fix(yarn-berry): identify workspace member as root in dependency tree#486
Open
Strum355 wants to merge 3 commits intoguacsec:mainfrom
Open
fix(yarn-berry): identify workspace member as root in dependency tree#486Strum355 wants to merge 3 commits intoguacsec:mainfrom
Strum355 wants to merge 3 commits intoguacsec:mainfrom
Conversation
The `#isRoot` method in `Yarn_berry_processor` only matched the workspace root package (`@workspace:.`), causing workspace member analysis to fail to find the member's dependency subtree. Changed to match by manifest name prefix so members like `member-a@workspace:packages/member-a` are correctly identified as the root when analyzing from a workspace member's manifest. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… output yarn info --recursive without --all only returns the workspace root, omitting workspace member dependencies entirely. Adding --all includes packages from all workspace members in the output. Test fixtures regenerated from actual yarn info output, including real virtual locators and follow-redirects resolving to 1.16.0. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ruromero
approved these changes
Apr 22, 2026
| let providedDataForComponent = provider.provideComponent(manifestPath); | ||
|
|
||
| compareSboms(providedDataForComponent.content, expectedSbom); | ||
| }).timeout(process.env.GITHUB_ACTIONS ? 15000 : 10000); |
Collaborator
There was a problem hiding this comment.
why not always use the bigger timeout and stop adding (even remove) dependencies to GH actions env vars?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
#isRootmethod inYarn_berry_processoronly matched@workspace:.(the workspace root), causing member packages likemember-a@workspace:packages/member-ato never be identified as the root of the dependency tree#isRootto match by manifest name prefix (this._manifest.name@workspace:) so workspace members are correctly identifiedTest plan
test/providers/tst_manifests/yarn-berry/workspace_member/🤖 Generated with Claude Code