Comments (3)
I understand that all the version ranges are satisfied in either case, so it isn't wrong per se, but it's an incredibly frustrating experience. We try to keep a minimal number of versions of each dependency in the lock file and it turns into a huge game of whackamole. If we try to update a single dependency, it updates three other random ones - and not all of them. We then have to update the old versions of those three in the lock file and it then updates another five other random ones leaving again the rest unchanged and so on for half a dozen rounds. It's not updating everything, which would probably minimize the number of versions in the file, but some small random subset.
from pnpm.
I'd be surprised if this is considered a bug. What's happening here is very likely that pnpm performs full dependency resolution whenever any dependencies are modified, and your dependency / semver ranges for other dependencies allow more recent versions for them.
For example, if you initially installed dependency x@1^.0.0
(meaning it's allowed to go 1.0.0 <= x < 2.0.0) and a new version [email protected]
is pushed, x
will be updated in the lock file to 1.1.0
if you make edits to any other dependency (such as npm i undici
.
Best I'm aware, most other dependency managers act this way. The whole point of dependency ranges is so that you permit "automatic" updates within a given range. If you don't want them, pin your dependencies precisely, avoiding use of ~
and ^
.
from pnpm.
How did you end up updating undici
? I tried some stuff and the only way I could update it using pnpm was to delete the lockfile and node_modules (if it existed) and then install dependencies which, of course, generates a new lockfile.
I also noticed that the lockfile after the reproduction steps is identical to the lockfile after following those steps but replacing the last step with pnpm update asdfjklasdfjklasdkfjasldfj
(a non-existent package). Maybe pnpm update <package>
doesn't necessarily update a package if it isn't in package.json
.
from pnpm.
Related Issues (20)
- **/.env published to npm by default.
- Add Output option --reporter to help of pnpm import
- Race condition in "@zkochan/cmd-shim" produces corrupted bin scripts HOT 2
- Set destination filename with pnpm pack
- `cd` command failed on Windows with `shell-emulator=true` in `.npmrc`
- `pnpm install --silent` hangs if some deps can't be satisfied
- Wrong tag stated in `pnpm publish` output
- `pnpm licenses ls` does not list optionalDependencies of dependencies HOT 2
- `corepack pnpm@<version>` doesn't work anymore. HOT 4
- `ERR_PNPM_OTHER_PM_EXPECTED This project is configured to use yarn` while installing git-hosted package
- Broken bin scripts in Windows HOT 1
- require() does not work for optionalDependencies HOT 1
- Add a `use-pnpm-version` option to .npmrc to specify a project-specific version and use it automatically HOT 4
- Absolute paths in pnpm-lock.yml when using resolutions HOT 3
- Very slow interactive upgrade on linux HOT 2
- Running `pnpm install` over a broken lockfile results in dependencies getting upgraded to latest in range when removing `node_modules` beforehand HOT 2
- load_code_signature: embedded signature doesn't match attached signature HOT 1
- "pnpm install" or "pnpm install --offline" deletes or modifies files from the .pnpm-store HOT 1
- Hoist options won't hoist workspace packages in a monorepo HOT 4
- Error when pnpm exec pwd not at root dir HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pnpm.