Is your feature request related to a problem? Please describe.
Yarn is currently used as a direct dependency, https://github.com/oclif/plugin-plugins/blob/main/package.json#L18. This version of yarn being used is no longer being maintained and now even has a CVE opened against it https://nvd.nist.gov/vuln/detail/CVE-2025-8262
Describe the solution you'd like
A solution that doesn't involve making a package manager a direct dependency (or at the very least, an upgrade to the latest line of yarn, which is 4.x.x).
Additional context
Some relevant threads (where it said usage with other versions was being worked on, but that was years ago)
#203
#71
Is your feature request related to a problem? Please describe.
Yarn is currently used as a direct dependency, https://github.com/oclif/plugin-plugins/blob/main/package.json#L18. This version of yarn being used is no longer being maintained and now even has a CVE opened against it https://nvd.nist.gov/vuln/detail/CVE-2025-8262
Describe the solution you'd like
A solution that doesn't involve making a package manager a direct dependency (or at the very least, an upgrade to the latest line of yarn, which is 4.x.x).
Additional context
Some relevant threads (where it said usage with other versions was being worked on, but that was years ago)
#203
#71