Update yarn and remove explicit hardened mode (#13092)
Updates yarn to the latest version 4.9.2 (from 4.4.0). Also removes the explicit `enableHardenedMode` from yarnrc as it significantly slows down installation. This is already enabled automatically for pull requests on Github, thus preventing lockfile poisoning where it's relevant. See <https://yarnpkg.com/features/security#hardened-mode>: > in most cases you won't even have to think about it - the hardened mode is enabled by default when Yarn detects it runs in a pull request from a public GitHub repository. It can additionally be enabled explicitly for specific CI jobs by using an environment variable, if desired: > The hardened mode can be set (or disabled) [...] by defining `YARN_ENABLE_HARDENED_MODE=1|0` in your environment variables If this is the case, yarn still recommends **not** enabling it everywhere: > **DANGER** > > The hardened mode makes installs significantly slower as Yarn has to query the registry to make sure the information contained in the lockfile are accurate. If your CI pipeline runs multiple jobs, we recommend disabling the hardened mode in all but one of them so as to limit the performance impact. --------- Co-authored-by: prastoin <paul@twenty.com>
This commit is contained in:
Niklas Korz
@ -353,7 +353,7 @@
|
||||
},
|
||||
"license": "AGPL-3.0",
|
||||
"name": "twenty",
|
||||
"packageManager": "yarn@4.4.0",
|
||||
"packageManager": "yarn@4.9.2",
|
||||
"resolutions": {
|
||||
"graphql": "16.8.0",
|
||||
"type-fest": "4.10.1",
|
||||
|
||||
Reference in New Issue
Block a user