what stackpulse tracks
Yarn releases from GitHub
StackPulse watches Yarn release notes and keeps the original source link close to every summary.
#stacks/yarn/tooling
Yarn release notes, breaking changes, and upgrade notes.
Modern package management for JavaScript projects StackPulse turns upstream changelogs into scannable summaries with risky changes, deprecations, migration notes, and source links.
releases
6
breaking
1
security
1
deprecated
0
migrations
0
upgrade risk
Breaking changes and deprecations
Risky changes are separated from normal feature notes so you can scan upgrade impact before changing production dependencies.
migration notes
Source-backed next steps
Migration steps and recommended actions are only shown when the upstream release notes support them.
# latest_releases
source-backed@yarnpkg/cli/4.14.0highbreakingfeaturesecurityApr 16, 2026
v4.14.0
This release introduces several improvements, including default disabling of scripts for enhanced security, support for OIDC auth in CircleCI, and fixes for Node 25.7+ compatibility and PnP watch mode.
affected
Users relying on script execution by default may need to explicitly enable scripts in their configuration.
action
Review and update your Yarn configuration if your workflow depends on script execution.
release_signals
-`enableScripts: false` is now the default, which may break workflows relying on script execution.
!Default disabling of scripts (`enableScripts: false`) enhances security by preventing unintended script execution.
+Adds `approvedGitRepositories` to manage trusted Git repositories.
+Supports OIDC auth for CircleCI in the npm plugin.
+Allows specifying a version or range in the `why` command.
+Makes `enableScripts: false` the default for improved security.
+Ensures the `exec:` protocol respects `enableScripts`.