Open noseglid opened 6 years ago
We had the same issue, greenkeeper added "lint-staged": "^5.0.0",
on our package.json but greenkeeper-lockfile added lint-staged@5.0.0:
to the lockfile.
greenkeeper added "lint-staged": "^6.0.0"
in our package.json but greenkeeper-lockfile added lint-staged@6.0.0
We created a fork which resolves this.
yarn global add storytel/greenkeeper-lockfile#v1.12.0-storytel
I'm dissapointed in the amount of time it's taken to get this fixed, considering greenkeeper costs money AND there is an open PR which just doesn't get any response.
Everytime we get a PR for a dependency upgrade, our lockfile gets corrupted so that running
yarn --frozen-lockfile
gives the error:We get two commits in our PR (example with a recent typescript dependency upgrade): and
As you can see, the first commit correctly keep the dependency range (
tilde
in our case). While, in the second commit, the tilde is removed in theyarn.lock
file. This is what makes it corrupt.I've looked through the implementation here and it seems to boil down to the command:
Which updates
yarn.lock
andpackage.json
- and removes the tilde from both.greenkeeper-lockfile
only stages and commits the lockfile which causes the corruption.However, we want to maintain our version ranges, so even if it staged
package.json
too it wouldn't be right.It seems like if I do
yarn add -D typescript@~2.6.1
(that is, put the range in the dependencies version), it works as expected.We've been using version
1.2.1
of yarn, but see the same behavior in1.3.2
(latest right now) and0.24.8
.