Open jonahsnider opened 11 months ago
Will this be fixed in 1.0.5?
for future readers:
after bun add convert --exact
# package.json
{
"dependencies": {
"convert": "5.0.0"
}
}
# bun.lockb
convert@^5.0.0:
version "5.0.0"
resolved "https://registry.npmjs.org/convert/-/convert-5.0.0.tgz"
integrity sha512-29kAvWXhWpL2Lhhmseb0Y/sJnE4RA62TAwG9qTJP4dJvnABqFOLNLlwuYCiRYCeOfTD0GPkCJBlKDY50gDjVbg==
then after bun install
:
# package.json is unchanged
{
"dependencies": {
"convert": "5.0.0"
}
}
# bun.lockb is fixed
convert@5.0.0:
version "5.0.0"
resolved "https://registry.npmjs.org/convert/-/convert-5.0.0.tgz"
integrity sha512-29kAvWXhWpL2Lhhmseb0Y/sJnE4RA62TAwG9qTJP4dJvnABqFOLNLlwuYCiRYCeOfTD0GPkCJBlKDY50gDjVbg==
What version of Bun is running?
1.0.2+37edd5a6e389265738e89265bcbdf2999cb81a49
What platform is your computer?
Darwin 22.6.0 arm64 arm
What steps can reproduce the bug?
Create a file
lockfile.test.ts
in a new directory with the following contents:Run the script with
bun test
. The test fails because of this bug.What is the expected behavior?
The updated lockfile from
bun add --exact
should contain an exact version of the added dependency, not a^
range.For example, for the package
convert
,bun.lockb
should be:What do you see instead?
Instead,
bun.lockb
will be:Additionally concerning: the
--hash
value in both lockfiles is the same, despite the lockfiles being different.Additional information
No response