Upgrade from Yarn v1 to v3

[mcmire]

This commit aligns this project with our other projects, which use Yarn v3 across the board.

The new files here are copied from the module template.

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Ignoring: jsdom@16.7.0, spdx-correct@3.2.0, @tootallnate/once@1.1.2, supports-hyperlinks@2.3.0, source-map@0.7.4, sshpk@1.17.0, istanbul-lib-source-maps@4.0.1, form-data@3.0.1, fb-watchman@2.0.2, anymatch@3.1.3, querystringify@2.2.0, asn1@0.2.6, fast-diff@1.3.0, requires-port@1.0.0, url-parse@1.5.10

Pull request alert summary

Issue	Status
Critical CVE	✅ 0 issues
CVE	✅ 0 issues
Mild CVE	✅ 0 issues
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script confusion	✅ 0 issues
Bin script shell injection	✅ 0 issues
Filesystem access	✅ 0 issues
Network access	✅ 0 issues
Shell access	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
GitHub dependency	✅ 0 issues
No bug tracker	✅ 0 issues
No contributors or author data	✅ 0 issues
No README	✅ 0 issues
Deprecated	✅ 0 issues
New author	✅ 0 issues
Unstable ownership	✅ 0 issues
Non-existent author	✅ 0 issues
Unmaintained	✅ 0 issues
Unpublished package	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues
AI detected security risk	✅ 0 issues
AI warning	✅ 0 issues

---

📊 Modified Dependency Overview:

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
@ethersproject/providers@5.7.2	5.7.0...5.7.2	None	+2/-2	ricmoo

[mcmire]

These are our packages:

@SocketSecurity ignore @lavamoat/aa@3.1.2
@SocketSecurity ignore @lavamoat/allow-scripts@2.3.1

[legobeat]

I figure the new lint errors comes from the lockfile reset + a semver-minor bump of something prettier-related. We should probably bump all deps and devdeps to be highest in the specified range under the old lockfile format before doing the schema upgrade?

[legobeat]

@mcmire #142

[mcmire]

@legobeat Hmm, this PR shouldn't update Prettier. Bumping all dev dependencies is a good idea, but I think if we ensure that Prettier isn't bumped, this PR can be independent of your changes. I'll see if I can fix that.

[legobeat]

@legobeat Hmm, this PR shouldn't update Prettier. Bumping all dev dependencies is a good idea, but I think if we ensure that Prettier isn't bumped, this PR can be independent of your changes. I'll see if I can fix that.

The newer version of prettier is already in range, so it's questionable (I'm not sure where I stand on this) if it should be considered an upgrade - users installing from a fresh clone without the lockfile would already get the errors here.

But assuming we want to do both either way, it seems arbitrary if we do downgrade dep ranges to match lockfile state -> upgrade yarn -> bump deps or bump deps -> upgrade yarn - just figured the latter was one step less!

[legobeat]

.cjs file integrity verified ✅
Just needs rebase after merge of #142, which I think should clear away (most of) the Socket Security alerts.

[legobeat]

Just noting for future readers that this was originally added in 1a6c749 as developer convenience and I guess is something we expect users to figure out themselves.

[mcmire]

@legobeat Good point. My understanding was that the yarn link process was broken, but I should follow up on that. I will keep this around for now in case it is still being used.

[legobeat]

@SocketSecurity ignore jsdom@16.7.0
@SocketSecurity ignore spdx-correct@3.2.0
@SocketSecurity ignore @tootallnate/once@1.1.2
@SocketSecurity ignore source-map@0.7.4
@SocketSecurity ignore sshpk@1.17.0
@SocketSecurity ignore form-data@3.0.1
@SocketSecurity ignore fb-watchman@2.0.2
@SocketSecurity ignore anymatch@3.1.3
@SocketSecurity ignore fast-diff@1.3.0

#145

[legobeat]

@SocketSecurity ignore supports-hyperlinks@2.3.0
@SocketSecurity ignore istanbul-lib-source-maps@4.0.1
@SocketSecurity ignore querystringify@2.2.0
@SocketSecurity ignore asn1@0.2.6
@SocketSecurity ignore requires-port@1.0.0
@SocketSecurity ignore url-parse@1.5.10