Not updating yarn.lock in a yarn v3 monorepo

[AlCalzone]

Is there an existing issue for this?

• [X] I have searched the existing issues

Package ecosystem

yarn

Package manager version

3.2.0

Language version

irrelevant

Manifest location and content before the Dependabot update

You can see the changes in the following PR: https://github.com/zwave-js/log-transports/pull/144

dependabot.yml content

version: 2
updates:
- package-ecosystem: npm
  directory: "/"
  schedule:
    interval: "monthly"
    time: "04:00"
    timezone: Europe/Berlin
  open-pull-requests-limit: 5
  assignees:
    - "AlCalzone"
  versioning-strategy: increase

Updated dependency

@zwave-js/shared from >=10.3.0 to >=10.4.0

What you expected to see, versus what you actually saw

expected: yarn.lock to get updated actually: only package.json got updated. CI fails on yarn install --immutable:

Post-resolution validation
  ➤ YN0000: │ @@ -2070,15 +2070,15 @@
  ➤ YN0000: │    resolution: "@zwave-js/log-transport-json@workspace:packages/json"
  ➤ YN0000: │    dependencies:
  ➤ YN0000: │      "@types/node": ^18.11.18
  ➤ YN0000: │      "@zwave-js/core": ">=10.3.0"
  ➤ YN0028: │ -    "@zwave-js/shared": ">=10.3.0"
  ➤ YN0028: │ +    "@zwave-js/shared": ">=10.4.0"
  ➤ YN0000: │      typescript: ~4.9.5
  ➤ YN0000: │      winston: ^3.8.2
  ➤ YN0000: │      winston-transport: ^4.5.0
  ➤ YN0000: │    peerDependencies:
  ➤ YN0000: │      "@zwave-js/core": ">=10.3.0"
  ➤ YN0028: │ -    "@zwave-js/shared": ">=10.3.0"
  ➤ YN0028: │ +    "@zwave-js/shared": ">=10.4.0"
  ➤ YN0000: │      winston: ^3.7.2
  ➤ YN0000: │      winston-transport: ^4.5.0
  ➤ YN0000: │    languageName: unknown
  ➤ YN0000: │    linkType: soft
  ➤ YN0000: │ @@ -2125,9 +2125,9 @@
  ➤ YN0000: │      typescript: ~4.9.5
  ➤ YN0000: │    languageName: unknown
  ➤ YN0000: │    linkType: soft
  ➤ YN0000: │  
  ➤ YN0028: │ -"@zwave-js/shared@npm:10.3.0, @zwave-js/shared@npm:>=10.3.0":
  ➤ YN0028: │ +"@zwave-js/shared@npm:10.3.0":
  ➤ YN0000: │    version: 10.3.0
  ➤ YN0000: │    resolution: "@zwave-js/shared@npm:10.3.0"
  ➤ YN0000: │    dependencies:
  ➤ YN0000: │      alcalzone-shared: ^4.0.8
  ➤ YN0000: │ @@ -2135,8 +2135,17 @@
  ➤ YN0000: │    checksum: ee3abefb8519629dacbb7061c97dfb90bd7e744141b6106416f559198147a5b0971e981140b9e4608694d0a90370e8c54eb8981b06a49176f401be6c44ad39e9
  ➤ YN0000: │    languageName: node
  ➤ YN0000: │    linkType: hard
  ➤ YN0000: │  
  ➤ YN0028: │ +"@zwave-js/shared@npm:>=10.4.0":
  ➤ YN0028: │ +  version: 10.4.0
  ➤ YN0028: │ +  resolution: "@zwave-js/shared@npm:10.4.0"
  ➤ YN0028: │ +  dependencies:
  ➤ YN0028: │ +    alcalzone-shared: ^4.0.8
  ➤ YN0028: │ +    fs-extra: ^10.1.0
  ➤ YN0028: │ +  languageName: node
  ➤ YN0028: │ +  linkType: hard
  ➤ YN0028: │ +
  ➤ YN0000: │  "abbrev@npm:1":
  ➤ YN0000: │    version: 1.1.1
  ➤ YN0000: │    resolution: "abbrev@npm:1.1.1"
  ➤ YN0000: │    checksum: a4a97ec07d7ea112c517036882b2ac22f3109b7b19077dc656316d07d308438aac28e4d9746dc4d84bf6b1e75b4a7b0a5f3cb30592419f128ca9a8cee3bcfa17
  ➤ YN0000: │ 

Native package manager behavior

yarn.lock gets updated

Images of the diff or a link to the PR, issue, or logs

https://github.com/zwave-js/log-transports/pull/144

Smallest manifest that reproduces the issue

No response

[deivid-rodriguez]

Thanks for the report. #6516 should fix this, will try to move that PR forward a bit.

[AlCalzone]

Is the fix live yet? I'm still seeing the issue in a fresh PR: https://github.com/zwave-js/log-transports/pull/149

[deivid-rodriguez]

@AlCalzone There's still https://github.com/dependabot/dependabot-core/issues/6432 open, you issue will probably get it fixed there!

[AlCalzone]

ok will wait a bit more then.

[deivid-rodriguez]

Sorry @AlCalzone, I was wrong. The linked PR did fix this issue, we just haven't deployed it yet as you suspected. I'll deploy it and ping you when it's done.

[deivid-rodriguez]

@AlCalzone Change is deployed now, can you retry?

[AlCalzone]

Looks good 👍🏻