[Bug]: pnpm lockfile occasional has improperly escaped urls

[jbedard]

What happened?

Some pnpm-lockfiles have been known to have invalid yaml causing yq to fail, for example:

resolution: {tarball: https://gitpkg.vercel.app/blockprotocol/blockprotocol/packages/%40blockprotocol/type-system-web?6526c0e}

Possible related or caused by https://github.com/pnpm/pnpm/issues/5414.

Previously use_starlark_yaml_parser was provided to workaround such issues. This is removed in rules_js v2.

Version

rules_js v2+

[gregmagolan]

For reference, incase any users hit this is the future, the comment on the rules_js 1.0 npm_translate_lock use_starlark_yaml_parser attribute goes into more detail:

https://github.com/aspect-build/rules_js/blob/4f0ed808e2a1daaaf08ae65ee1a9428986371daf/npm/private/npm_translate_lock.bzl#L545

We removed this opt-out to use the Starlark parser in rules_js 2.0 since this is a very rare case that I have not heard of a single report of in the wild. Dropping the old Starlark parser results in a smaller surface area for maintainers of rules_js.

If someone does hit this in the future, the principled fix is in pnpm so that it generates valid yaml that yq can parse.