Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump yarn from 1.12.1 to 1.12.3 (#999)
Bumps [yarn](https://github.com/yarnpkg/yarn) from 1.12.1 to 1.12.3. <details> <summary>Release notes</summary> *Sourced from [yarn's releases](https://github.com/yarnpkg/yarn/releases).* > ## v1.12.3 > **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. > > - Fixes an issue with `yarn audit` when using workspaces > > [#6625](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6639) - [**Jeff Valore**](https://twitter.com/codingwithspike) > > - Uses `NODE_OPTIONS` to instruct Node to load the PnP hook, instead of raw CLI arguments > > **Caveat:** This change might cause issues for PnP users having a space inside their cwd (cf [nodejs/node#24065](https://github-redirect.dependabot.com/nodejs/node/pull/24065)) > > [#6479](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6629) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes Gulp when used with Plug'n'Play > > [#6623](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6623) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes an issue with `yarn audit` when the root package was missing a name > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with `yarn audit` when a package was depending on an empty range > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with how symlinks are setup into the cache on Windows > > [#6621](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6621) - [**Yoad Snapir**](https://github.com/yoadsn) > > - Upgrades `inquirer`, fixing `upgrade-interactive` for users using both Node 10 and Windows > > [#6635](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6635) - [**Philipp Feigl**](https://github.com/pfeigl) > > - Exposes the path to the PnP file using `require.resolve('pnpapi')` > > [#6643](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6643) - [**Maël Nison**](https://twitter.com/arcanis) > > ## v1.12.2 > This release doesn't actually exists and was caused by a quirk in our systems. </details> <details> <summary>Changelog</summary> *Sourced from [yarn's changelog](https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md).* > ## 1.12.3 > > **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. > > - Fixes an issue with `yarn audit` when using workspaces > > [#6625](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6639) - [**Jeff Valore**](https://twitter.com/codingwithspike) > > - Uses `NODE_OPTIONS` to instruct Node to load the PnP hook, instead of raw CLI arguments > > **Caveat:** This change might cause issues for PnP users having a space inside their cwd (cf [nodejs/node#24065](https://github-redirect.dependabot.com/nodejs/node/pull/24065)) > > [#6479](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6629) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes Gulp when used with Plug'n'Play > > [#6623](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6623) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes an issue with `yarn audit` when the root package was missing a name > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with `yarn audit` when a package was depending on an empty range > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with how symlinks are setup into the cache on Windows > > [#6621](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6621) - [**Yoad Snapir**](https://github.com/yoadsn) > > - Upgrades `inquirer`, fixing `upgrade-interactive` for users using both Node 10 and Windows > > [#6635](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6635) - [**Philipp Feigl**](https://github.com/pfeigl) > > - Exposes the path to the PnP file using `require.resolve('pnpapi')` > > [#6643](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6643) - [**Maël Nison**](https://twitter.com/arcanis) > > ## 1.12.2 > > This release doesn't actually exists and was caused by a quirk in our systems. </details> <details> <summary>Commits</summary> - [`38bbf59`](yarnpkg/yarn@38bbf59) v1.12.3 - [`2603671`](yarnpkg/yarn@2603671) Fixes invalid version bump - [`0934bcd`](yarnpkg/yarn@0934bcd) v1.12.2 - [`b65dbb7`](yarnpkg/yarn@b65dbb7) Merge branch 'master' into 1.12-stable - [`f8e42c5`](yarnpkg/yarn@f8e42c5) fix(audit) Report vulnerabilities in workspace package dependencies ([#6639](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6639)) - [`124a2ef`](yarnpkg/yarn@124a2ef) Exposes pnpapi through resolveToUnqualified ([#6643](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6643)) - [`1ceabe8`](yarnpkg/yarn@1ceabe8) Tries a fix for Windows - [`85660f7`](yarnpkg/yarn@85660f7) Precompiles inquirer for Node 4 compat ([#6640](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6640)) - [`a40f3fc`](yarnpkg/yarn@a40f3fc) Update CHANGELOG.md - [`5539fa2`](yarnpkg/yarn@5539fa2) Fixes potential freeze on win+node10 interactive upgrades ([#5949](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/5949)) ([#6635](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6635)) - Additional commits viewable in [compare view](yarnpkg/yarn@v1.12.1...v1.12.3) </details> <br /> [![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=yarn&package-manager=npm_and_yarn&previous-version=1.12.1&new-version=1.12.3)](https://dependabot.com/compatibility-score.html?dependency-name=yarn&package-manager=npm_and_yarn&previous-version=1.12.1&new-version=1.12.3) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot. </details>
- Loading branch information