Please add one entry in this file for each change in Yarn's behavior. Use the same format for all entries, including the third-person verb. Make sure you don't add more than one line of text to keep it clean. Thanks!
Important: This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the Offline Mirror feature. After that everything will be back to normal.
-
Fixes a potential vulnerability regarding how the build artifacts are stored
Reported by ChALkeR, fixed by Maël Nison
-
Suggests using the Yarn 2 development trunk on PnP-enabled projects
-
Preserves linked packages when calling
yarn create
-
Fixes the offline mirror filenames when using Verdaccio
-
Fixes using
link:.
to refer to the package folder -
Runs the
prepare
lifecycle of git dependencies even ifNODE_ENV
is set toproduction
. -
Fixes the
postversion
lifecycle method not being called when using--no-git-tag-version
. -
Ignores potentially large vscode keys in package.json to avoid E2BIG errors.
-
Enforces https for the Yarn and npm registries.
-
Adds support for reading
yarnPath
from v2-produced.yarnrc.yml
files.
-
Adds prereleases flags and prerelease identifier to
yarn version
. -
Fixes audits when used with
yarn add
&yarn upgrade
-
Adds support for the
--offline
flag toyarn global add
-
Yarn will tolerate Yaml at parse time. Full support isn't ready yet and will only come at the next major.
-
Fixes a bug when using the
link:
protocol with a folder that doesn't contain apackage.json
-
Retries downloading a package on
yarn install
when we get a ETIMEDOUT error. -
Implements
yarn audit --level [severity]
flag to filter the audit command's output. -
Implements
yarn audit --groups group_name [group_name ...]
. -
Exposes the script environment variables to
yarn create
spawned processes. -
Prevents EPIPE errors from being printed.
-
Adds support for the npm enterprise URLs when computing the offline mirror filenames.
-
Tweaks the lockfile parser logic to parse a few extra cases
The 1.15.1 doesn't exist due to a release hiccup.
-
Reverts a behavior causing boggus interactions between PowerShell and
yarn global
-
Fixes a bug where non-zero exit codes were converted to a generic 1 when running
yarn run
-
Fixes production / development reporting when running
yarn audit
-
Removes
--scripts-prepend-node-path
as Yarn's default behavior makes this obsolete -
Fixes the advisory link printed by
yarn audit
-
Fixes
npm_config_
environment variable parsing to support those prefixed with underscore (ex:_auth
) -
Fixes yarn
upgrade --latest
for dependencies using>
or>=
range specifier -
Fixes
--modules-folder
handling in several places (ex:yarn check
now respects--modules-folder
) -
Removes
rootModuleFolders
(internal variable which wasn't used anywhere) -
Adds support for setting
global-folder
from.yarnrc
files -
Makes
yarn version
cancellable via ctrl-c or empty string -
Adds support for
yarn policies set-version berry
-
Fixes yarn
upgrade --scope
when using exotic (github) dependencies -
Fixes occasionally mismatching upper/lowecases of drive letters in win32 pnp check
-
Fixes the error reporting for non-HTTP network errors (such as invalid certificates)
-
Changes the location where the
--require ./.pnp.js
flag gets added intoNODE_OPTIONS
: now at the front (bis) -
Packages won't be auto-unplugged anymore if
ignore-scripts
is set in the yarnrc file -
Enables displaying Emojis on Terminus by default
-
Run the engines check before executing
run
scripts.
-
Improves PnP compatibility with Node 6
-
Fixes PnP detection with workspaces (
installConfig
is now read at the top-level) -
Fixes an interaction between
yarn pack
and bundled dependencies -
Adds support for
GITHUB_TOKEN
inyarn policies set-version
-
Fixes an issue where
resolve
would forward an incomplete basedir to the PnP hook -
Fixes the command that
yarn unlink
recommends to run as a followup (nowyarn install --force
) -
Changes the location where the
--require ./.pnp.js
flag gets added intoNODE_OPTIONS
: now at the front -
Fixes a bug where
os
andplatform
requirements weren't properly checked whenengines
was missing
-
Implements a new
package.json
field:peerDependenciesMeta
-
Adds an
optional
settings topeerDependenciesMeta
to silence missing peer dependency warnings -
Implements
yarn policies set-version [range]
. Check the documentation for usage & tips. -
Fixes a resolution issue when a package had an invalid
main
entry -
Decreases the size of the generated
$PATH
environment variable for a better Windows support -
Fixes postinstall scripts for third-party packages when they were referencing a binary from their own dependencies
-
Fixes yarn audit exit code overflow
-
Stops automatically unplugging packages with postinstall script when running under
--ignore-scripts
-
Adds transparent support for the
resolve
package when using Plug'n'Play -
Properly reports the error codes when the npm registry throws 500's
Important: This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the Offline Mirror feature. After that everything will be back to normal.
-
Fixes an issue with
yarn audit
when using workspaces -
Uses
NODE_OPTIONS
to instruct Node to load the PnP hook, instead of raw CLI argumentsCaveat: This change might cause issues for PnP users having a space inside their cwd (cf nodejs/node#24065)
-
Fixes Gulp when used with Plug'n'Play
-
Fixes an issue with
yarn audit
when the root package was missing a name -
Fixes an issue with
yarn audit
when a package was depending on an empty range -
Fixes an issue with how symlinks are setup into the cache on Windows
-
Upgrades
inquirer
, fixingupgrade-interactive
for users using both Node 10 and Windows -
Exposes the path to the PnP file using
require.resolve('pnpapi')
This release doesn't actually exists and was caused by a quirk in our systems.
-
Ensures the engine check is ran before showing the UI for
upgrade-interactive
-
Restores Node v4 support by downgrading
cli-table3
-
Prevents infinite loop when parsing corrupted lockfiles with unterminated strings
-
Environment variables now have to start with
YARN_
(instead of just contain it) to be considered -
Fixes the
extensions
option when used byresolveRequest
-
Fixes handling of empty string entries for
bin
in package.json -
Adds support for basic auth for registries with paths, such as artifactory
-
Adds 2FA (Two Factor Authentication) support to publish & alike
-
Fixes how the
files
property is interpreted to bring it in line with npm -
Fixes Yarn invocations on Darwin when the
yarn
binary was symlinked -
Fixes
require.resolve
when used together with thepaths
option
-
Adds initial support for PnP on Windows
-
Adds
yarn audit
(and the--audit
flag for all installs) -
Adds a special logic to PnP for ESLint compatibility (temporary, until eslint/eslint#10125 is fixed)
-
Makes the PnP hook inject a
process.versions.pnp
variable when setup (equals toVERSIONS.std
) -
Disables by default (configurable) the automatic migration of the
integrity
field. It will be re-enabled in 2.0. -
Fixes the display name of the faulty package when the NPM registry returns corrupted data
-
Prevents crashes when running
yarn outdated
and the NPM registry forgets to return thelatest
tag -
Fixes
yarn run
when used together with workspaces and PnP -
Fixes an edge case when peer dependencies were resolved multiple levels deep (
webpack-dev-server
)