install --frozen-lockfile --force behaves like --pure-lockfile

[torinthiel]

Do you want to request a feature or report a bug?
Bug

What is the current behavior?
Yarn install incorrectly behaves when both --frozen-lockfile and --force are present.

If the current behavior is a bug, please provide the steps to reproduce.
0. Clone https://gist.github.com/1c31682a46ae4ef33f544377003075f7.git

1. Examine package.json and yarn.lock in this repository. Note that while
   yarn.lock specifies the dependency (lodash used as an example, but the
   exact package is not important) at one version, package.json has the
   dependency version updated.
2. Run yarn install --frozen-lockfile. Note that it bails out with an error
   that lockfile should be updated.
3. Run yarn install --frozen-lockfile --force. Note that the command succeeds.
   The version installed in node_modules is different than lockfile specifies,
   but lockfile is not updated. This behaviour is identical as if
   yarn install --pure-lockfile was run at this point.
4. Finally run yarn install and confirm that lockfile is indeed updated.

What is the expected behavior?
https://yarnpkg.com/en/docs/cli/install says that --frozen-lockfile fails if an update to lockfile is needed. Description of --force does not involve lockfile, only refetching packages. Description of neither --frozen-lockfile nor --force mentions any exception nor possible interactions between those two.Therefore I'd expect yarn install --force --frozen-lockfile to bail out if lockfile is outdated.

Please mention your node.js, yarn and operating system version.

$ node -v 
v8.9.4
$ yarn -v
1.3.2

[rzontar]

We run into the same issue on our CI builds, where both --force and --frozen-lockfile parameters are present.

yarn -v
1.22.4