Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm update --save in [email protected] does not respect exact versions #4329

Closed
matthewmayer opened this issue Jan 26, 2022 · 1 comment
Closed

npm update --save in [email protected] does not respect exact versions #4329

matthewmayer opened this issue Jan 26, 2022 · 1 comment
Labels
Priority 1 high priority issue Release 8.x work is associated with a specific npm 8 release

Comments

@matthewmayer
Copy link

npm update --save in [email protected] works differently to npm update in npm@6 when specifying an exact version

For example if you run npm install --save-exact [email protected]

Then your package.json will look like this:

"cron": "1.8.0"

if you then run on npm@6
npm update

nothing is changed

but if you then run on [email protected]

npm update --save

package.json is updated to

"cron": "^1.8.0"

and then if you run npm update --save again package.json is updated to

"cron": "^1.8.2"

This is doubly confusing as my pinned version is lost AND I get a different behavior if I run npm update twice

Originally posted by @matthewmayer in #2704 (comment)
@ruyadorno ruyadorno added Priority 1 high priority issue Release 8.x work is associated with a specific npm 8 release labels Jan 26, 2022
@ruyadorno
Copy link
Contributor

ruyadorno commented Jan 26, 2022
edited
Loading

thanks for the report @matthewmayer that's def unintended behavior!

I can easily reproduce it with a minimal example:

$ npm i --save-exact [email protected]
$ cat package.json
{
  "name": "test-save-exact",
  "version": "1.0.0",
  "dependencies": {
    "abbrev": "1.0.9"
  }
}

$ npm up --save
$ cat package.json
{
  "name": "test-save-exact",
  "version": "1.0.0",
  "dependencies": {
    "abbrev": "^1.0.9"
  }
}

$ npm up --save
$ cat package.json
{
  "name": "test-save-exact",
  "version": "1.0.0",
  "dependencies": {
    "abbrev": "^1.1.1"
  }
}

ruyadorno added a commit to ruyadorno/cli that referenced this issue Jan 27, 2022
@ruyadorno
fix(arborist): update save exact
f3d72e6 
When updating dependencies skip any unchanged node so that we avoid
overwriting existent specs, such as exact version that should not
change between installs.

Fixes: npm#4329
@ruyadorno ruyadorno mentioned this issue Jan 27, 2022
Merged
ruyadorno added a commit to ruyadorno/cli that referenced this issue Jan 27, 2022
@ruyadorno
fix(arborist): update save exact
0a4dc69 
When updating dependencies we need an extra check when filtering nodes
to be updated that ensures we do not override semver ranges that are
pointing to an exact version. e.g: =1.0.0, 1.0.0

Fixes: npm#4329
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority 1 high priority issue Release 8.x work is associated with a specific npm 8 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matthewmayer @ruyadorno