turbo
a038409e - fix: Prevent peerDependencies from overwriting concrete dependency specifiers (#12004)

Commit

92 days ago

fix: Prevent peerDependencies from overwriting concrete dependency specifiers (#12004) ## Summary Fixes #12002 - When a workspace package lists the same dependency in both `devDependencies` (or `dependencies`) and `peerDependencies`, the peer's broad specifier (e.g. `"*"`) would overwrite the concrete specifier (e.g. `"^11.0.0"`) in the external dependency map. This caused `turbo prune` to omit the package resolution from the pruned lockfile, breaking `pnpm install --frozen-lockfile`. - Switches `BTreeMap::insert` to `BTreeMap::entry().or_insert_with()` so the first-encountered specifier from dev/optional/regular dependencies is preserved and not clobbered by a later peerDependency entry. ## How to test 1. Use the new `pnpm-peer-dev-overlap` lockfile test fixture: ``` cd lockfile-tests npx tsx check-lockfiles.ts --fixture pnpm-peer-dev-overlap --turbo-path ../target/debug/turbo ``` 2. Or manually reproduce the original issue: ``` git clone https://github.com/kevva/turbo-prune-pnpm cd turbo-prune-pnpm && pnpm install turbo prune app-a --docker cd out/json && pnpm install --frozen-lockfile # should succeed ```

References

#12004 - fix: Prevent peerDependencies from overwriting concrete dependency specifiers

Author

anthonyshew

Parents

282407a4

turbo a038409e - fix: Prevent peerDependencies from overwriting concrete dependency specifiers (#12004)

turbo
a038409e - fix: Prevent peerDependencies from overwriting concrete dependency specifiers (#12004)