Open niedfelj opened 4 years ago
Well, I think after chasing this around, I figured out what happened. jquery 3.5.0 was released on April 10th. And at that point, the way yarn resolves for jquery@^3.2.1 meant that it split the dependencies that would normally have both resolved to 3.4.1 resulting in one jquery version vs two of them.
Maybe this topic has already been discussed ad-nauseam here about the way yarn resolves or attempts to resolve, but I don't know of another package manager that works this way. All of them, that I can think of, try to resolve to ONE common package that satisfies all requirements - I thought that was half the point! And when looking at the requirements, this is what makes sense to me, so it's a little shocking to see two install of jQuery happening. When I'm auditing the package requirements and I see that one says anything compatible with 3.2.1 and another saying I need 3.4.1, I would expect that 3.4.1 satisfies that requirement and not that ^3.2.1 should get 3.5.1?
Bug description
This week we noticed a bug in production where 2 versions of jQuery were loading. I'm aware of the difference between dependencies and peerDependencies, as this initially looks like that issue, as you'll see below, but the strange case here is that this bug seems to be related to something changing within yarn resolution within the past 2 months, as we didn't change the package.json but are now getting this strange resolution.
Here's the package.json
Command
What is the current behavior? It says it can't resolve (cocoon-js has a jquery dependency of ^3.2.1)
What is the expected behavior? It should be able to flatten this dependency. npm has no problem with this. And the yarn.lock file that was generated 2 months ago has them flattened (I've simplified here, but can upload the original yarn.lock and full package.json if needed)
Steps to Reproduce
Environment
10.16.0
1.22.4
MacOS 10.15.4