search

yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
https://classic.yarnpkg.com
Other
41.4k stars 2.72k forks source link

Yarn ignore main dependency version when install a sub dependency with '>=' semver range #4865

Open hersonls opened 6 years ago

hersonls commented 6 years ago

Do you want to request a feature or report a bug?

A bug.

What is the current behavior?

I have angular/compiler-cli@^4.4.0 and gulp-ngc@0.3.2 as dependency. So gulp-ngc has "@angular/compiler-cli": ">=2.4.1" dependency and yarn installs version latest version ignoring my version ^4.4.0 of angular/compiler-cli causing problems between versions.

I tried with NPM 5.5.1 and works correctly.

If the current behavior is a bug, please provide the steps to reproduce.

  1. Use this package.json: 
    {
"dependencies": {
"@angular/compiler-cli": "<5.0.0",
"gulp-ngc": "^0.3.2"
}
}
  2. Run yarn

The return will be:

$ yarn
yarn install v1.3.2
warning package.json: No license field
info No lockfile found.
warning No license field
[1/4] 🔍  Resolving packages...
warning gulp-ngc > gulp > vinyl-fs > glob-stream > minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning gulp-ngc > gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning gulp-ngc > gulp > vinyl-fs > glob-watcher > gaze > globule > glob > graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
warning " > @angular/compiler-cli@4.4.6" has unmet peer dependency "typescript@^2.0.2".
warning " > @angular/compiler-cli@4.4.6" has unmet peer dependency "@angular/compiler@4.4.6".
warning " > @angular/compiler-cli@4.4.6" has unmet peer dependency "@angular/core@4.4.6".
warning "@angular/compiler-cli > @angular/tsc-wrapped@4.4.6" has unmet peer dependency "typescript@^2.1.5".
warning "@angular/compiler-cli > @angular/tsc-wrapped > tsickle@0.21.6" has unmet peer dependency "typescript@^2.1.0".
warning "gulp-ngc > @angular/compiler-cli@5.0.0" has unmet peer dependency "typescript@>=2.4.2 <2.5".
warning "gulp-ngc > @angular/compiler-cli@5.0.0" has unmet peer dependency "@angular/compiler@5.0.0".
warning "gulp-ngc > @angular/compiler-cli > tsickle@0.24.1" has unmet peer dependency "typescript@2.4.2".
[4/4] 📃  Building fresh packages...
success Saved lockfile.
✨  Done in 6.03s.

What is the expected behavior?

I believe Yarn needs to verify if the main package.json has the same package and if it fit in the subdep semver range ( in this case: >= ), if has, don't install latest version inside of subdep.

Please mention your node.js, yarn and operating system version.

I tried with Yarn 1.2.1 too, so I update to 1.3.2 and still same behavior.

LironHazan commented 6 years ago

if you can, downgrade your node version, I had issues running yarn as well, node v.6.12 solved it for me.. (still using npm 5 btw, just node version was the issue)