yarn icon indicating copy to clipboard operation
yarn copied to clipboard

Published 20 hours ago verified publisher icon yarnpkg

Package resolved to relying on unencrypted git protocol is now broken

Open fangpenlin opened this issue 2 years ago • 1 comments

Just realized all my CI build pipeline with yarn are broken with error similar to this one:

Screenshot 2022-05-15 170211

After looking into the issue, it appears that GitHub is dropping support for unauthenticated git protocol:

https://github.blog/2021-09-01-improving-git-protocol-security-github/

It says March 15, 2022 the support will be dropped, but I guess the real feature may be dropped today? As if there are many package resolved to install via git protocol, they are now all broken. Is there a way to force yarn to avoid resolving packages to use git protocol ?

fangpenlin avatar May 16 '22 00:05 fangpenlin

One way to get the build working locally is to update your gitconfig to rewrite the URLs: git config --global url."https://github.com/".insteadOf git://github.com/ This will not fix the invalid URLs in yarn.lock, but can be used as a (temporary) workaround.

dopeh avatar May 25 '22 08:05 dopeh

I'm going to close this as it appears to be just a breaking change on GitHub's end.

RDIL avatar Sep 06 '22 20:09 RDIL