build(deps): adopt yarn 4.14.1 with further software supply chain hardening

this version adopts a default posture of disallowing package scripts to run
unless specifically configured to do so

we've followed that default posture here, and just allowed the specific packages
we expect to run scripts to do so

in addition the 2 separate sub-workspaces are now pointing to a single yarn
install in the root workspace, for easier upgrades in the future (or at least,
it won't be possible to upgrade them separately as the binary will disappear
and the sub-workspaces will error, highlighting the need to update their .yarnrc.yml
yarnPath entry and make sure they work)

Author: mikehardy

.github/scripts/compare-types/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: ../../../.yarn/releases/yarn-4.14.1.cjs

.github/scripts/compare-types/package.json

@@ -11,5 +11,11 @@
   "devDependencies": {
     "tsx": "^4.21.0",
     "typescript": "^6.0.3"
+  },
+  "packageManager": "yarn@4.14.1",
+  "dependenciesMeta": {
+    "esbuild": {
+      "built": true
+    }
   }
 }

.github/scripts/compare-types/yarn.lock

@@ -2,7 +2,7 @@
 # Manual changes might be lost - proceed with caution!
 
 __metadata:
-  version: 8
+  version: 9
   cacheKey: 10
 
 "@esbuild/aix-ppc64@npm:0.27.3":
@@ -317,6 +317,9 @@ __metadata:
     ts-morph: "npm:^28.0.0"
     tsx: "npm:^4.21.0"
     typescript: "npm:^6.0.3"
+  dependenciesMeta:
+    esbuild:
+      built: true
   languageName: unknown
   linkType: soft
 

.github/workflows/scripts/functions/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: ../../../../.yarn/releases/yarn-4.14.1.cjs

.github/workflows/scripts/functions/package.json

@@ -22,5 +22,16 @@
     "typescript": "^6.0.3"
   },
   "private": true,
-  "packageManager": "yarn@4.12.0"
+  "packageManager": "yarn@4.14.1",
+  "dependenciesMeta": {
+    "@firebase/util": {
+      "built": true
+    },
+    "protobufjs": {
+      "built": true
+    },
+    "re2": {
+      "built": true
+    }
+  }
 }

.github/workflows/scripts/functions/yarn.lock

@@ -2,7 +2,7 @@
 # Manual changes might be lost - proceed with caution!
 
 __metadata:
-  version: 8
+  version: 9
   cacheKey: 10
 
 "@apidevtools/json-schema-ref-parser@npm:^9.0.3":
@@ -3147,6 +3147,13 @@ __metadata:
     firebase-functions-test: "npm:^3.4.1"
     firebase-tools: "npm:^15.16.0"
     typescript: "npm:^6.0.3"
+  dependenciesMeta:
+    "@firebase/util":
+      built: true
+    protobufjs:
+      built: true
+    re2:
+      built: true
   languageName: unknown
   linkType: soft
 

.yarn/releases/yarn-4.12.0.cjs

@@ -11,4 +11,4 @@ plugins:
     path: .yarn/plugins/@yarnpkg/plugin-postinstall-dev.cjs
     spec: "https://raw.githubusercontent.com/sachinraja/yarn-plugin-postinstall-dev/main/bundles/%40yarnpkg/plugin-postinstall-dev.js"
 
-yarnPath: .yarn/releases/yarn-4.12.0.cjs
+yarnPath: .yarn/releases/yarn-4.14.1.cjs

.yarn/releases/yarn-4.14.1.cjs

@@ -124,5 +124,31 @@
       "tests"
     ]
   },
-  "packageManager": "yarn@4.12.0"
+  "packageManager": "yarn@4.14.1",
+  "dependenciesMeta": {
+    "@firebase/util": {
+      "built": true
+    },
+    "detox": {
+      "built": true
+    },
+    "dtrace-provider": {
+      "built": true
+    },
+    "nx": {
+      "built": true
+    },
+    "postinstall-postinstall": {
+      "built": true
+    },
+    "protobufjs": {
+      "built": true
+    },
+    "re2": {
+      "built": true
+    },
+    "unrs-resolver": {
+      "built": true
+    }
+  }
 }