Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Bump yarn to 4.5.3 * Update test to match new handling of peer deps This is the failing test: https://github.com/dependabot/dependabot-core/blob/8f037cf1be97f2a0c1f383d74479ebe2a48e0c17/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb#L855-L875 Full commit including lockfiles: 1dcda58 Interestingly, it doesn't fail in Yarn `4.3.1` as seen in: * #8265 Poking through the changelog between 4.3.1 and 4.5.3, this seems to be relevant upstream PR: * yarnpkg/berry#6517 My understanding of peer dependency handling in Yarn is hazy at best, but after reading the PR description, it _looks_ like the algorithm changed and now the peer dependency can be updated and not necessarily held back. That would explain [this test failure](https://github.com/dependabot/dependabot-core/actions/runs/12307737164/job/34351931150?pr=11123#step:5:56): ``` 1) Dependabot::NpmAndYarn::UpdateChecker::VersionResolver#latest_resolvable_version with a yarn berry lockfile when updating a dependency with a peer requirement is expected to eq #<Gem::Version "15.2.0"> Failure/Error: it { is_expected.to eq(Gem::Version.new("15.2.0")) } expected: #<Gem::Version "15.2.0"> got: #<Gem::Version "16.3.1"> (compared using ==) Diff: @@ -1 +1 @@ -Gem::Version.new("15.2.0") +Gem::Version.new("16.3.1") # ./spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb:873:in `block (5 levels) in <top (required)>' # /home/dependabot/common/spec/spec_helper.rb:66:in `block (2 levels) in <top (required)>' # /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock/rspec.rb:39:in `block (2 levels) in <top (required)>' ```
- Loading branch information
1 parent
b3bb7da
commit 21cb492