-
Notifications
You must be signed in to change notification settings - Fork 995
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yarn.lock as generated by Dependabot is not optimal #243
Comments
Thanks for the feedback @StephanBijzitter. I'm not sure there's an easy way to fix this on Dependabot's side - we lean heavily on Yarn's internals for lockfile generation, and if Yarn doesn't behave perfectly (as it hasn't above) then there's not a lot we can do. There's an issue open on the yarn repo, but it hasn't had as much love as I'd like. There's also |
Alright, that issue indeed seems to be exactly what I saw in one of our(/dependabot's) PRs. Hopefully they'll be able to resolve it soon. As for this issue, I'll leave it to you to close it if wanted, I've got my answer :-) |
👍 . I'm going to close but add a personal TODO to look into creating a |
@greysteil happy to help with that PR |
FYI, this made it into Dependabot a few weeks ago - we now de-dup the |
This is part of a pull request created by Dependabot, and while this installs perfectly fine, I would expect `doctrine@^2.0.0, doctrine@^2.0.2:` to change into `doctrine@^2.0.0, doctrine@^2.1.0:`, so that only 2.1.0 is installed, instead of the current 2.0.2 and 2.1.0
doctrine is a dependency of eslint, that updated from 4.15.0 to 4.16.0
The text was updated successfully, but these errors were encountered: