pnpm: `pnpm install --frozen-lockfile` fails with pnpm v9
Verify latest release
- I verified that the issue exists in the latest pnpm release
pnpm version
9.0.0
Which area(s) of pnpm are affected? (leave empty if unsure)
Lockfile
Link to the code that reproduces this issue or a replay of the bug
https://github.com/DimensionDev/Maskbook/pull/11571/files
Reproduction steps
Clone the PR and try an upgrade
Describe the Bug
I upgraded pnpm from 8.7.6 to 9.0.0 and the lockfile is broken (as you can see in the link I mentioned).
One thing you can observe is that: peer dependencies to react are mostly resolved to 18.2.0, not 0.0.0-experimental-8039e6d0b-20231026 as I specified in package.json/pnpm/peerDependencyRules/allowedVersions.
I tried to remove the whole section of allowedVersions and reinstall, then add it back hope it can re-resolve dependencies, but that does not work.
Expected Behavior
Upgrade and keep my peer dependencies version correct
Which Node.js version are you using?
21
Which operating systems have you used?
- macOS
- Windows
- Linux
If your OS is a Linux based, which one it is? (Include the version if relevant)
No response
About this issue
- Original URL
- State: closed
- Created 2 months ago
- Reactions: 4
- Comments: 30 (12 by maintainers)
Commits related to this issue
- fix: frozen lockfile should work with lockfile v6 close #7934 — committed to pnpm/pnpm by zkochan 2 months ago
- fix: frozen lockfile should work with lockfile v6 (#7935) close #7934 — committed to pnpm/pnpm by zkochan 2 months ago
Can confirm and also looking to hear from the team if the lockfile not being backwards compatible was intended:
A question: why is lockfile version 9.0 and not 7.0?
By default
pnpm installfails in CI if it detects that updates should be made to the lockfile. That will be fixed in9.0.1.Not sure what the issue with corepack is
The lockfile version will be the same as the pnpm version where it was introduced.
Also if anyone stumble here in the same case as me - it seems like
turborepopruning fails with the new lockfile format and causes the same error as described here. I’ve opened issue on their side - https://github.com/vercel/turbo/issues/7993Yep, I also mentioned that section of pnpm docks with
packageManagerfield in package.json, bc it solved the issue for us.Nevertheless, I beg my pardon. Doublechecked the pipe logs. The below is not enough:
It proceeds with enabling “pnpm@latest” instead of “pnpm@8.15.5” that’s is expected according to a node v.18 docs.
It’s solely corepack documentation issue, and has nothing to do with
pnpm.Lockfile v6 will work with pnpm v9 but only as readonly (after this fix: https://github.com/pnpm/pnpm/pull/7935). v9 will not make updates in the previous format.
As I said before. This is a breaking change for a reason. We had to change the lockfile format in order to fix some issues with peer dependencies. The fix was too big to port it to v8.
pnpm 9 seems to be incompatible with lockfile v6.0:
pnpm install --frozen-lockfileon a v6 lockfile results in the errorERR_PNPM_FROZEN_LOCKFILE_WITH_OUTDATED_LOCKFILE Cannot perform a frozen installation because the version of the lockfile is incompatible with this version of pnpmpnpm installwith no arguments updates the lockfile to v9, which is incompatible with pnpm 8Is no lockfile version compatible with both pnpm 8 and 9?
The changelog seemed to suggest that Lockfile v6 is supported in pnpm 9, but I can’t get it to work.
Edit: Readonly support for Lockfile v6 as introduced in pnpm 9.0.1 is a good compromise
A temporary solution for me was to get my workflows to install a specific pnpm version rather than the latest version
I am seeing the exact same issue with pnpm v9 and a lock file with version 6. I thought only v5 was dropped?