New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Installing deps with range ^ doesn't pick the latest available version #3873
Comments
Yep I don't know if this related to the state of my local cache, but on an empty dir running minimatch@^3.0.5:
version "3.0.8"
resolved "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz"
integrity sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==
dependencies:
brace-expansion "^1.1.7"
minimatch@^3.1.1, minimatch@^3.1.2:
version "3.1.2"
resolved "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz"
integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==
dependencies:
brace-expansion "^1.1.7" |
I suspect it's a bug where |
Guys, it seems to me that everything works as it should, because ^(caret) only updates the patch version |
Caret ranges should update minor as well. From the npm docs (
https://docs.npmjs.com/cli/v6/using-npm/semver#caret-ranges-123-025-004):
Allows changes that do not modify the left-most non-zero digit in the
[major, minor, patch] tuple. In other words, this allows patch and minor
updates for versions 1.0.0 and above
El lun, 28 ago 2023, 1:44 p. m., sergei.tarassov ***@***.***>
escribió:
… Guys, it seems to me that everything works as it should, because ^(caret)
only updates the patch version
—
Reply to this email directly, view it on GitHub
<#3873 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAHOGVYDZWGSJGQ4QYWX2QTXXSACFANCNFSM6AAAAAA24H3ISA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
@scinos You're absolutely right! 👍 I was confused with the tilde behavior |
Any updates in the issue? I am having (I think) a similar problem. Running
|
I can confirm the same issue with bun v.1.0.1 where 1.1.6
I have not much understanding of Zig but there are not many test cases for "^" semvers in https://github.com/oven-sh/bun/blob/main/src/install/semver.zig, maybe someone who knows the language can spot a bug at first glance. |
Hey, team! Thank you for the fantastic product. We are trying to add it to the production project. In the After patching the dependency, I got the problem with one more dependency. So, we are blocked because of this issue. I'm surprised that this issue gets such a low activity. Dependency list
|
I think this function is the problem https://github.com/oven-sh/bun/blame/5d09a061004804e7f6e7cf55c3d30068efa33387/src/install/semver.zig#L1270 This functions only checks if two compared versions contain tag, and then compares their [major, minor, patch], but as in https://github.com/npm/node-semver/blob/14d263faa156e408a033b9b12a2f87735c2df42c/README.md?plain=1#L181 specification it should always return false if compared tags are different. |
I'm seeing this behavior with |
What version of Bun is running?
v0.6.15 (1790357)
What platform is your computer?
Darwin 21.6.0 arm64 arm
What steps can reproduce the bug?
Create a package with a
package.json
like:Then run
bun install
What is the expected behavior?
I'd expect to have
minimatch@3.1.2
as a dependency, as it is the highest available version that matches the range^3.0.4
, as shown bynpm info minimatch versions
:What do you see instead?
minimatch@3.0.8
is installed, as shown bybun pm ls --all
:Additional information
Checking the ranges and versions in https://semver.npmjs.com/ for
minimatch
and^3.0.4
, I saw3.0.8
is listed after3.1.2
:Looks like it was released later too:
No idea if this is related or is a red herring
The text was updated successfully, but these errors were encountered: