > No release notes provided. > > ## v1.17.3 > No release notes provided. > > ## v1.17.2 > No release notes provided. > > ## v1.17.1 > No release notes provided. > > ## v1.17.0 > No release notes provided. > > ## v1.16.0 > No release notes provided. > > ## v1.15.2 > No release notes provided. > > ## v1.15.1 > No release notes provided. > > ## v1.15.0 > No release notes provided. > > ## v1.14.0 > No release notes provided. > > ## v1.13.0 > - Implements a new `package.json` field: `peerDependenciesMeta` > ... (truncated)

Changelog

*Sourced from [yarn's changelog](https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md).* > # Changelog > > Please add one entry in this file for each change in Yarn's behavior. Use the same format for all entries, including the third-person verb. Make sure you don't add more than one line of text to keep it clean. Thanks! > > ## Master > > - Prints workspace names with `yarn workspaces` (silence with `-s`) > > [#7722](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7722) - [**Orta**](https://twitter.com/orta) > > - Implements `yarn init --install berry` > > [#7723](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7723) - [**Maël Nison**](https://twitter.com/arcanis) > > ## 1.19.2 > > - Folders like `.cache` won't be pruned from the `node_modules` after each install. > > [#7699](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7699) - [**Maël Nison**](https://twitter.com/arcanis) > > - Correctly installs workspace child dependencies when workspace child not symlinked to root. > > [#7289](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7289) - [**Daniel Tschinder**](https://github.com/danez) > > - Makes running scripts with Plug'n Play possible on node 13. > > [#7650](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7650) - [**Sander Verweij**](https://github.com/sverweij) > > - Change run command to check cwd/node_modules/.bin for commands. Fixes run in workspaces. > > [#7151](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7151) - [**Jeff Valore**](https://twitter.com/codingwithspike) > > ## 1.19.1 > > **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. > > - Computes the `--modules-folder` & friends paths based on the cwd. > > [#7607](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7607) - [**mbpreble**](https://github.com/mbpreble) > > - Stores the sha512 in the cache even when not provided by the server. > > [#7591](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7591) - [**Maël Nison**](https://twitter.com/arcanis) / [#7595](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7595) - [**Michael**](https://github.com/Blasz) > > - Uses the right Node binary when using `yarn-path`. > > [#7592](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/7592) - [**Maël Nison**](https://twitter.com/arcanis) > > ## 1.19.0 > > ... (truncated)

Commits

- [`95186d5`](https://github.com/yarnpkg/yarn/commit/95186d5f61ea34de7be6c59b7cfb934cc3b31988) v1.21.1 - [`cefe4c5`](https://github.com/yarnpkg/yarn/commit/cefe4c529816f94cfefbb78c1b0d16d7da895b64) Fixes bin overwrites ([#7755](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/7755)) - [`604b4c8`](https://github.com/yarnpkg/yarn/commit/604b4c89515830271910c0981cb5a7c008d35b70) v1.21.0 - [`e90518d`](https://github.com/yarnpkg/yarn/commit/e90518daf90b4935567ecee1902515ea3084d4f1) v1.20.0 - [`d23f5d2`](https://github.com/yarnpkg/yarn/commit/d23f5d260b33883286437558e2f7e3c8bc96b5b1) Adds a note of the workspace name when running commands in all workspaces ([#7](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/7)... - [`11872ca`](https://github.com/yarnpkg/yarn/commit/11872ca387b144f379afe21005be709d474f1113) Adds support for --install in yarn init ([#7723](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/7723)) - [`98d51d8`](https://github.com/yarnpkg/yarn/commit/98d51d88310eede3d6394a20d5a11dbb258cb54b) Prevents cache removal when running an install ([#7699](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/7699)) - [`c43f66d`](https://github.com/yarnpkg/yarn/commit/c43f66d14b1baedc7f50055dd7c997b32be0f8b1) Correctly install workspace child deps when workspace child not symlinked to ... - [`1ec3190`](https://github.com/yarnpkg/yarn/commit/1ec3190a4c1077f14fa7e9689ca06ad394be131f) make running with Plug'n Play possible on node 13 ([#7650](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/7650)) - [`730d390`](https://github.com/yarnpkg/yarn/commit/730d3906f2d3a3f30b4e93fbf8fa2c1d3a44882c) ci(circleci): prevent timeout on circle-ci macos node10 build ([#7651](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/7651)) - Additional commits viewable in [compare view](https://github.com/yarnpkg/yarn/compare/v1.7.0...v1.21.1)

Maintainer changes

This version was pushed to npm by [danbuild](https://www.npmjs.com/~danbuild), a new releaser for yarn since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #105.