Dedupe acorn-related deps #3
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related to the comment here: facebook#20312 (comment)
Why this happens?
According to my observation Yarn is very cautious when it comes to upgrading transitive dependencies. It tries to actively avoid it. As we know semver bumping is a manual human-driven process and thus it's flawed (but the best that we have) - so I would expect this being at least a partial reason behind this design choice.
If you install package A which depends on B you are already using B, without even knowing about it and everything that you care about is if A works for you. Later on, you might start using B directly and when you install it you get its latest version but Yarn refuses to upgrade the existing B in your dep tree because it poses a risk - A might stop working for you because of some subtle bug/behavioral change.
This is also why projects like
yarn-deduplicateexist and most likely you have a lot of other duplicates that could be "merged" in youryarn.lockbut I've only deduplicatedacorn-related deps here to keep this small and focused.