Upgrade Yarn to 4.11.0 (#10865)

* Initial plan

* Upgrade Yarn to 4.11.0 with node-modules linker and security settings

Co-authored-by: tommoor <380914+tommoor@users.noreply.github.com>

* Restore rolldown resolution to package.json resolutions

Co-authored-by: tommoor <380914+tommoor@users.noreply.github.com>

* Enable Corepack in CI workflow for Yarn 4.11.0 support

Co-authored-by: tommoor <380914+tommoor@users.noreply.github.com>

* test

* module resolution

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: tommoor <380914+tommoor@users.noreply.github.com>
Co-authored-by: Tom Moor <tom@getoutline.com>

.github/workflows/ci.yml

@@ -22,6 +22,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
+      - name: Enable Corepack
+        run: corepack enable
       - name: Use Node.js 22.x
         uses: actions/setup-node@v5
         with:
@@ -35,13 +37,15 @@ jobs:
           key: ${{ runner.os }}-node-modules-${{ hashFiles('yarn.lock') }}
       - name: Install dependencies
         if: steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: yarn install --frozen-lockfile --prefer-offline
+        run: yarn install --immutable
 
   lint:
     needs: setup
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
+      - name: Enable Corepack
+        run: corepack enable
       - uses: actions/setup-node@v5
         with:
           node-version: 22.x
@@ -58,6 +62,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
+      - name: Enable Corepack
+        run: corepack enable
       - uses: actions/setup-node@v5
         with:
           node-version: 22.x
@@ -104,6 +110,8 @@ jobs:
         test-group: [app, shared]
     steps:
       - uses: actions/checkout@v5
+      - name: Enable Corepack
+        run: corepack enable
       - uses: actions/setup-node@v5
         with:
           node-version: 22.x
@@ -140,6 +148,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v5
+      - name: Enable Corepack
+        run: corepack enable
       - uses: actions/setup-node@v5
         with:
           node-version: 22.x
@@ -161,6 +171,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
+      - name: Enable Corepack
+        run: corepack enable
       - uses: actions/setup-node@v5
         with:
           node-version: 22.x

.gitignore

@@ -14,3 +14,10 @@ data/*
 *.pem
 *.key
 *.cert
+
+# Yarn Berry
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks

.yarnrc.yml

@@ -0,0 +1,3 @@
+nodeLinker: node-modules
+
+npmMinimalAgeGate: 86400

Makefile

@@ -1,7 +1,7 @@
 up:
 	docker compose up -d redis postgres
 	yarn install-local-ssl
-	yarn install --pure-lockfile
+	yarn install --immutable
 	yarn dev:watch
 
 build:

app/actions/definitions/documents.tsx

@@ -611,9 +611,8 @@ export const copyDocumentAsMarkdown = createAction({
       ? stores.documents.get(activeDocumentId)
       : undefined;
     if (document) {
-      const { ProsemirrorHelper } = await import(
-        "~/models/helpers/ProsemirrorHelper"
-      );
+      const { ProsemirrorHelper } =
+        await import("~/models/helpers/ProsemirrorHelper");
       copy(ProsemirrorHelper.toMarkdown(document));
       toast.success(t("Markdown copied to clipboard"));
     }
@@ -633,9 +632,8 @@ export const copyDocumentAsPlainText = createAction({
       ? stores.documents.get(activeDocumentId)
       : undefined;
     if (document) {
-      const { ProsemirrorHelper } = await import(
-        "~/models/helpers/ProsemirrorHelper"
-      );
+      const { ProsemirrorHelper } =
+        await import("~/models/helpers/ProsemirrorHelper");
       copy(ProsemirrorHelper.toPlainText(document));
       toast.success(t("Text copied to clipboard"));
     }

lint-staged.config.mjs

@@ -12,5 +12,5 @@ export default {
   ],
 
   // Automatically de-duplicate packages as yarn is terrible at it
-  "(yarn.lock|package.json)": () => `yarn yarn-deduplicate yarn.lock`,
+  "(yarn.lock|package.json)": () => `yarn dedupe`,
 };

package.json

@@ -11,7 +11,7 @@
     "build": "yarn clean && yarn vite:build && yarn build:i18n && yarn build:server",
     "start": "node ./build/server/index.js",
     "dev": "NODE_ENV=development yarn concurrently -n api,collaboration  -c \"blue,magenta\" \"node --inspect=0.0.0.0 build/server/index.js --services=cron,collaboration,websockets,admin,web,worker\"",
-    "dev:backend": "NODE_ENV=development nodemon --exec \"yarn build:server && yarn dev\" -e js,ts,tsx --watch server --watch shared --watch plugins --watch .env --watch .env.local --watch .env.development --ignore *.test.ts --ignore data/ --ignore build/ --ignore app/ --ignore shared/editor --ignore server/migrations",
+    "dev:backend": "NODE_ENV=development nodemon --quiet --exec \"yarn build:server && yarn dev\" -e js,ts,tsx --watch server --watch shared --watch plugins --watch .env --watch .env.local --watch .env.development --ignore \"**/*.test.ts\" --ignore data/ --ignore build/ --ignore app/ --ignore shared/editor --ignore server/migrations",
     "dev:watch": "NODE_ENV=development yarn concurrently -n backend,frontend \"yarn dev:backend\" \"yarn vite:dev\"",
     "lint": "oxlint --type-aware app server shared plugins",
     "lint:changed": "git diff --name-only --diff-filter=ACMRTUXB | grep -E '\\.(js|jsx|ts|tsx)$' | xargs -r oxlint",
@@ -285,6 +285,7 @@
     "@relative-ci/agent": "^4.3.1",
     "@types/addressparser": "^1.0.3",
     "@types/body-scroll-lock": "^3.1.2",
+    "@types/cookie": "0.6.0",
     "@types/crypto-js": "^4.2.2",
     "@types/diff": "^5.0.9",
     "@types/dotenv": "^8.2.3",
@@ -323,7 +324,7 @@
     "@types/png-chunks-extract": "^1.0.2",
     "@types/proxy-from-env": "^1.0.4",
     "@types/quoted-printable": "^1.0.2",
-    "@types/react": "^17.0.34",
+    "@types/react": "17.0.75",
     "@types/react-avatar-editor": "^13.0.4",
     "@types/react-color": "^3.0.13",
     "@types/react-dom": "^17.0.11",
@@ -370,10 +371,12 @@
     "rimraf": "^2.5.4",
     "rollup-plugin-webpack-stats": "2.1.6",
     "terser": "^5.44.1",
-    "typescript": "^5.9.2",
-    "yarn-deduplicate": "^6.0.2"
+    "typescript": "^5.9.2"
   },
   "resolutions": {
+    "@types/react": "17.0.75",
+    "@types/koa": "2.15.0",
+    "@hocuspocus/server": "1.1.2",
     "prosemirror-transform": "1.10.0",
     "body-scroll-lock": "^4.0.0-beta.0",
     "d3": "^7.0.0",
@@ -381,8 +384,9 @@
     "node-fetch": "^2.7.0",
     "js-yaml": "^3.14.1",
     "qs": "6.9.7",
-    "prismjs": "1.30.0"
+    "prismjs": "1.30.0",
+    "cheerio": "1.0.0-rc.12"
   },
   "version": "1.1.0",
-  "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
+  "packageManager": "yarn@4.11.0"
 }

server/routes/oauth/index.ts

@@ -46,8 +46,8 @@ router.post(
     authorize(user, "read", client);
 
     // Note: These objects are mutated by the OAuth2Server library
-    const request = new OAuth2Server.Request(ctx.request);
-    const response = new OAuth2Server.Response(ctx.response);
+    const request = new OAuth2Server.Request(ctx.request as any);
+    const response = new OAuth2Server.Response(ctx.response as any);
 
     const authorizationCode = await oauth.authorize(request, response, {
       // Require state to prevent CSRF attacks
@@ -106,8 +106,8 @@ router.post(
     }
 
     // Note: These objects are mutated by the OAuth2Server library
-    const request = new OAuth2Server.Request(ctx.request);
-    const response = new OAuth2Server.Response(ctx.response);
+    const request = new OAuth2Server.Request(ctx.request as any);
+    const response = new OAuth2Server.Response(ctx.response as any);
     const token = await oauth.token(request, response, {
       accessTokenLifetime: OAuthAuthentication.accessTokenLifetime,
       refreshTokenLifetime: OAuthAuthentication.refreshTokenLifetime,

server/types.ts

@@ -74,12 +74,14 @@ export type BaseReq = z.infer<typeof BaseSchema>;
 
 export type BaseRes = unknown;
 
-export interface APIContext<ReqT = BaseReq, ResT = BaseRes>
-  extends ParameterizedContext<
-    AppState,
-    DefaultContext & IRouterParamContext<AppState>,
-    ResT
-  > {
+export interface APIContext<
+  ReqT = BaseReq,
+  ResT = BaseRes,
+> extends ParameterizedContext<
+  AppState,
+  DefaultContext & IRouterParamContext<AppState>,
+  ResT
+> {
   /** Typed and validated version of request, consisting of validated body, query, etc. */
   input: ReqT;