Incorrect dependency prefix after upgrade

[noseglid]

Everytime we get a PR for a dependency upgrade, our lockfile gets corrupted so that running yarn --frozen-lockfile gives the error:

error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.

We get two commits in our PR (example with a recent typescript dependency upgrade): and

As you can see, the first commit correctly keep the dependency range (tilde in our case). While, in the second commit, the tilde is removed in the yarn.lock file. This is what makes it corrupt.

I've looked through the implementation here and it seems to boil down to the command:

yarn add -D --tilde typescript@2.6.1

Which updates yarn.lock and package.json - and removes the tilde from both.

greenkeeper-lockfile only stages and commits the lockfile which causes the corruption.

However, we want to maintain our version ranges, so even if it staged package.json too it wouldn't be right.

It seems like if I do yarn add -D typescript@~2.6.1 (that is, put the range in the dependencies version), it works as expected.

We've been using version 1.2.1 of yarn, but see the same behavior in 1.3.2 (latest right now) and 0.24.8.

[fczuardi]

We had the same issue, greenkeeper added "lint-staged": "^5.0.0", on our package.json but greenkeeper-lockfile added lint-staged@5.0.0: to the lockfile.

[ivarconr]

greenkeeper added "lint-staged": "^6.0.0" in our package.json but greenkeeper-lockfile added lint-staged@6.0.0

[noseglid]

We created a fork which resolves this.

yarn global add storytel/greenkeeper-lockfile#v1.12.0-storytel

I'm dissapointed in the amount of time it's taken to get this fixed, considering greenkeeper costs money AND there is an open PR which just doesn't get any response.