--frozen-lockfile fails

[BorntraegerMarc]

Do you want to request a feature or report a bug?

bug

What is the current behavior?
I have the following package.json:

{
    "flat": true,
    "dependencies": {
        "some-dep-using-lodash": "V1"
        "some-other-dep-using-lodash": "V1"
    },
    "resolutions": {
        "lodash": "4.17.4",
}

When I run yarn it generates the following yarn.lock:

lodash@3.9.3, lodash@4.16.2, lodash@4.17.4, lodash@^3.0.0, lodash@^3.0.1, lodash@^3.10.1, lodash@^3.8.0, lodash@^4.0.0, lodash@^4.11.1, lodash@^4.14.0, lodash@^4.16.6, lodash@^4.17.2, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.3.0, lodash@^4.5.0, lodash@^4.8.0, lodash@~4.17.4:
  version "4.17.4"
  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz#78203a4d1c328ae1d86dca6460e369b57f4055ae"

But then when our CI runs yarn --frozen-lockfile we get the output:

D:\projects\komed-health-web>yarn --frozen-lockfile
yarn install v1.0.2
[1/4] Resolving packages...
warning Lockfile has incorrect entry for "lodash@^3.8.0". Ignoring it.
warning Lockfile has incorrect entry for "lodash@^3.10.1". Ignoring it.
warning Lockfile has incorrect entry for "lodash@^3.0.0". Ignoring it.
warning Lockfile has incorrect entry for "lodash@4.16.2". Ignoring it.
warning Lockfile has incorrect entry for "lodash@^3.0.1". Ignoring it.
warning Lockfile has incorrect entry for "lodash@3.9.3". Ignoring it.

error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

If the current behavior is a bug, please provide the steps to reproduce.

run yarn once to generate lock file and then yarn --frozen-lockfile
What is the expected behavior?
I'm not sure if it is a bug. First of all: What do the warning messages mean?
But my guess is if you have warnings then yarn --frozen-lockfile should not fail, right?

I'm 100% sure the dependencies are the same when running yarn and yarn --frozen-lockfile. I ran them 10 sec after each other.

Please mention your node.js, yarn and operating system version.
Node: v6.9.1
yarn: 1.0.2
Windows + Linux

[BYK]

This looks like --frozen-lockfile not taking resolutions into account (and possibly flat: true) too. This shouldn't be too hard to fix (but has the potential to be).

Anyone willing to give it a shot?

[BorntraegerMarc]

I get the exactly same error without --frozen-lockfile. So probably flat: true is the problem

[BYK]

@BorntraegerMarc then it is flat: true not taking resolutions into account for some reason.

[BYK]

Can you edit the issue title to reflect the refined scope?

[BorntraegerMarc]

Hmmm i don't think the issue is only with flat: true. because if I run only yarn without --frozen-lockfile then the install at least succeeds (although the warnings still persists). Only when running --frozen-lockfile the whole install fails with the error above. error Your lockfile needs to be updated, but yarn was run with --frozen-lockfile.

[BorntraegerMarc]

@BYK Is there an update on this issue? It's blocking us at the moment...

[BYK]

@BorntraegerMarc not yet sorry. I've merged #4488 today which may help. Would you like to give nightlies a try: https://yarnpkg.com/en/docs/nightly

[BorntraegerMarc]

@BYK doesn't seem to work with nightlies:

D:\projects\komed-health-web>yarn --frozen-lockfile
yarn install v1.1.0-20170922.1940
[1/4] Resolving packages...
warning Lockfile has incorrect entry for "minimist@0.0.8". Ignoring it.
warning Lockfile has incorrect entry for "minimist@~0.0.1". Ignoring it.

error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

[BorntraegerMarc]

@BYK still not working with latest... Do you know something more?

[BorntraegerMarc]

Could somebody remove the "needs-investigation" label? I think the issue is quite clear/proven and just needs to be fixed...

[rally25rs]

I just tried to reproduce this with v1.0.2 and v1.2.1. Both give me the 'incorrect entry' warnings, but neither fails with a need to update the lockfile. This might have something to do with some exact pair of dependencies? I tried these:

{
    "flat": true,
    "dependencies": {
        "eslint": "4.8.0",
        "jshint": "2.9.5"
    },
    "resolutions": {
        "lodash": "4.17.4",
        "chalk": "2.1.0",
        "strip-ansi": "4.0.0",
        "strip-json-comments": "2.0.1",
        "ansi-styles": "3.2.0",
        "supports-color": "4.4.0",
        "ansi-regex": "3.0.0",
        "readable-stream": "2.3.3",
        "isarray": "1.0.0",
        "string_decoder": "1.0.3",
        "acorn": "5.1.2",
        "domelementtype": "1.3.0",
        "entities": "1.0.0"
    }
}

which have a whole bunch of conflicting libraries that needed resolutions.

Yarn v1.0.2

$ yarn install --frozen-lockfile
yarn install v1.0.2
warning package.json: No license field
warning No license field
[1/4] 🔍  Resolving packages...
warning Lockfile has incorrect entry for "chalk@^1.1.3". Ignoring it.
warning Lockfile has incorrect entry for "acorn@^3.0.4". Ignoring it.
warning Lockfile has incorrect entry for "ansi-styles@^2.2.1". Ignoring it.
warning Lockfile has incorrect entry for "strip-ansi@^3.0.0". Ignoring it.
warning Lockfile has incorrect entry for "supports-color@^2.0.0". Ignoring it.
warning Lockfile has incorrect entry for "ansi-regex@^2.0.0". Ignoring it.
warning Lockfile has incorrect entry for "lodash@3.7.x". Ignoring it.
warning Lockfile has incorrect entry for "strip-json-comments@1.0.x". Ignoring it.
warning Lockfile has incorrect entry for "readable-stream@1.1". Ignoring it.
warning Lockfile has incorrect entry for "domelementtype@~1.1.1". Ignoring it.
warning Lockfile has incorrect entry for "entities@~1.1.1". Ignoring it.
warning Lockfile has incorrect entry for "isarray@0.0.1". Ignoring it.
warning Lockfile has incorrect entry for "string_decoder@~0.10.x". Ignoring it.
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
warning "ajv-keywords@2.1.0" has incorrect peer dependency "ajv@>=5.0.0".
[4/4] 📃  Building fresh packages...
✨  Done in 1.94s.

Yarn v1.2.1

$ yarn install --frozen-lockfile
yarn install v1.2.1
warning package.json: No license field
warning No license field
[1/4] 🔍  Resolving packages...
warning Lockfile has incorrect entry for "chalk@^1.1.3". Ignoring it.
warning Lockfile has incorrect entry for "acorn@^3.0.4". Ignoring it.
warning Lockfile has incorrect entry for "ansi-styles@^2.2.1". Ignoring it.
warning Lockfile has incorrect entry for "strip-ansi@^3.0.0". Ignoring it.
warning Lockfile has incorrect entry for "supports-color@^2.0.0". Ignoring it.
warning Lockfile has incorrect entry for "ansi-regex@^2.0.0". Ignoring it.
warning Lockfile has incorrect entry for "lodash@3.7.x". Ignoring it.
warning Lockfile has incorrect entry for "strip-json-comments@1.0.x". Ignoring it.
warning Lockfile has incorrect entry for "readable-stream@1.1". Ignoring it.
warning Lockfile has incorrect entry for "domelementtype@~1.1.1". Ignoring it.
warning Lockfile has incorrect entry for "entities@~1.1.1". Ignoring it.
warning Lockfile has incorrect entry for "isarray@0.0.1". Ignoring it.
warning Lockfile has incorrect entry for "string_decoder@~0.10.x". Ignoring it.
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
✨  Done in 1.75s.

@BorntraegerMarc would it be possible to be more specific as to what dependencies are failing?

[BorntraegerMarc]

@rally25rs thanks for pointing this out. that was exactly my problem. I specified conflicting versions of core-js & jasmine-core in resolutions. after re-specifying it works again!

Was a tough nut to crack because I had to go through all dependencies and manually deleting one run yarn and then yarn --frozen-lockfile to check if it changes something. Hope this helps somebody 😄

gonna close the issue...