Resolution problem with yarn install using production and flat mode

[b2m]

Do you want to request a feature or report a bug?

This is a bug or just annoying behavior as discussed in #3630.

What is the current behavior?

We are using yarn install --flat --prod --frozen-lockfile for our production builds and on our CI servers. Sometimes a resolution dependency is used both in production and dev. When a new version of this resolution dependency is released our CI builds stop working. Concrete example follows.

If the current behavior is a bug, please provide the steps to reproduce.

To reproduce this problem I created a minimal working example: yarn-test.zip.

In the attached example the library request is a resolution dependency that is required from jsdom in production and tr46 in dev. When generating the yarn.lock file using yarn install last week the resolution of request@^2.83.0 was 2.86.0 and request@^2.79.0 from tr46 is not considered in yarn.lock (because it is a pruned by resolutions?). This weekend request@2.87.0 got released and yarn install --flat --prod --frozen-lockfile is prompting:

Unable to find a suitable version for "request", please choose one by typing one of the numbers below:

1. "request@^2.83.0" which resolved to "2.86.0"
2. "request@^2.79.0" which resolved to "2.87.0"

This is annoying in multiple ways, as 2.86.0 would be a valid resolution for ^2.79.0 and tr46 will not be used or installed in production and there is no option for an automated resolution strategy.

What is the expected behavior?

New releases of any dependencies should not affect builds based on yarn.lock.

Please mention your node.js, yarn and operating system version.

• Node: 8.11.2
• OS: Ubuntu 16.04
• Yarn: 1.6.0

---

If there is a command line option or workaround to avoid this problem I would be thrilled to read about it ;)

[josh08h]

Related #1658.