From 625994936f5eb926738aa10fb49cbc01b1ab133e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" Date: Wed, 7 Nov 2018 23:43:10 +0200 Subject: [PATCH] Bump yarn from 1.12.1 to 1.12.3 (#999) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [yarn](https://github.com/yarnpkg/yarn) from 1.12.1 to 1.12.3.
Release notes *Sourced from [yarn's releases](https://github.com/yarnpkg/yarn/releases).* > ## v1.12.3 > **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. > > - Fixes an issue with `yarn audit` when using workspaces > > [#6625](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6639) - [**Jeff Valore**](https://twitter.com/codingwithspike) > > - Uses `NODE_OPTIONS` to instruct Node to load the PnP hook, instead of raw CLI arguments > > **Caveat:** This change might cause issues for PnP users having a space inside their cwd (cf [nodejs/node#24065](https://github-redirect.dependabot.com/nodejs/node/pull/24065)) > > [#6479](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6629) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes Gulp when used with Plug'n'Play > > [#6623](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6623) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes an issue with `yarn audit` when the root package was missing a name > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with `yarn audit` when a package was depending on an empty range > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with how symlinks are setup into the cache on Windows > > [#6621](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6621) - [**Yoad Snapir**](https://github.com/yoadsn) > > - Upgrades `inquirer`, fixing `upgrade-interactive` for users using both Node 10 and Windows > > [#6635](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6635) - [**Philipp Feigl**](https://github.com/pfeigl) > > - Exposes the path to the PnP file using `require.resolve('pnpapi')` > > [#6643](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6643) - [**Maël Nison**](https://twitter.com/arcanis) > > ## v1.12.2 > This release doesn't actually exists and was caused by a quirk in our systems.
Changelog *Sourced from [yarn's changelog](https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md).* > ## 1.12.3 > > **Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal. > > - Fixes an issue with `yarn audit` when using workspaces > > [#6625](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6639) - [**Jeff Valore**](https://twitter.com/codingwithspike) > > - Uses `NODE_OPTIONS` to instruct Node to load the PnP hook, instead of raw CLI arguments > > **Caveat:** This change might cause issues for PnP users having a space inside their cwd (cf [nodejs/node#24065](https://github-redirect.dependabot.com/nodejs/node/pull/24065)) > > [#6479](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6629) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes Gulp when used with Plug'n'Play > > [#6623](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6623) - [**Maël Nison**](https://twitter.com/arcanis) > > - Fixes an issue with `yarn audit` when the root package was missing a name > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with `yarn audit` when a package was depending on an empty range > > [#6611](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6611) - [**Jack Zhao**](https://github.com/bugzpodder) > > - Fixes an issue with how symlinks are setup into the cache on Windows > > [#6621](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6621) - [**Yoad Snapir**](https://github.com/yoadsn) > > - Upgrades `inquirer`, fixing `upgrade-interactive` for users using both Node 10 and Windows > > [#6635](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6635) - [**Philipp Feigl**](https://github.com/pfeigl) > > - Exposes the path to the PnP file using `require.resolve('pnpapi')` > > [#6643](https://github-redirect.dependabot.com/yarnpkg/yarn/pull/6643) - [**Maël Nison**](https://twitter.com/arcanis) > > ## 1.12.2 > > This release doesn't actually exists and was caused by a quirk in our systems.
Commits - [`38bbf59`](https://github.com/yarnpkg/yarn/commit/38bbf59995d3fc20ebef1e805f10f2ac7ca836ba) v1.12.3 - [`2603671`](https://github.com/yarnpkg/yarn/commit/26036715be4c8c93eb6f88985d2a72ee80e57767) Fixes invalid version bump - [`0934bcd`](https://github.com/yarnpkg/yarn/commit/0934bcd1940c02e464a9fc80807528b172821198) v1.12.2 - [`b65dbb7`](https://github.com/yarnpkg/yarn/commit/b65dbb70692e2552ff2b33d9e57b5c4c5f22366e) Merge branch 'master' into 1.12-stable - [`f8e42c5`](https://github.com/yarnpkg/yarn/commit/f8e42c563f7c10adb5f53afc59104f541e145176) fix(audit) Report vulnerabilities in workspace package dependencies ([#6639](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6639)) - [`124a2ef`](https://github.com/yarnpkg/yarn/commit/124a2ef64381d2551aa8b1fa8d871862c12fa822) Exposes pnpapi through resolveToUnqualified ([#6643](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6643)) - [`1ceabe8`](https://github.com/yarnpkg/yarn/commit/1ceabe85b1d740004941e4bdac838d4ad2b2ff01) Tries a fix for Windows - [`85660f7`](https://github.com/yarnpkg/yarn/commit/85660f79bfad96af843dcd3d87ed75e81c527c67) Precompiles inquirer for Node 4 compat ([#6640](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6640)) - [`a40f3fc`](https://github.com/yarnpkg/yarn/commit/a40f3fc981355878f855de6b4110647ecf6d0c91) Update CHANGELOG.md - [`5539fa2`](https://github.com/yarnpkg/yarn/commit/5539fa23d1495b9aaa2409376dae2275aa0e725e) Fixes potential freeze on win+node10 interactive upgrades ([#5949](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/5949)) ([#6635](https://github-redirect.dependabot.com/yarnpkg/yarn/issues/6635)) - Additional commits viewable in [compare view](https://github.com/yarnpkg/yarn/compare/v1.12.1...v1.12.3)

[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=yarn&package-manager=npm_and_yarn&previous-version=1.12.1&new-version=1.12.3)](https://dependabot.com/compatibility-score.html?dependency-name=yarn&package-manager=npm_and_yarn&previous-version=1.12.1&new-version=1.12.3) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.
--- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 862c89511..dc99ec122 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,7 @@ "require-dir": "1.1.0", "uglify-es": "3.3.9", "yargs-parser": "11.0.0", - "yarn": "1.12.1" + "yarn": "1.12.3" }, "license": "MIT", "name": "gae-init", diff --git a/yarn.lock b/yarn.lock index d426a9858..d5d752a17 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7386,10 +7386,10 @@ yargs@~3.10.0: decamelize "^1.0.0" window-size "0.1.0" -yarn@1.12.1: - version "1.12.1" - resolved "https://registry.yarnpkg.com/yarn/-/yarn-1.12.1.tgz#afa478c9234ee55e8f4cdcfb994acfa54b69c95b" - integrity sha512-vdVLrYWx73k4QR8ZpQQ3HJg/X8aAunjUHuPlADR/ogmZOhnqgAdETPz0e/Df+MW8Dno7F1dOxS5e3G6niobumw== +yarn@1.12.3: + version "1.12.3" + resolved "https://registry.yarnpkg.com/yarn/-/yarn-1.12.3.tgz#fb4599bf1f8da01552bcc7e1571dfd4e53788203" + integrity sha512-8f5rWNDvkhAmCxmn8C0LsNWMxTYVk4VGKiq0sIB6HGZjaZTHsGIH87SUmVDUEd2Wk54bqKoUlbVWgQFCQhRkVw== yazl@^2.1.0: version "2.4.3"