New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
package-lock file isn't updated properly on lockfileVersion 3 #3455
Comments
Update on this: lockfile v2 is buggy too. After one BUT after that all consequent version updates fail (the same error: module not found). After investigation I got that Lerna adds |
Yet another update: after Lerna adds Most likely this breaks Lerna's algorithm to detect a package in lockfile. |
FYI I discussed this w/ some folks from npm during open office hours and they advised to open an issue as it's two pronged. First here is the link to the open issue in npm npm/cli#5967. and 2nd the feedback is that most likely lerna would need to bump the version in the lockfile as well on top of NPM being defensive. |
Enable CorePack in create-release-pr.yml npm 9.3.1 break lerna lerna/lerna#3455 npm/cli#5967
It looks like npm v9.4.2 revert this behavior. 📝 Note
|
The underlying issue still stands. |
Thanks a lot for providing the example repository! I'm pleased to say that when regenerating your lockfile on node 18.5.0 and npm 9.5.0 and using the latest lerna |
@azu @JamesHenry Thank you for your updates! I confirm that npm 9.4.2+ works like a charm. All updates I made past days (4-5 releases) worked well, all deps and lock-file deps where updated correctly. So yes, this issue is solved. Thanks :) |
Current Behavior
When
package-lock.json
file haslockfileVersion
===3 then lerna doesn't update packages' version - it causes "No matched version found" error in the end forlerna version
command.Expected Behavior
Correct behaviour: support lockfile v3 as it's used by default in the new npm projects. (change
packages.*.version
,packages.*.dependencies/devDevendencies.*.version
)It isn't regression, v3 was never supported.
Steps to Reproduce
Can you reproduce this on https://github.com/lerna/repro? -
NO
I've created my own: https://github.com/philippmalkov/lerna-lockfile-v3-bug-repro
npm i
lerna version 1.0.1 --no-push
It isn't missing package error, it actually comes from that
pkg3@^1.0.1
isn't found locally because npm builds its tree from lockfile where root packages show that they'rev1.0.0
.If you remove v3 lockfile and replace it with v2 then the same
lerna version
command will work fine.Failure Logs / Configuration
lerna-debug.log
Environment
System:
OS: macOS 13.0
CPU: (10) arm64 Apple M1 Pro
Binaries:
Node: 19.0.1 - ~/.nvm/versions/node/v19.0.1/bin/node
Yarn: 3.2.4 - ~/.nvm/versions/node/v19.0.1/bin/yarn
npm: 9.1.1 - ~/.nvm/versions/node/v19.0.1/bin/npm
Utilities:
Git: 2.37.1 - /usr/bin/git
npmPackages:
lerna: ^6.1.0 => 6.1.0
Relevant issues
Issues for lockfile v2:
#3090
#2832
#3091
#2891
The text was updated successfully, but these errors were encountered: