Do you want to request a feature or report a bug?
bug
What is the current behavior?
I have the following package.json:
{
"flat": true,
"dependencies": {
"some-dep-using-lodash": "V1"
"some-other-dep-using-lodash": "V1"
},
"resolutions": {
"lodash": "4.17.4",
}
When I run yarn it generates the following yarn.lock:
[email protected], [email protected], [email protected], lodash@^3.0.0, lodash@^3.0.1, lodash@^3.10.1, lodash@^3.8.0, lodash@^4.0.0, lodash@^4.11.1, lodash@^4.14.0, lodash@^4.16.6, lodash@^4.17.2, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.3.0, lodash@^4.5.0, lodash@^4.8.0, lodash@~4.17.4:
version "4.17.4"
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz#78203a4d1c328ae1d86dca6460e369b57f4055ae"
But then when our CI runs yarn --frozen-lockfile we get the output:
D:\projects\komed-health-web>yarn --frozen-lockfile
yarn install v1.0.2
[1/4] Resolving packages...
warning Lockfile has incorrect entry for "lodash@^3.8.0". Ignoring it.
warning Lockfile has incorrect entry for "lodash@^3.10.1". Ignoring it.
warning Lockfile has incorrect entry for "lodash@^3.0.0". Ignoring it.
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
warning Lockfile has incorrect entry for "lodash@^3.0.1". Ignoring it.
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
If the current behavior is a bug, please provide the steps to reproduce.
run yarn once to generate lock file and then yarn --frozen-lockfile
What is the expected behavior?
I'm not sure if it is a bug. First of all: What do the warning messages mean?
But my guess is if you have warnings then yarn --frozen-lockfile should not fail, right?
I'm 100% sure the dependencies are the same when running yarn and yarn --frozen-lockfile. I ran them 10 sec after each other.
Please mention your node.js, yarn and operating system version.
Node: v6.9.1
yarn: 1.0.2
Windows + Linux
BorntraegerMarc
All 12 comments
This looks like --frozen-lockfile not taking resolutions into account (and possibly flat: true) too. This shouldn't be too hard to fix (but has the potential to be).
Anyone willing to give it a shot?
BYK
on 16 Sep 2017
I get the exactly same error without --frozen-lockfile. So probably flat: true is the problem
BorntraegerMarc
on 16 Sep 2017
@BorntraegerMarc then it is flat: true not taking resolutions into account for some reason.
BYK
on 16 Sep 2017
Can you edit the issue title to reflect the refined scope?
BYK
on 16 Sep 2017
Hmmm i don't think the issue is only with flat: true. because if I run only yarn without --frozen-lockfile then the install at least succeeds (although the warnings still persists). Only when running --frozen-lockfile the whole install fails with the error above. error Your lockfile needs to be updated, but yarn was run with--frozen-lockfile.
BorntraegerMarc
on 16 Sep 2017
@BYK Is there an update on this issue? It's blocking us at the moment...
BorntraegerMarc
on 22 Sep 2017
@BorntraegerMarc not yet sorry. I've merged #4488 today which may help. Would you like to give nightlies a try: https://yarnpkg.com/en/docs/nightly
BYK
on 22 Sep 2017
@BYK doesn't seem to work with nightlies:
D:\projects\komed-health-web>yarn --frozen-lockfile
yarn install v1.1.0-20170922.1940
[1/4] Resolving packages...
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
warning Lockfile has incorrect entry for "minimist@~0.0.1". Ignoring it.
error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
@BYK still not working with latest... Do you know something more?
BorntraegerMarc
on 28 Sep 2017
Could somebody remove the "needs-investigation" label? I think the issue is quite clear/proven and just needs to be fixed...
BorntraegerMarc
on 11 Oct 2017
I just tried to reproduce this with v1.0.2 and v1.2.1. Both give me the 'incorrect entry' warnings, but neither fails with a need to update the lockfile. This might have something to do with some exact pair of dependencies? I tried these:
{
"flat": true,
"dependencies": {
"eslint": "4.8.0",
"jshint": "2.9.5"
},
"resolutions": {
"lodash": "4.17.4",
"chalk": "2.1.0",
"strip-ansi": "4.0.0",
"strip-json-comments": "2.0.1",
"ansi-styles": "3.2.0",
"supports-color": "4.4.0",
"ansi-regex": "3.0.0",
"readable-stream": "2.3.3",
"isarray": "1.0.0",
"string_decoder": "1.0.3",
"acorn": "5.1.2",
"domelementtype": "1.3.0",
"entities": "1.0.0"
}
}
which have a whole bunch of conflicting libraries that needed resolutions.
Yarn v1.0.2
$ yarn install --frozen-lockfile
yarn install v1.0.2
warning package.json: No license field
warning No license field
[1/4] ๐ Resolving packages...
warning Lockfile has incorrect entry for "chalk@^1.1.3". Ignoring it.
warning Lockfile has incorrect entry for "acorn@^3.0.4". Ignoring it.
warning Lockfile has incorrect entry for "ansi-styles@^2.2.1". Ignoring it.
warning Lockfile has incorrect entry for "strip-ansi@^3.0.0". Ignoring it.
warning Lockfile has incorrect entry for "supports-color@^2.0.0". Ignoring it.
warning Lockfile has incorrect entry for "ansi-regex@^2.0.0". Ignoring it.
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
warning Lockfile has incorrect entry for "domelementtype@~1.1.1". Ignoring it.
warning Lockfile has incorrect entry for "entities@~1.1.1". Ignoring it.
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
warning Lockfile has incorrect entry for "string_decoder@~0.10.x". Ignoring it.
[2/4] ๐ Fetching packages...
[3/4] ๐ Linking dependencies...
warning "[email protected]" has incorrect peer dependency "ajv@>=5.0.0".
[4/4] ๐ Building fresh packages...
โจ Done in 1.94s.
Yarn v1.2.1
$ yarn install --frozen-lockfile
yarn install v1.2.1
warning package.json: No license field
warning No license field
[1/4] ๐ Resolving packages...
warning Lockfile has incorrect entry for "chalk@^1.1.3". Ignoring it.
warning Lockfile has incorrect entry for "acorn@^3.0.4". Ignoring it.
warning Lockfile has incorrect entry for "ansi-styles@^2.2.1". Ignoring it.
warning Lockfile has incorrect entry for "strip-ansi@^3.0.0". Ignoring it.
warning Lockfile has incorrect entry for "supports-color@^2.0.0". Ignoring it.
warning Lockfile has incorrect entry for "ansi-regex@^2.0.0". Ignoring it.
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
warning Lockfile has incorrect entry for "domelementtype@~1.1.1". Ignoring it.
warning Lockfile has incorrect entry for "entities@~1.1.1". Ignoring it.
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
warning Lockfile has incorrect entry for "string_decoder@~0.10.x". Ignoring it.
[2/4] ๐ Fetching packages...
[3/4] ๐ Linking dependencies...
[4/4] ๐ Building fresh packages...
โจ Done in 1.75s.
@BorntraegerMarc would it be possible to be more specific as to what dependencies are failing?
rally25rs
on 12 Oct 2017
@rally25rs thanks for pointing this out. that was exactly my problem. I specified conflicting versions of core-js & jasmine-core in resolutions. after re-specifying it works again!
Was a tough nut to crack because I had to go through all dependencies and manually deleting one run yarn and then yarn --frozen-lockfile to check if it changes something. Hope this helps somebody ๐
gonna close the issue...
BorntraegerMarc
on 12 Oct 2017
Related issues
baptistelebail
ยท
3Comments
AzGoalie
ยท
3Comments
victornoel
ยท
3Comments
chiedo
ยท
3Comments
MunifTanjim
ยท
3Comments