From b942e7fdad779cb277eda19cc36c4d8153c8febc Mon Sep 17 00:00:00 2001 From: Omri SirComp Date: Wed, 27 May 2026 11:12:25 +0300 Subject: [PATCH] fix: allow yarn v4 audit resolution --- sca/bom/buildinfo/technologies/yarn/yarn.go | 10 ++++++---- .../buildinfo/technologies/yarn/yarn_test.go | 19 +++++++++++++++++++ 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/sca/bom/buildinfo/technologies/yarn/yarn.go b/sca/bom/buildinfo/technologies/yarn/yarn.go index 00f7d61c0..8b76ea7bf 100644 --- a/sca/bom/buildinfo/technologies/yarn/yarn.go +++ b/sca/bom/buildinfo/technologies/yarn/yarn.go @@ -102,10 +102,8 @@ func configureYarnResolutionServerAndRunInstall(params technologies.BuildInfoBom if err != nil { return } - // Checking if the current yarn version is Yarn V1 ro Yarn v4, and if so - abort. Resolving dependencies from artifactory is currently not supported for Yarn V1 and V4 - yarnVersion := version.NewVersion(executableYarnVersion) - if yarnVersion.Compare(yarnV2Version) > 0 || yarnVersion.Compare(yarnV4Version) <= 0 { - err = errors.New("resolving Yarn dependencies from Artifactory is currently not supported for Yarn V1 and Yarn V4. The current Yarn version is: " + executableYarnVersion) + if !isArtifactoryResolutionSupported(executableYarnVersion) { + err = errors.New("resolving Yarn dependencies from Artifactory is currently not supported for Yarn V1. The current Yarn version is: " + executableYarnVersion) return } @@ -138,6 +136,10 @@ func configureYarnResolutionServerAndRunInstall(params technologies.BuildInfoBom return runYarnInstallAccordingToVersion(curWd, yarnExecPath, params.InstallCommandArgs) } +func isArtifactoryResolutionSupported(yarnVersion string) bool { + return version.NewVersion(yarnVersion).Compare(yarnV2Version) <= 0 +} + // We verify the project's installation status by examining the presence of the yarn.lock file and the presence of an installation command provided by the user. // If install command was provided - we install // If yarn.lock is missing, we should install unless the user has explicitly disabled auto-install. In this case we return an error diff --git a/sca/bom/buildinfo/technologies/yarn/yarn_test.go b/sca/bom/buildinfo/technologies/yarn/yarn_test.go index be564f670..c851743cc 100644 --- a/sca/bom/buildinfo/technologies/yarn/yarn_test.go +++ b/sca/bom/buildinfo/technologies/yarn/yarn_test.go @@ -232,3 +232,22 @@ func TestSkipBuildDepTreeWhenInstallForbidden(t *testing.T) { }) } } + +func TestArtifactoryResolutionSupportedYarnVersions(t *testing.T) { + testCases := []struct { + name string + version string + supported bool + }{ + {name: "yarn v1", version: "1.22.22", supported: false}, + {name: "yarn v2", version: "2.4.3", supported: true}, + {name: "yarn v3", version: "3.8.7", supported: true}, + {name: "yarn v4", version: "4.5.3", supported: true}, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + assert.Equal(t, testCase.supported, isArtifactoryResolutionSupported(testCase.version)) + }) + } +}