8

I am using the package "csv-file-validator": "^1.8.0" which comes with 3 dependencies

 famulus "2.1.2"
 lodash "4.17.15"
 papaparse "^5.2.0"

I would like to update/force the version of lodash to be 4.17.20. I found about selective dependency resolution and did the following in my package.json

"resolutions": {
  "csv-file-validator/lodash": "^4.17.20"
}

I removed my yarn.lock, the node_modules folder and ran yarn install once again. However, the lodash version is still 4.17.15

csv-file-validator@^1.8.0:
version "1.8.0"
resolved "https://pkgs.dev.azure.com/RCTechnologies/EMA/_packaging/EMA/npm/registry/csv-file-validator/-/csv-file-validator-1.8.0.tgz#f8b879f533ce8c84b115d0ed2eca8e691249ec22"
integrity sha1-+Lh59TPOjISxFdDtLsqOaRJJ7CI=
dependencies:
  famulus "2.1.2"
  lodash "4.17.15"
  papaparse "^5.2.0"

Is it possible to achieve this? If so did I miss something, and what?

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Léo Coco
  • 4,022
  • 11
  • 52
  • 97

1 Answers1

0

yarn.lock will always show the dependencies declared in that version's package.json. You needed to check lodash's entry instead which should look like

lodash@4.17.15, lodash@^4.17.20, <maybe other version strings>:
version "4.17.20"
...

while without that resolution you'd get

lodash@4.17.15, <maybe other version strings>:
version "4.17.15"
...

Or use yarn why lodash.

Alexey Romanov
  • 167,066
  • 35
  • 309
  • 487