'warning Lockfile has incorrect entry for "[email protected]". Ignoring it

I have inherited an issue with prismjs whereby I have to remove/reinstall it every time I add/upgrade another package.

I have a gocd pipeline validation that fails every time I try to use dependabot to address security vulnerabilities on my repo.


Goes something like this....

dependabot generates pull request

validation fails with error "warning Lockfile has incorrect entry for "[email protected]". Ignoring it"

Pull down master branch > upgrade package manually > remove/install [email protected]

Generate new PR > validation succeeds and everything works fine.

Merge with master

rinse and repeat.


What I am seeing is that I have 2 entries in my yarn.lock for prismjs and removing it only removes the 1.24.0 entry AND, if I leave 1.24.0 removed the validation still fails because it cant find prismjs 1.24.0.

[email protected]:
version "1.24.0"
resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.24.0.tgz#0409c30068a6c52c89ef7f1089b3ca4de56be2ac" integrity sha512-SqV5GRsNqnzCL8k5dfAjCNhUrF3pR0A9lTDSCUZeh/LIshheXJEaP0hwLz2t4XHivd2J/v2HR+gRnigzeKe3cQ==

prismjs@^1.23.0, prismjs@^1.8.4, prismjs@~1.17.0:
version "1.26.0"
resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.26.0.tgz#16881b594828bb6b45296083a8cbab46b0accd47" integrity sha512-HUoH9C5Z3jKkl3UunCyiD5jwk0+Hz0fIgQ2nbwU2Oo/ceuTAQAg+pPVnfdt2TJWRVLcxKh9iuoYDUSc8clb5UQ==


package.json:
"dependencies": {
"comma-separated-tokens": "^1.0.0",
"elliptic": "^6.0.0",
"handlebars": "^4.1.2",
"http-proxy": "^1.17.0",
"https-proxy-agent": "^2.2.1",
"immer": "9.0.6",
"ini": "^1.3.5",
"lodash": "^4.5.1",
"markdown-to-jsx": "^6.9.1",
"merge-deep": "^3.0.2",
"nested-object-assign": "1.0.4",
"parse-headers": "^2.0.0",
"prismjs": "1.24.0",
"space-separated-tokens": "^1.0.0",
"ssri": "^6.0.1",
"tar": "4.4.19",
"tree-kill": "^1.1.0",
"ua-parser-js": "^0.7.9",
"url-parse": "^1.4.3",
"websocket-extensions": ">=0.1.1",
"y18n": "^4.0.0",
"yargs-parser": "^13.1.1"
},
"resolutions": {
"prismjs": "^1.23.0",
"property-expr": "^2.0.3"



I'm relatively new to how this versioning works and like I say I inherited this issue so I don't really have a history besides what I can see in github.

Any help would be greatly appreciated.

package.jsonprismjsdependabotyarn-lock.json


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Git push hangs when pushing to Github?

How do I enable auto-merge on a github pull request via the Rest API

PhpStorm asks each time for a username and password for GitHub

How to generate ssh keys (for github)

Pull new updates from original GitHub repository into forked GitHub repository

Hidden code cells (Jupyter lab) show up on github

Can I embed source files from GitHub on my web page other than Gists?

SSL certificate problem: self signed certificate in certificate chain

Using Github token in my app to auto update? Is it safe

Is there a way to cache https credentials for pushing commits?

Git's famous "ERROR: Permission to .git denied to user"

GitHub API (v3): Order tags by creation date

Deploy individual services from a monorepo using github actions

How to automatically get a certain file(>1MB) from git

How do I use the 'logo' option in shields.io badges?