[공통] Yarn 4.17.0 업그레이드로 PnP prettier 로드 오류 수정

[dooohun]

What is this PR? 🔍

• 기능 : Yarn 4.10.3 → 4.17.0 업그레이드로 VSCode Prettier 확장 로드 오류 해결

• Yarn 4.10.3 → 4.17.0 업그레이드

• Node 22.18+ 에서 PnP가 require()의 conditions 옵션을 거부해 Prettier 확장 로드가 실패하던 문제 수정 (4.17.0 PnP 런타임에서 해결)

• .pnp.cjs / .yarn/sdks / .vscode/settings.json 재생성

Test CheckList ✅

• VSCode 재로드 후 Prettier 에러 사라짐
• 저장 시 formatOnSave 정상 동작
• yarn install 정상 완료

✔️ Please check if the PR fulfills these requirements

• It's submitted to the correct branch, not the develop branch unconditionally?
• If on a hotfix branch, ensure it targets main?
• There are no warning message when you run yarn lint

Summary by CodeRabbit

• Chores
  • 패키지 매니저 Yarn을 4.10.3에서 4.17.0으로 업그레이드했습니다.
  • 개발 환경 설정을 최적화했습니다.

[coderabbitai]

Walkthrough

Yarn 패키지 매니저를 4.10.3에서 4.17.0으로 업그레이드합니다. .yarnrc.yml에서 yarnPath를 변경하고 enableScripts, npmMinimalAgeGate, approvedGitRepositories 설정을 추가하며, package.json의 버전 선언도 일치시킵니다. .vscode/settings.json의 배열은 값 변경 없이 멀티라인으로 재포맷됩니다.

Changes

Yarn 4.17.0 업그레이드

Layer / File(s)	Summary
Yarn 버전 및 동작 설정 업데이트 package.json, .yarnrc.yml	package.json의 engines.yarn과 packageManager를 4.17.0으로 변경하고, .yarnrc.yml의 yarnPath도 yarn-4.17.0.cjs로 업데이트합니다. 추가로 enableScripts: true, npmMinimalAgeGate: 0, approvedGitRepositories: ["**"] 설정이 신규 추가됩니다.

VS Code 설정 포맷 정리

Layer / File(s)	Summary
설정 배열 멀티라인 재포맷 .vscode/settings.json	eslint.validate와 cSpell.words 배열을 동일한 값 목록 그대로 싱글라인에서 멀티라인 JSON 배열 형식으로 변경합니다.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	PR 제목이 실제 변경 사항과 정확히 일치합니다. Yarn 4.10.3에서 4.17.0로의 업그레이드와 그로 인한 PnP prettier 로드 오류 수정이 주요 변경 내용입니다.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/prettier-error

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.yarnrc.yml (1)

10-10: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

npm 패키지 연령 보호 비활성화.

npmMinimalAgeGate: 0 설정은 신규 게시된 npm 패키지에 대한 보호를 비활성화합니다. 이로 인해 악의적인 타이포스쿼팅 공격에 사용되는 신규 패키지를 즉시 설치할 수 있는 위험이 있습니다.

최소 24~48시간(예: 86400 또는 172800 초)의 대기 시간을 설정하여 신규 패키지에 대한 기본적인 보호를 추가하는 것을 권장합니다.

🛡️ 권장 설정

-npmMinimalAgeGate: 0
+npmMinimalAgeGate: 86400  # 24시간 대기 (초 단위)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.yarnrc.yml at line 10, The npmMinimalAgeGate setting in .yarnrc.yml is
currently set to 0, which disables protection against newly published npm
packages. Change the value of npmMinimalAgeGate from 0 to a higher value
representing a minimum wait time in seconds, such as 86400 for 24 hours or
172800 for 48 hours, to prevent the immediate installation of newly published
packages that could be part of typosquatting attacks.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.yarnrc.yml:
- Around line 1-2: The approvedGitRepositories setting in the .yarnrc.yml file
uses a wildcard pattern that permits all Git repositories as dependency sources,
which poses a supply chain security risk. Replace the wildcard pattern "**" with
explicit, specific patterns that only allow trusted repositories that your
project actually depends on. Identify the legitimate repository domains or
patterns your dependencies require and add only those to the
approvedGitRepositories list instead of allowing all repositories with the
catch-all pattern.
- Line 8: The `enableScripts: true` setting in the `.yarnrc.yml` file enables
lifecycle scripts unnecessarily, as the current project dependencies do not use
any lifecycle scripts (preinstall, postinstall, install, prepare). Either change
the `enableScripts` setting from `true` to `false` to remove this unnecessary
security risk, or if there is a specific purpose for enabling scripts, add a
clear comment above the line in `.yarnrc.yml` explaining the rationale.

---

Nitpick comments:
In @.yarnrc.yml:
- Line 10: The npmMinimalAgeGate setting in .yarnrc.yml is currently set to 0,
which disables protection against newly published npm packages. Change the value
of npmMinimalAgeGate from 0 to a higher value representing a minimum wait time
in seconds, such as 86400 for 24 hours or 172800 for 48 hours, to prevent the
immediate installation of newly published packages that could be part of
typosquatting attacks.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e259ae72-f6ad-434d-aba7-958a47b652cc

📥 Commits

Reviewing files that changed from the base of the PR and between 6a0239c and c784bb4.

⛔ Files ignored due to path filters (23)

• .pnp.cjs is excluded by !.pnp.cjs and included by **
• .pnp.loader.mjs is excluded by !.pnp.loader.mjs and included by **
• .yarn/cache/@esbuild-darwin-arm64-npm-0.27.2-d675c4a521-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@esbuild-linux-x64-npm-0.27.2-11f1a3d9db-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@img-sharp-darwin-arm64-npm-0.34.3-8944698b4c-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@img-sharp-libvips-darwin-arm64-npm-1.2.0-2d65006be7-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@img-sharp-libvips-linux-x64-npm-1.2.0-91cf635ac8-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@img-sharp-linux-x64-npm-0.34.3-aa297ca1ca-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@next-env-npm-15.5.16-451e0aa651-4ba5975b7b.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@next-swc-darwin-arm64-npm-15.5.18-ac1ed6c8cc-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@next-swc-linux-x64-gnu-npm-15.5.18-388d9a3fbc-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@rollup-rollup-darwin-arm64-npm-4.59.0-db3495ba42-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@rollup-rollup-linux-x64-gnu-npm-4.59.0-da6c703f69-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@sentry-cli-darwin-npm-2.45.0-76059cfa9f-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@sentry-cli-darwin-npm-2.58.5-1f667e3b9d-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@sentry-cli-linux-x64-npm-2.45.0-6e5f26280b-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@sentry-cli-linux-x64-npm-2.58.5-7cea7778bc-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@unrs-resolver-binding-darwin-arm64-npm-1.11.1-c78d4bd2cb-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@unrs-resolver-binding-linux-x64-gnu-npm-1.11.1-93a00570de-10.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/next-npm-15.5.16-6a72a2b582-6575ffe4b6.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/releases/yarn-4.10.3.cjs is excluded by !**/.yarn/**, !.yarn/** and included by **
• .yarn/releases/yarn-4.17.0.cjs is excluded by !**/.yarn/**, !.yarn/** and included by **
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock, !yarn.lock and included by **

📒 Files selected for processing (3)

• .vscode/settings.json
• .yarnrc.yml
• package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

과도하게 허용적인 Git 저장소 설정.

approvedGitRepositories: ["**"] 설정은 모든 Git 저장소를 의존성 소스로 허용합니다. 이는 악의적이거나 손상된 저장소가 의존성으로 추가될 위험을 높이는 공급망 보안 취약점입니다.

명시적으로 신뢰할 수 있는 저장소만 허용하도록 패턴을 제한하는 것을 권장합니다.

🔒 더 제한적인 설정 예시

 approvedGitRepositories:
-  - "**"
+  - "https://github.com/your-org/**"
+  - "https://github.com/trusted-vendor/**"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.yarnrc.yml around lines 1 - 2, The approvedGitRepositories setting in the
.yarnrc.yml file uses a wildcard pattern that permits all Git repositories as
dependency sources, which poses a supply chain security risk. Replace the
wildcard pattern "**" with explicit, specific patterns that only allow trusted
repositories that your project actually depends on. Identify the legitimate
repository domains or patterns your dependencies require and add only those to
the approvedGitRepositories list instead of allowing all repositories with the
catch-all pattern.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: 라이프사이클 스크립트를 포함한 패키지 검색

# node_modules 내 package.json에서 scripts 필드가 있는 패키지 검색
fd -t f -H 'package.json' node_modules | xargs -I {} sh -c 'jq -r "select(.scripts | has(\"preinstall\", \"postinstall\", \"install\")) | .name" {} 2>/dev/null' | grep -v "^$" | sort -u

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 167

---

🏁 Script executed:

# Check if .yarnrc.yml exists and view its content
cat -n .yarnrc.yml 2>/dev/null || echo "File not found"

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 499

---

🏁 Script executed:

# Check for package.json and yarn.lock
ls -la | grep -E "package\.json|yarn\.lock"

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 196

---

🏁 Script executed:

# Get file size of yarn.lock to understand if we can read it
stat yarn.lock 2>/dev/null | grep -i size || echo "yarn.lock info not available"

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 96

---

🏁 Script executed:

# Read full package.json
cat -n package.json

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 3812

---

🏁 Script executed:

# Search yarn.lock for packages that have lifecycle scripts defined
grep -E "^\s+(preinstall|postinstall|install|prepare):" yarn.lock | head -30

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 49

---

🏁 Script executed:

# Search yarn.lock more broadly for script sections
grep -A 5 'scripts:' yarn.lock | grep -E '(preinstall|postinstall|install|prepare):' | head -20

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 49

---

🏁 Script executed:

# Count how many packages have scripts sections in yarn.lock
grep -c 'scripts:' yarn.lock

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 69

---

🏁 Script executed:

# Look for specific patterns - search for packages with script entries
grep -B 2 'preinstall\|postinstall\|prepare":' yarn.lock | head -40

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 371

---

🏁 Script executed:

# Final check - search for any lifecycle script mentions in entire yarn.lock
grep -E '"(preinstall|postinstall|prepare|install)"' yarn.lock | head -10

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 49

---

🏁 Script executed:

# Also check if .yarnrc.yml has any comments or context about why enableScripts is true
cat -n .yarnrc.yml | head -20

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 499

---

불필요한 라이프사이클 스크립트 활성화 설정 제거 권장

enableScripts: true 설정이 활성화되어 있으나, 현재 프로젝트의 의존성 중 라이프사이클 스크립트(preinstall, postinstall, install, prepare)를 사용하는 패키지가 없습니다. 불필요한 보안 위험을 제거하기 위해 이 설정을 false로 변경하거나, 특정 목적이 있는 경우 .yarnrc.yml에 주석으로 설명해주세요.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.yarnrc.yml at line 8, The `enableScripts: true` setting in the
`.yarnrc.yml` file enables lifecycle scripts unnecessarily, as the current
project dependencies do not use any lifecycle scripts (preinstall, postinstall,
install, prepare). Either change the `enableScripts` setting from `true` to
`false` to remove this unnecessary security risk, or if there is a specific
purpose for enabling scripts, add a clear comment above the line in
`.yarnrc.yml` explaining the rationale.

[ff1451]

고생하셨습니다!