upgraded yarn to add release age min and added min to npm#4231
upgraded yarn to add release age min and added min to npm#4231wavehassman wants to merge 4 commits into
Conversation
chpy04
left a comment
chpy04
left a comment
There was a problem hiding this comment.
We technically are fully es modules, although the only reason we switched from common js on the frontend was bc my deployment pipeline broke and I couldn't figure out what the issue was so I did that instead so maybe its fine. If the cjs works fine its good w me but other comments should be addressed
| @@ -1,16 +1,16 @@ | |||
| # TO BE RUN FROM DOCKER COMPOSE. DO NOT RUN MANUALLY AS CONTEXT IS NOT SET CORRECTLY | |||
| FROM platformatic/node-caged:25-slim | |||
| RUN npm install -g yarn | |||
There was a problem hiding this comment.
The reason that we install yarn before copying everything over is because of docker caching, so we ideally want the yarn installation to be as early as possible to leverage caching as much as possible, specifically before copying backend and shared bc those change a lot
| RUN npm install -g corepack --force && corepack enable && yarn install | ||
|
|
||
| RUN echo DATABASE_URL=\"postgresql://postgres:docker@database:5432/nerpm?schema=public\" > ./src/backend/.env | ||
| RUN echo NODE_ENV=development >> ./src/backend/.env |
There was a problem hiding this comment.
If you are changing this dockerfile you will almost certainly need to change the development one to keep the development env working as well
| @@ -1,15 +1,16 @@ | |||
| # TO BE RUN FROM DOCKER COMPOSE. DO NOT RUN MANUALLY AS CONTEXT IS NOT SET CORRECTLY | |||
| FROM node:20 AS builder | |||
| FROM node:22 AS builder | |||
There was a problem hiding this comment.
we really ought to be on the same version of node for the frontend and backend, although I must have missed this when Raphael added the caged node 25. Bc you are already doing dependency work, can you upgrade one to 25 or downgrade one to 22 (idc which ideally 25 but if you run into problems 22 is fine)
| # Lock files (keep package.json though) | ||
| package-lock.json | ||
| yarn.lock | ||
| .yarnrc.yml |
There was a problem hiding this comment.
Why do we need these? I would have thought the releases folder would contain everything we need
2 participants
Changes
Upgrades Yarn from 3.2.1 to 4.15.0 with a 3-day minimum package release age enforced in both Yarn and npm as a supply chain security measure, updates Dockerfiles for compatibility, and migrates Prisma config from package.json to prisma.config.ts to resolve a deprecation warning ahead of Prisma 7.
Slack messages still work and uploading documents
Checklist
It can be helpful to check the
ChecksandFiles changedtabs.Please review the contributor guide and reach out to your Tech Lead if anything is unclear.
Please request reviewers and ping on slack only after you've gone through this whole checklist.
yarn.lockchanges (unless dependencies have changed)