New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding new dependency does not honor existing version constraint in resolution #4686
Comments
I'm digging into this... Noticing that the parameters passed to That in turn builds up to the line where it checks to see if any current installed versions match the semver range: I'll continue backtracking through the code... |
OK it looks like this was introduced by #3729 specifically the line in
So if the range (
@arcanis it looks like that linked PR was yours. I'm hesitant to change anything and risk re-opening whatever that PR fixed. Could you lend a hand? |
Will look into this today 👍 |
Sooo, let's try to fix that! I don't like that packages are relying on hoisting (mark my words - even if we fix this, they will break again in the future), but us making it less efficient than it could be isn't great either. Reposting what I put on #5561:
You're right, that doesn't make a lot of sense :/ I think what I wanted to do was "if this is not a version but is a range, then use the one we already have if possible" (since the goal of the PR was to not do optimization when reading from the lockfile). As such the condition should probably be: const solvedRange = semver.valid(range) && !semver.validRange(range) ? range : info.version; |
Do you want to request a feature or report a bug?
Bug.
What is the current behavior?
Yarn does not honor already added version locks when resolving the dependencies of newly added dependencies.
If the current behavior is a bug, please provide the steps to reproduce.
yarn add react@15.6.1
yarn add storybook-router@0.2.9
What is the expected behavior?
Expected only react@15.6.1 to be installed as that can fulfill all version constraints. This is what happens if I delete the
yarn.lock
after both dependencies are in the package.json andyarn install
i.e.Please mention your node.js, yarn and operating system version.
EDIT: The original repro was done with yarn v.1.1.0, but I upgraded to 1.2.0 and this reproduces still.
The text was updated successfully, but these errors were encountered: