workspace:* is updated to a specific version when working with pnpm workspace

[YiCChi]

Hi! I'm using release-please in a pnpm workspace based monorepo throuth release-please-action to publish packages to a private registry.
It worked well on v3. But once I updated it to v4 I got an error due to `workspace:*`` was updated to a specific version.
I found that release-please-action bump release-please from 15.3 to 16.3 on v4, and the releated PRs are #2058 and #2117.

According to pnpm's documentation, it dynamically replace any workspace: dependency. So we don't need to update version of deps manually. And it is what v3 did.
Of course, I can keep using v3, but I want to know if there is any other solution.

here is a repo to reproduce. https://github.com/YiCChi/front-monorepo

• PR created by v3. chore: release main YiCChi/front-monorepo#32
• PR created by v4. chore: release main YiCChi/front-monorepo#35

error log

 ERR_PNPM_OUTDATED_LOCKFILE  Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up to date with packages/math/package.json

Note that in CI environments this setting is true by default. If you still need to run install in such cases, use "pnpm install --no-frozen-lockfile"

    Failure reason:
    specifiers in the lockfile ({"@yicchi/is-even":"workspace:*","@yicchi/is-odd":"workspace:*"}) don't match specs in package.json ({"@yicchi/is-odd":"workspace:*","@yicchi/is-even":"0.9.0"})

[alexander-kuznetsov-fnz]

yes, it seems that previously lerna handled logic of "workspace:" versioning, now after moving to internal implementation of graph #2117 the only workspace handler left is that

      if (currentDepVer.startsWith('workspace:')) {
        depUpdates.push(`\n    * ${depName} bumped to ${newVersionString}`);
      } else if (newVersionString !== origDepVer) {
        depUpdates.push(
          `\n    * ${depName} bumped from ${origDepVer} to ${newVersionString}`
        );
        //handle case when "workspace:" version is used

any idea how to fix it? Rolling back to old version is not a great option since setup needs one of the "new" features

upd. for now latest release-please version not affected by that issue is 16.2.0, my current solution is to use local installation of the package and run it in a pipeline. Not as nice as github action, but works.

[chrispcampbell]

Any updates on this issue? We would like to migrate to v4 of release-please-action, which includes a couple fixes from release-please v16 that we've been waiting for, but our project makes use pnpm and workspace:*, so we are stuck in a holding pattern like the original submitter.

[everyx]

Is there any workaround？

[shinebayar-g]

Yarn workspaces are also affected. Release please keeps replacing workspace:^ with hardcoded version. Also it seems Linking peer dependencies doesn't work as explained, it updated the peerDependencies field of my package with the updated workspace version.

Could someone explain how node-workspace plugin + yarn/pnpm's workspace:* protocol should work together? I don't quite understand if I need node-workspace plugin at all.

[niieani]

Submitted a PR with a fix.

[axeen]

Submitted a PR with a fix.

Could this please be released for release-please-action v4 as well? 🙏 It seems to still use 16.10.2