feat(scripts): add yarn-lockfile-surgeon for minimum-version lockfile bumps#4638
feat(scripts): add yarn-lockfile-surgeon for minimum-version lockfile bumps#4638jonkoops wants to merge 1 commit intoredhat-developer:mainfrom
Conversation
jonkoops
force-pushed
the
add-yarn-lockfile-surgeon
branch
from
783ab06 to
320fa0d
Compare
|
Nice One, but one thing I think is missing is the printout (conslo log or something) which would look like this "old version → new version" for each bumped package. The old version is right there in the lockfile |
jonkoops
force-pushed
the
add-yarn-lockfile-surgeon
branch
2 times, most recently
from
e62b61c to
e7501d2
Compare
|
@polasudo Done, I added a bit nicer output so it is easier to see what the script does 👍 |
|
The container image build workflow finished with status: |
… bumps Adds a CLI tool that surgically bumps packages in Yarn Berry lockfiles to their minimum satisfying versions, unlike `yarn up` which resolves to the latest. Useful for applying security patches on LTS branches with minimal lockfile impact.
jonkoops
force-pushed
the
add-yarn-lockfile-surgeon
branch
from
e7501d2 to
b560264
Compare
|
The container image build workflow finished with status: |
|
| const lock = parseSyml( | ||
| readFileSync(lockfilePath, "utf-8"), | ||
| ); |
There was a problem hiding this comment.
can we add here some consolle log if there is something wrong with the path ?
2 participants
yarn-lockfile-surgeonis a CLI tool for surgically bumping packages in Yarn Berry lockfiles. Unlikeyarn up, which resolves dependency ranges to the latest matching version, this tool resolves to the minimum satisfying version — keeping lockfile diffs as small as possible when applying security patches on LTS branches.The tool uses Yarn's own
@yarnpkg/parsersand@yarnpkg/coreto parse, manipulate, and serialize the lockfile. It walks transitive dependencies, adding new entries only when existing lockfile resolutions don't satisfy the updated ranges. Range aliases are collected to preventyarn installfrom re-resolving covered ranges.