external module/lib dependency overrides project dependency

[zanona]

Supposing my project uses the following:

my-app/package.json

{
  "volo": {
    "dependencies": {
      "jquery": "jquery/jquery/1.11.1",
      "widget": "username/widget/1.0.0"
   }
}

Where I would like to use jQuery 1.11.1 and widget 1.0.0 (made up for the example) where

widget/package.json

{
  "volo": {
    "dependencies": {
      "jquery": "jquery/jquery"
   }
}

Apparently when using volo update on my application directory, it first downloads jQuery 1.11.1 and then since widget defined a dependency to jquery but does not specify the version, it will always return the latest (currently 2.1.1). However, this then replaces the jquery version I would like to use in my project which is 1.11.1.

volo install or volo add will work fine whilst there are no downloaded dependencies under baseUrl. However, in case once wishes to update installed packages, the problem mentioned above will occur.

Perhaps we could be able to enforce external modules to use different declarations under their package.json which won't override the main project's dependency version requirements?

Perhaps more semver statements like jquery/^1.11.1 or jquery/>=1.11.1?

[jrburke]

I filed #204 to update the semver used in the project, and that will go out with the recently published 0.3.4. Does that fit the need here?

Note that volo only installs one version of jQuery in this case, unless you are using -f on the install, then it will overwrite. What is a bit less clear is which one is winning in this description.

If the semver update is not enough, then perhaps a test project with the command line commands that were run would help figure out if another issue is involved.

Going to speculatively close based on the semver update, but if there is something more going on, we can continue the discussion here and reopen as needed.