Upgrade Yarn to a newer version


#1

Hello, I’ve been sent here through https://github.com/travis-ci/travis-ci/issues/9445 because it should’ve been obvious that an internal ping through the company isn’t going to make anybody do anything.

It seems that the version of the Yarn Package Manager (for Node) is still on version 1.3.2 which is now over a year old. Many bugs and vulnerabilities have been fixed since then, please upgrade it to the latest version.


#2

Older build images are unlikely to get updates. Please use a newer image, or update it yourself, if this is critical.

The current Xenial image has 1.13.0. https://travis-ci.org/BanzaiMan/travis_production_test/builds/489217055#L183


#3

Hey @BanzaiMan, thanks for this answer, I finally got my build to work by upgrading to the Xenial image. While I understand that older images won’t get updates, please consider setting this image as default at least on projects that use Yarn. The current default version throws warnings as Yarn 1.3.2 uses Node’s deprecated Buffer APIs. This is very confusing, especially as I needed to first search through the old Travis CI GitHub repo to find the issue, only to be redirected here where I had to search again to find this thread.