Upgrade to Yarn v4.10.3 and enable npmMinimalAgeGate for supply chain protection #1184
+947
−786
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
|
Hey @Ariiellus, Thanks for the PR! Can you tell the steps you followed to migrate to v4? I think we just need to do: yarn set version berry
yarn installAnd yarn automatically migrates / updates the file. Asking this because I tried running the above command and it removed the plugs which we have configured and updated the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Following discussion in #1183 to increase security measures in the development workflow. This PR upgrades the current yarn v3.2.3 version to the latest v4.10.3 to enable
npmMinimalAgeGate.npmMinimalAgeGateimproves supply chain security by introducing a delay before newly published npm packages can be installed, providing researchers time to identify and report malicious releases.Additional Information
Related Issues
_Closes #1183 _
Your ENS/address:
Ariiellus.eth
0x6d465d2081b799770d0ce7e755d8db1665903ffb