/yarn

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

impossible to update package without pulling in updates of all dependencies #5475

Open
rsichny opened this Issue Mar 7, 2018 · 7 comments

Comments

Assignees

@rally25rs rally25rs

Labels
Projects
None yet
Milestone
No milestone
6 participants
@rsichny @rally25rs @ajomadlabs @ruslan-polutsygan @felixfbecker @atcase
@rsichny

rsichny commented Mar 7, 2018
edited

Do you want to request a feature or report a bug?
bug

What is the current behavior?

  1. there's a package.json, where "<packagename>": "~4.6.0", dependency is defined
  2. there's an entry in yarn.lock, which has the following lines:
"<packagename>@~4.6.0":
  version "4.6.73"
  resolved "https://<repository-url>/<packagename>-4.6.73.tgz#376e31e5ee9f7c6bb2c89d3921bfe7b24b6a75cf"
  dependencies:
    bootstrap-sass "^3.3.7"
    ember-bootstrap "^1.0.0"
    ember-bootstrap-datetimepicker "^1.1.0"
    ember-cli-babel "^5.1.7"
    ember-cli-htmlbars "^1.3.4"
    ember-cli-moment-shim "^3.5.0"
    ember-cli-string-helpers "^1.5.0"
    ember-component-css "^0.3.7"
    ember-config-service "^0.1.5"
    ember-font-awesome "^3.1.0"
    ember-moment "^7.4.1"
    ember-power-select "^1.10.4"
    ember-sticky-element "0.1.3"
    ember-truth-helpers "^2.0.0"
    eonasdan-bootstrap-datetimepicker "^4.17.47"
  1. there's a new version of <packagename> in repository (4.6.74)
  2. the only thing that is changed in the new version of <packagename> is package.json file (with version bumped). Just one number, no other changes at all.

There is no way to update <packagename> from 4.6.73 to 4.6.74 without updating all its dependencies

What is the expected behavior?
With yarn 1.3.2 we could run yarn add <packagename>@~4.6.0 --force and the package would be updated correctly, in 1.5.1 this doesn't do anything. There's no other way of doing update like that (yarn update pulls updates for other dependencies which is unacceptable).

Please mention your node.js, yarn and operating system version.

yarn versions v1.5.1
{ yarn: '1.5.1',
  http_parser: '2.7.0',
  node: '6.10.2',
  v8: '5.1.281.98',
  uv: '1.9.1',
  zlib: '1.2.11',
  ares: '1.10.1-DEV',
  icu: '58.2',
  modules: '48',
  openssl: '1.0.2k' }

@heupr heupr bot assigned rally25rs Mar 7, 2018

@heupr heupr bot added the triaged label Mar 7, 2018

@rsichny rsichny changed the title from impossible to update package without pulling in all dependencies to impossible to update package without pulling in updates of all dependencies Mar 7, 2018

@rally25rs

This comment has been minimized.

Show comment
Hide comment
@rally25rs

rally25rs Mar 9, 2018

Contributor

Can you use yarn update <packagename>? Docs are here: https://yarnpkg.com/en/docs/cli/upgrade

edit:

Oh wait, you want to upgrade <packagename> without upgrading all these?

    bootstrap-sass "^3.3.7"
    ember-bootstrap "^1.0.0"
    ember-bootstrap-datetimepicker "^1.1.0"
    ember-cli-babel "^5.1.7"
    ember-cli-htmlbars "^1.3.4"
    ember-cli-moment-shim "^3.5.0"
    ember-cli-string-helpers "^1.5.0"
    ember-component-css "^0.3.7"
    ember-config-service "^0.1.5"
    ember-font-awesome "^3.1.0"
    ember-moment "^7.4.1"
    ember-power-select "^1.10.4"
    ember-sticky-element "0.1.3"
    ember-truth-helpers "^2.0.0"
    eonasdan-bootstrap-datetimepicker "^4.17.47"

Don't run yarn upgrade <packagename> then, because by popular community demand, it will update all the transitive deps (yarn v1.0 used to not, but a bunch of people opened issues saying it should upgrade transitive deps too).

Hmm, I wonder if that behavior changed then. It might be finding the version in the lockfile and using that locked version despite the --force flag.
Contributor

rally25rs commented Mar 9, 2018
edited

Can you use yarn update <packagename>? Docs are here: https://yarnpkg.com/en/docs/cli/upgrade

edit:

Oh wait, you want to upgrade <packagename> without upgrading all these?

    bootstrap-sass "^3.3.7"
    ember-bootstrap "^1.0.0"
    ember-bootstrap-datetimepicker "^1.1.0"
    ember-cli-babel "^5.1.7"
    ember-cli-htmlbars "^1.3.4"
    ember-cli-moment-shim "^3.5.0"
    ember-cli-string-helpers "^1.5.0"
    ember-component-css "^0.3.7"
    ember-config-service "^0.1.5"
    ember-font-awesome "^3.1.0"
    ember-moment "^7.4.1"
    ember-power-select "^1.10.4"
    ember-sticky-element "0.1.3"
    ember-truth-helpers "^2.0.0"
    eonasdan-bootstrap-datetimepicker "^4.17.47"

Don't run yarn upgrade <packagename> then, because by popular community demand, it will update all the transitive deps (yarn v1.0 used to not, but a bunch of people opened issues saying it should upgrade transitive deps too).

Hmm, I wonder if that behavior changed then. It might be finding the version in the lockfile and using that locked version despite the --force flag.

@rally25rs rally25rs added cat-bug help wanted good first issue labels Mar 9, 2018

@ajomadlabs

This comment has been minimized.

Show comment
Hide comment
@ajomadlabs

ajomadlabs Mar 9, 2018

Can I take up this issue

ajomadlabs commented Mar 9, 2018

Can I take up this issue
@rsichny

This comment has been minimized.

Show comment
Hide comment
@rsichny

rsichny Mar 9, 2018

Oh wait, you want to upgrade without upgrading all these?

right, and i agree that yarn update should update them, but having no way to update <packagename> without updating its dependencies is bad.

Hmm, I wonder if that behavior changed then.

It definitely did. yarn add --force worked fine for us before 1.5.1.

rsichny commented Mar 9, 2018
edited

Oh wait, you want to upgrade without upgrading all these?

right, and i agree that yarn update should update them, but having no way to update <packagename> without updating its dependencies is bad.

Hmm, I wonder if that behavior changed then.

It definitely did. yarn add --force worked fine for us before 1.5.1.
@rsichny

This comment has been minimized.

Show comment
Hide comment
@rsichny

rsichny Mar 9, 2018

Also, i'd say the most suitable solution would be an option for yarn update (like --prefer-locked-dependencies) which would only trigger the upgrade of transitive dependencies if it is really required.

rsichny commented Mar 9, 2018

Also, i'd say the most suitable solution would be an option for yarn update (like --prefer-locked-dependencies) which would only trigger the upgrade of transitive dependencies if it is really required.
@ruslan-polutsygan

This comment has been minimized.

Show comment
Hide comment
@ruslan-polutsygan

ruslan-polutsygan Apr 12, 2018

Don't run yarn upgrade then ..

How can I upgrade only one package then?

ruslan-polutsygan commented Apr 12, 2018

Don't run yarn upgrade then ..

How can I upgrade only one package then?
@felixfbecker

@atcase atcase referenced a pull request that will close this issue Oct 2, 2018

Open

Add --prefer-locked-dependencies option to upgrade command #6471

@atcase

This comment has been minimized.

Show comment
Hide comment
@atcase

atcase Oct 2, 2018

I’ve opened PR #6471 which is my attempt to implement this. It worked for some rudimentary test cases I tried on my machine. I’d love to hear if this works for others too.

atcase commented Oct 2, 2018

I’ve opened PR #6471 which is my attempt to implement this. It worked for some rudimentary test cases I tried on my machine. I’d love to hear if this works for others too.

@felixfbecker felixfbecker referenced this issue Oct 7, 2018

Open

npm updates are not shallow #2348

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment