Regression: Pinning dependencies behaves differently than npm. #3775
Description
Do you want to request a feature or report a bug?
Bug (regression)
What is the current behavior?
This is a regression of #681: "Pinning a package to an exact version in package.json does not also pin it for dependencies, even if the pinned version satisfied the range."
If the current behavior is a bug, please provide the steps to reproduce.
I've pinned left-pad@1.1.1 and color-parse@1.2.0, which itself depends on left-pad@^1.1.1:
"dependencies": {
"color-parse": "1.2.0",
"left-pad": "1.1.1"
}npm@5.0.4 and yarn@0.24.6 both use the pinned version left-pad@1.1.1, whereas yarn@0.27.3 installs the latest left-pad@1.1.3 for color-parse, and leaves the pinned version left-pad@1.1.1 in the root.
npm v5.0.4:
├─┬ color-parse@1.2.0
│ ├── color-name@1.1.2
│ ├── is-plain-obj@1.1.0
│ └── left-pad@1.1.1 deduped
└── left-pad@1.1.1
yarn v0.24.6:
├─ color-name@1.1.2
├─ color-parse@1.2.0
│ ├─ color-name@^1.0.0
│ ├─ is-plain-obj@^1.1.0
│ └─ left-pad@^1.1.1
├─ is-plain-obj@1.1.0
└─ left-pad@1.1.1
yarn v0.27.3:
├─ color-name@1.1.2
├─ color-parse@1.2.0
│ ├─ color-name@^1.0.0
│ ├─ is-plain-obj@^1.1.0
│ ├─ left-pad@^1.1.1
│ └─ left-pad@1.1.3
├─ is-plain-obj@1.1.0
└─ left-pad@1.1.1
What is the expected behavior?
As stated in #681: "I would expect that because a stricter definition of a root-level dependency satisfies the sub-dependency's version, it is used instead."
Please mention your node.js, yarn and operating system version.
Node 6.10.3, OSX 10.12.5, yarn 0.27.3