search

yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
https://classic.yarnpkg.com
Other
41.4k stars 2.73k forks source link

`yarn upgrade <git-dependency>` is reverting different git dependency's package versions #5087

Open andreialecu opened 6 years ago

andreialecu commented 6 years ago

Continued from: https://github.com/yarnpkg/yarn/issues/1573#issuecomment-351406744

Assume two git dependencies, projectA and projectB.

Running yarn upgrade projectB results in downgrading all of projectA's dependencies to some weird previous version. (several commits behind, probably caching related)

(projectA in this case is andreialecu/dpd-apn#debug if it helps)

Here's yarn.lock:

image

On the left is the current version of that particular package, with the current dependencies. This is after running just yarn upgrade -> aka the clean version.

On the right is what running yarn upgrade projectB (which is not public) does to the completely unrelated projectA (which is andreialecu/dpd-apn#debug in this case, which is available on github) -> aka the *buggy** version.

Notice how it is deciding to just revert the dependency changes that occured during the last 4 commits, even though the main package itself resolves to the same exact commit hash.

I was seeing problems because of one of the subdependencies of that package reverting every time and reintroducing a bug.

yarn -v is 1.3.2 node -v is 8.8.1

OS is Windows 10

I can reproduce it every time by doing yarn upgrade then yarn upgrade projectB (even without updating projectB at all)

yarn cache clean then yarn upgrade projectB does fix this, but the problem comes back in the future, and thus makes yarn upgrade projectB completely unreliable. In a bigger project it can downgrade various other dependencies seemingly at random and reintroduce hard to track bugs unless one keeps looking at yarn.lock all the time.

Paging @rally25rs

rally25rs commented 6 years ago

~I'm wondering if this is a caching issue, like maybe a previous version is in the cache? Could you try doing a yarn cache clean and then try reproducing the issue?~

Sorry, just noticed your last paragraph that mentions that yarn cache clean temporarily fixes it.

What is the format of this andreialecu/dpd-apn#debug dependency in your package.json file? (a URL?)

cmawhorter commented 6 years ago

I think my issue might be the same/related.

  1. I have a fork of a project liquidjs
  2. I have a project special-liquid that depends on that fork
  3. I have another project special-liquid-server that depends on special-liquid

Git dependencies are used for 2 and 3.

When I rm -fr ./node_modules on special-liquid-server and yarn install -- it works. If I run yarn upgrade though, it'll revert liquidjs to my non-fork version.

yarn.lock says it is pulling from github but what exists in node_modules is not what yarn.lock says.

My fork of liquidjs has left the version identical to the original liquidjs in package.json, so my guess is that this is related to #4722.

Edit: changing the package.json version of all the projects resolved the issue. i guess i'll just have to remember to increment version each time i commit to the upstream projects. luckily i control them.