Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Bug?]: Yarn up does not upgrade nested git dependencies
See original GitHub issueSelf-service
- I’d be willing to implement a fix
Describe the bug
Nested git dependencies do not update with yarn up package@org/repo
I don’t know if this is specifically a git problem. If you have git dependencies which themselves have git dependencies, the tree as a whole does not update properly using yarn up and even doing yarn remove + yarn add doesn’t fix the problem. These 2-level-deep dependencies are deadlocked at whatever version they resolved to when first added.
To reproduce
repoA: yarn add mypackage@myorg/repoC
repoB: yarn add mypackage@myorg/repoC
repoX: yarn add mypackage@myorg/repoA yarn add mypackage@myorg/repoB
Now make changes to repoC, and upgrade it in both repoA and repoB.
And there is now no way to ever upgrade repoC in repoX. Upgrading repoA and repoB will forever still resolve repoC to whatever it was before in repoX. Even though both repoA and repoB have the latest in their yarn.lock files. repoX will have a deadlocked repoC.
Environment
yarn dlx -q envinfo --preset jest
System:
OS: macOS 11.6
CPU: (8) arm64 Apple M1
Binaries:
Node: 16.8.0 - /private/var/folders/2d/jfjs6qcj04d7skq07hhk3tdw0000gn/T/xfs-b3dac47f/node
Yarn: 3.1.0 - /private/var/folders/2d/jfjs6qcj04d7skq07hhk3tdw0000gn/T/xfs-b3dac47f/yarn
npm: 7.21.0 - /opt/homebrew/bin/npm
npmPackages:
jest: ^26.6.2 => 26.6.3
Additional context
No response
Issue Analytics
- State:
- Created 2 years ago
- Comments:10 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
If anyone else has this issue, I’m solving by adding separate scripts for all internal dependencies to package.json like so:
So I don’t have to git log and copy/paste commits all day.
@arcanis if commit IDs are necessary, and as you say recommended, perhaps yarn cli
addandupcould do this automatically and default to writing the commit ID to the package.json - or even disallow non-deterministic resolutions all together since they create this edge case for deterministic installs.FTR, this problem created production downtime for us, because our integration was relying on the assumption that upgrading a package would result in the same dependencies that an isolated install of the package had, which was always the case with Yarn1. The isolated package passed tests but failed after integration due to stale transitive dependencies. Further integration testing is a gap in our coverage for sure. But the root problem yarn being nondeterministic. Ironically because of its attempts to be more deterministic as I now understand from your explanation.
Transitive lockfiles have no bearing on the resolution (if only because Yarn will always resolve one name/range combination to a single fixed resolution, which would be impossible if two lockfiles were both sources of truth).
The resolution turns all ranges into static references, that’s the very reason why we can say that a project install is deterministic: because the lockfile stores what it has installed, and subsequent installs use the same references.
Because it’s not the same range, hence we need to resolve it. There’s a decent case I guess that yes, if a dependency is
^1.0, if your resolution is currently1.2, if the range changes to^1.1after the dependent got upgraded, then Yarn could upgrade it to a newer1.3even if1.2would still work fine, but in practice I’ve never seen this case happen, or matter (dependency ranges are unlikely to go from^1.0to^1.1if a1.2release exists; it would just rather jump directly to^1.2).