[Development issue] Yarn checksum for `selectize` changes depending on the environment `yarn build` is run in

[dvg-p4]

Example application or steps to reproduce the problem

• Set up dev environment for Shiny as specified in https://github.com/rstudio/shiny/tree/main/srcts#typescript-build-tools-shiny-developers
• yarn install
• The checksum for selectize changes, despite nothing else about the package changing:

git diff

```diff diff --git a/yarn.lock b/yarn.lock index 8fd02518f..8c079cf3d 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1853,7 +1853,7 @@ __metadata: peerDependenciesMeta: jquery-ui: optional: true - checksum: ba260ba5804c16b1455ff79f9d00ce860e12ae36e29d7a5f702da6b384c9454497421b8e06fe683d10fac53e2dc6ec008da4fa129a153cbbfe5396e027eb4247 + checksum: 8718ebda1068894fc1267459b603f492045723ed1000fdbe798f2fab78fed8536b1906f56c53e9bd0ff9dce24aed176045618d0a1eddcf48f7d0313ad4ad67e9 languageName: node linkType: hard ```

Context

``` "@selectize/selectize@https://github.com/selectize/selectize.js.git#e3f2e0b4aa251375bc21b5fcd8ca7d374a921f08": version: 0.15.2 resolution: "@selectize/selectize@https://github.com/selectize/selectize.js.git#commit=e3f2e0b4aa251375bc21b5fcd8ca7d374a921f08" peerDependencies: jquery: ^1.7.0 || ^2 || ^3 jquery-ui: ^1.13.2 peerDependenciesMeta: jquery-ui: optional: true checksum: 8718ebda1068894fc1267459b603f492045723ed1000fdbe798f2fab78fed8536b1906f56c53e9bd0ff9dce24aed176045618d0a1eddcf48f7d0313ad4ad67e9 languageName: node linkType: hard ```

• Push the branch and create a PR
• The "routine" check fails due to the opposite diff

Describe the problem in detail

It seems that when yarn install installs selectize from the specified github commit, it produces the checksum 8718... if it's on my MacBook or RedHat 8 server; but it produces the checksum ba26... if run on the Github Runner (Ubuntu I think?).

This may be due to some known issues with yarn checksums, as discussed in https://github.com/yarnpkg/berry/issues/2399 / https://github.com/yarnpkg/berry/issues/2774#issuecomment-822472844 .

From the git blame, it looks like 10 months ago the checksum changed in yarn.lock without any of the other information changing; guessing that's either this same issue or a related one.

https://github.com/rstudio/shiny/blame/2e2114f99d42ee2bc9cd00073cdaeafba5339c1c/yarn.lock#L1847-L1866

[gadenbuie]

Our approach is generally to live with the changes from CI and to use that as the central point of truth changing. That approach is a little harder for external contributors because the routine actions can't push back to forks for (reasonable) security reasons imposed by GitHub Actions. For now, the Shiny team is generally aware of the issue and we're used to looking at the action statuses when triaging or reviewing PRs to disambiguate between routine failures and other more important failures.

In short, if this check is failing for you, you don't need to worry or fight with our CI. We'll take care of it when we merge.