Yarn upgrade modifying package.json tag dependency

[tomasAlabes]

Do you want to request a feature or report a bug?
Bug
What is the current behavior?
yarn upgrade changes the package.json's dependencies with versions defined as tags.

If the current behavior is a bug, please provide the steps to reproduce.

Having a package.json with:

"dependencies": {
   "myDep": "next"
}

After running yarn, yarn.lock -> myDep@1.0.0-next.0
If I ran yarn upgrade, everything stays the same, good.

Then:
npm publish myDep@1.0.0-next.1 --tag=next

yarn upgrade

My package.json is now:

"dependencies": {
   "myDep": "1.0.0-next.1"
}

This time yarn upgrade changes my package.json to a specific version.
What is the expected behavior?
I would expect the package.json to still reference to next and the yarn.lock to change to 1.0.0-next.1. If not, then next yarn upgrade will leave the version as 1.0.0-next.1 again.
I'm looking for a way to update the yarn.lock based on the latest version of a tagged dependency.

Please mention your node.js, yarn and operating system version.
Node 8.6.0
Yarn 1.1.0
Mac 10.12.6

[rally25rs]

NPM 5.5 does the same thing (replaces the tag on upgrade).

$ npm -v
5.5.1

$ cat package.json
{
  ...,
  "dependencies": {
    "grunt": "rc1"
  }
}

$ npm i
npm WARN yarn-test@1.0.0 No description
npm WARN yarn-test@1.0.0 No repository field.

added 85 packages in 1.579s

$ cat package.json
{
  ...,
  "dependencies": {
    "grunt": "rc1"
  }
}

$ npm upgrade grunt
npm WARN yarn-test@1.0.0 No description
npm WARN yarn-test@1.0.0 No repository field.

+ grunt@1.0.0-rc1
added 85 packages in 1.234s

$ cat package.json
{
  ...,
  "dependencies": {
    "grunt": "^1.0.0-rc1"
  }
}

Although that does feel "wrong" to me too...
However unless there is some big reason to not do what NPM does, I think we should consider this behavior to be "correct" in terms of compatibility with NPM.

@yarnpkg/core thoughts on this one? bug, or as designed?

[tomasAlabes]

Hey @rally25rs, thank you for taking the time looking at this issue.
I ended up defining the dependency as:

"myDep": ">= 1.0.0-next <1.0.0"

So that yarn gets the latest next version as "wanted" and yarn upgrade doesn't change the package.json. It's not as nice or clear as just "next" but it does the job...
I would gladly roll it back if you change the behavior in yarn though 😄

[rally25rs]

@tomasAlabes Glad you got a workaround. Do you mind if we close this issue then?

[tomasAlabes]

It's up to you, if you feel it's better to mirror what npm does then it's ok, if you feel it's better not to modify the package.json then I'll be happy to roll back my change. We preferred yarn instead of npm-cli because it did things in a better way, but it's really a yarn team executive decision 🐈

[rally25rs]

Going to close this for now since it mimics NPM's behavior. We can revisit it later if needed.

[sambernet]

I'm afraid that is not the whole story.

At least when documenting the CLI behavior it looks like the behavior seen here is (even if it mimics npm behavior) not what was intended. The current documentation for yarn upgrade specifically states at the time of writing:

[package@tag] : When a specified package contains a tag then the specified tag will be upgraded to. Tag names are chosen by project maintainers, typically you use this command to install an experimental or long term support release of an actively developed package. The tag you choose will be the version that appears in your package.json file.

which I understand as exactly what @tomasAlabes and /me expect.

I think the workflow we are after is probably one of the pristine reasons why npm update exists. It updates the local package according to the version the wanted tag points to, but does not change the package.json. As yarn does not have an update operation, mimicking NPM's behavior on upgrade here actually breaks a workflow that is otherwise possible with NPM 😢

We'll see what the NPM community thinks about that matter on their end, thanks @tomasAlabes for sticking to that 👍

[Otobelikethee]

#7626