`yarn upgrade` breaks dependencies · yarnpkg/yarn#3202

(17 评论) (24 反应) (0 负责人)JavaScript (41,514 star) (2,731 fork)batch import

cat-bughelp wantedtriaged

描述

Do you want to request a feature or report a bug?

Bug.

What is the current behavior?

yarn upgrade updates the version of npmlog, but does not check its dependencies.

If the current behavior is a bug, please provide the steps to reproduce.

Suppose you have a very simple package.json file like following:

{
  "dependencies": {
    "npm": "^3.10.5"
  }
}

Run yarn. You will find the folder structure is like:

node_modules
├─npm@3.10.10
│  ├─npmlog@4.0.0
│  │  ├─gauge@2.6.0

Then yarn upgrade.

node_modules
├─npm@3.10.10
│  ├─npmlog@4.0.2 // it is updated, but it requires "gauge": "~2.7.1"
│  │  ├─gauge@2.6.0

What is the expected behavior?

Not only update the version of npmlog, but also inner dependencies like gauge.

Please mention your node.js, yarn and operating system version.

node v6.9.1, OSX 0.11.6

技术栈: javascriptnodejs
领域: toolingdeveloper experience
议题类型: bug
难度: 3
预计时间: half day
活动状态: stale
清晰度: clear
前置要求: basic JavaScriptnpm/yarn experiencesemver understanding
新手友好度: 45
研究方向: Investigate the yarn upgrade command implementation (likely in src/cli/commands/upgrade.js). Understand how it resolves and updates packages, especially transitive dependencies. Review comments in the issue for clues about the root cause. Consider testing with a minimal reproduction to verify the behavior.