search

yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
https://classic.yarnpkg.com
Other
41.44k stars 2.72k forks source link

Can't get yarn to resolve what should be compatible jQuery versions #8103

Open niedfelj opened 4 years ago

niedfelj commented 4 years ago

Bug description

This week we noticed a bug in production where 2 versions of jQuery were loading. I'm aware of the difference between dependencies and peerDependencies, as this initially looks like that issue, as you'll see below, but the strange case here is that this bug seems to be related to something changing within yarn resolution within the past 2 months, as we didn't change the package.json but are now getting this strange resolution.

Here's the package.json

{
  "name": "example",
  "private": true,
  "dependencies": {
    "cocoon-js": "0.0.5",
    "jquery": "3.4.1"
  }
}

Command

yarn install --flat

What is the current behavior? It says it can't resolve (cocoon-js has a jquery dependency of ^3.2.1)

yarn install v1.22.4
[1/4] 🔍  Resolving packages...
info Unable to find a suitable version for "jquery", please choose one by typing one of the numbers below:
  1) "jquery@^3.2.1" which resolved to "3.5.1"
  2) "jquery@3.4.1" which resolved to "3.4.1"
Answer?:

What is the expected behavior? It should be able to flatten this dependency. npm has no problem with this. And the yarn.lock file that was generated 2 months ago has them flattened (I've simplified here, but can upload the original yarn.lock and full package.json if needed)

Steps to Reproduce

  1. Create a package.json as listed above
  2. Run yarn install or yarn install --flat

Environment

niedfelj commented 4 years ago

Well, I think after chasing this around, I figured out what happened. jquery 3.5.0 was released on April 10th. And at that point, the way yarn resolves for jquery@^3.2.1 meant that it split the dependencies that would normally have both resolved to 3.4.1 resulting in one jquery version vs two of them.

Maybe this topic has already been discussed ad-nauseam here about the way yarn resolves or attempts to resolve, but I don't know of another package manager that works this way. All of them, that I can think of, try to resolve to ONE common package that satisfies all requirements - I thought that was half the point! And when looking at the requirements, this is what makes sense to me, so it's a little shocking to see two install of jQuery happening. When I'm auditing the package requirements and I see that one says anything compatible with 3.2.1 and another saying I need 3.4.1, I would expect that 3.4.1 satisfies that requirement and not that ^3.2.1 should get 3.5.1?