Migrate to Yarn v2 to resolve duplicate dependency issues

[jawnsy]

In #3161, @scinos suggested we use yarn-deduplicate to fix duplicate dependencies in our lockfile (link to comment). The yarn-deduplicate project README says:

This package only works with Yarn v1. Yarn v2 supports package deduplication natively!

So it seems like we could consider migrating to v2 as an alternative way to avoid this problem. The yarn documentation mentions that it's intended to be installed on a per-project basis (rather than globally) so we should be able to progressively upgrade our projects. There is also a migration guide that provides step-by-step instructions.

[oxy]

I've looked at migrating to yarn v2 before - one major problem for us is the lack of support from some of the tools we use right now; for example, Dependabot only supports npm and yarn v1; we'd need to find another tool to use to do that.

See dependabot/dependabot-core#1297 (comment) - GitHub says that yarn 2 adoption is low; and cites it as the primary reason for them to delay implementing support for it; though yarn maintainers disagree.

https://github.com/renovatebot/renovate does support yarn however; its a discussion on if it would be worth switching tools for it to work.

In addition, vscode is still on yarn 1, and "re-migrating" everytime we pull the VSCode tree may not be worth the effort; we'd end up having a split between yarn 2 for our main package and yarn 1 inside lib/vscode (which should work, but may be confusing/cumbersome to newcomers), or we'd have to re-migrate every time we update vscode, which is not ideal.

I also looked at moving to npm v7 (which does support reading yarn.lock v1 files) but VSCode's preinstall/postinstall script has a check if its being called by npm and forces an exit - we might be able to get away with simply patching out the warning, but I did not know if I'd uncover other issues and there were higher-priority issues than tooling at the time.

It's ultimately a question if the migration has benefits that outweigh the cost (potential confusion because v1/v2 mix; migrating from dependabot to renovatebot)

[oxy]

Another important note that I didn't add above; npm v7 currently doesn't have an alternative to yarn's resolutions functionality - they're planning to add overrides in a future 7.x release - npm/rfcs#129 - but there's nothing yet.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no activity occurs in the next 5 days.

[jawnsy]

Removed stale label as I think this still applies

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no activity occurs in the next 5 days.