search

stake-house / wagyu-key-gen

GNU General Public License v3.0
60 stars 42 forks source link

Updating yarn to v4.1.0 #187

Closed valefar-on-discord closed 7 months ago

valefar-on-discord commented 7 months ago

Upgrading to yarn v4.1.0 and adding enableHardenedMode: true to .yarnrc.yml to protect against lockfile dependency injection attacks: https://github.com/yarnpkg/berry/discussions/4136

To test: Pull refresh version of this branch Make sure running >= Node v18 yarn install yarn buildcli yarn build yarn start

Should run with no regressions and no local files should be modified

remyroy commented 7 months ago

On yarn install, I'm seeing:

➤ YN0000: ┌ Post-resolution validation
➤ YN0002: │ wagyukeygen@workspace:. doesn't provide react-is (pc32ff), requested by styled-components.
➤ YN0086: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code.
➤ YN0000: └ Completed

but I'm guessing this is unrelated to this PR.

remyroy commented 7 months ago

Running yarn npm audit reveals that we have a few package worth upgrading:

├─ @material-ui/core
│  ├─ ID: @material-ui/core (deprecation)
│  ├─ Issue: Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: 4.12.3
│  │ 
│  ├─ Tree Versions
│  │  └─ 4.12.3
│  │ 
│  └─ Dependents
│     └─ wagyukeygen@workspace:.
│
├─ @material-ui/icons
│  ├─ ID: @material-ui/icons (deprecation)
│  ├─ Issue: You can now upgrade to @mui/icons. See the guide: https://mui.com/guides/migration-v4/
│  ├─ Severity: moderate
│  ├─ Vulnerable Versions: 4.11.2
│  │ 
│  ├─ Tree Versions
│  │  └─ 4.11.2
│  │ 
│  └─ Dependents
│     └─ wagyukeygen@workspace:.
│
└─ @material-ui/lab
   ├─ ID: @material-ui/lab (deprecation)
   ├─ Issue: Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.
   ├─ Severity: moderate
   ├─ Vulnerable Versions: 4.0.0-alpha.60
   │ 
   ├─ Tree Versions
   │  └─ 4.0.0-alpha.60
   │ 
   └─ Dependents
      └─ wagyukeygen@workspace:.

This could be in another PR or as part of another effort.

valefar-on-discord commented 7 months ago

On yarn install, I'm seeing:

➤ YN0000: ┌ Post-resolution validation
➤ YN0002: │ wagyukeygen@workspace:. doesn't provide react-is (pc32ff), requested by styled-components.
➤ YN0086: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code.
➤ YN0000: └ Completed

but I'm guessing this is unrelated to this PR.

This is a result of styled-components version we are using 5.3.3. They moved react-is as a devDependency requiring others to install it or use packageExtensions in yarnrc - https://github.com/styled-components/styled-components/pull/2187#issuecomment-602057373

A bit annoying but I added a commit to fix this issue.

valefar-on-discord commented 7 months ago

Running yarn npm audit reveals that we have a few package worth upgrading:

This could be in another PR or as part of another effort.

Yeah, I think upgrading to material v5 should be a separate effort. I'll look into it.