`yarn upgrade` breaks dependencies · yarnpkg/yarn#3202

(17 comments) (24 reactions) (0 assignees)JavaScript (41,514 stars) (2,731 forks)batch import

cat-bughelp wantedtriaged

Description

Do you want to request a feature or report a bug?

Bug.

What is the current behavior?

yarn upgrade updates the version of npmlog, but does not check its dependencies.

If the current behavior is a bug, please provide the steps to reproduce.

Suppose you have a very simple package.json file like following:

{
  "dependencies": {
    "npm": "^3.10.5"
  }
}

Run yarn. You will find the folder structure is like:

node_modules
├─npm@3.10.10
│  ├─npmlog@4.0.0
│  │  ├─gauge@2.6.0

Then yarn upgrade.

node_modules
├─npm@3.10.10
│  ├─npmlog@4.0.2 // it is updated, but it requires "gauge": "~2.7.1"
│  │  ├─gauge@2.6.0

What is the expected behavior?

Not only update the version of npmlog, but also inner dependencies like gauge.

Please mention your node.js, yarn and operating system version.

node v6.9.1, OSX 0.11.6

Tech stack: javascriptnodejs
Domain: toolingdeveloper experience
Issue type: bug
Difficulty: 3
Estimated time: half day
Activity status: stale
Clarity: clear
Prerequisites: basic JavaScriptnpm/yarn experiencesemver understanding
Newbie friendliness: 45
Research direction: Investigate the yarn upgrade command implementation (likely in src/cli/commands/upgrade.js). Understand how it resolves and updates packages, especially transitive dependencies. Review comments in the issue for clues about the root cause. Consider testing with a minimal reproduction to verify the behavior.