Bower update of a single package updates all

[euge]

Heya,

I have a component.json file that looks like:

{
  "name": "b",
  "version": "1.0.0",
  "dependencies": {
    "jquery": "1.8.3",
    "demo": "git@github.com:euge/demo.git"
  }
}

When I run bower update demo, I see the following

bower cloning git@github.com:euge/demo.git
bower cloning git://github.com/components/jquery.git
bower cached git@github.com:euge/demo.git
bower fetching demo
bower cached git://github.com/components/jquery.git
bower fetching jquery
bower checking out jquery#1.9.1
bower copying /Users/euge/.bower/cache/jquery/cf68c4c4e7507c8d20fee7b5f26709d9
bower checking out demo#60eef655c0100bc7dfb63acaab6e8d5e4ee0887e
bower copying /Users/euge/.bower/cache/demo/b9a57fca7e6f588769b0b061b1ed5071
bower installing demo#60eef655c0100bc7dfb63acaab6e8d5e4ee0887e
bower installing jquery#1.9.1

But my jQuery dependency is set to 1.8.3, so why would update of demo cause jQuery to bump to 1.9.1?

I'm using bower 0.7.0.

Thanks!

Euge

[yumyo]

happens here too

[danse]

this happened also to me with several kind of configurations. i run bower update <package> but all packages are updated

[necolas]

The update command will update all the packages listed as dependencies to the latest version. So this seems to be behaving as expected, although the docs (inc. the CLI docs) need to be clearer.

[aventuralabs]

I think that this should be reopened as a bug. In many cases, updating all packages can break a site, especially as certain packages may be updated ahead of others. Yet for other packages, an update is warranted.

[satazor]

This no longer happens in 1.0.0.

[aventuralabs]

I most definitely ran into this yesterday with 1.0.0. I'll try to pinpoint what may be different about my configuration. It happened both while installing a new package as well as upgrading an existing one.

[satazor]

@brandoncarl It happens if there's a missing packages (declared in .json but not installed).

[aventuralabs]

Thanks for the tip. I just went through each package/version by hand, and they are installed.

I do have items I placed manually in the directory. Wondering if that triggers something.

I hope to get to the bottom of it, as it really makes Bower unusable if I can't know in advance what it's going to do.

On Thursday, July 25, 2013 at 2:33 PM, André Cruz wrote:

@brandoncarl (https://github.com/brandoncarl) It happens if there's a missing packages (declared in .json but not installed).

—
Reply to this email directly or view it on GitHub (#256 (comment)).

[aventuralabs]

I think I found the problem. I upgraded to Bower 1.0.0. Many of my packages were still using component.json. My guess is that when this happens, all packages are upgraded.

On Friday, July 26, 2013 at 7:09 PM, Brandon Carl wrote:

Thanks for the tip. I just went through each package/version by hand, and they are installed.

I do have items I placed manually in the directory. Wondering if that triggers something.

I hope to get to the bottom of it, as it really makes Bower unusable if I can't know in advance what it's going to do.

On Thursday, July 25, 2013 at 2:33 PM, André Cruz wrote:

@brandoncarl (https://github.com/brandoncarl) It happens if there's a missing packages (declared in .json but not installed).

—
Reply to this email directly or view it on GitHub (#256 (comment)).

[satazor]

@brandoncarl yes it needs to re-install packages installed with older bower versions, but then it should not update everything when you specify a single package.

[aventuralabs]

Thank you Andre for your help

Brandon Carl
Sent with Sparrow (http://www.sparrowmailapp.com/?sig)

On Saturday, July 27, 2013 at 6:43 AM, André Cruz wrote:

@brandoncarl (https://github.com/brandoncarl) yes it needs to re-install packages installed with 0.10.0, but then it should not update everything when you specify a single package.

—
Reply to this email directly or view it on GitHub (#256 (comment)).

[frederickf]

I also recently updated Bower and then updated a single component and noticed that in all packages "bower.json" was replaced with ".bower.json" the difference being the dot at the beginning. Also, components in my app's bower.json with the ~ in the version # were updated in the process. Not saying there is anything wrong with either of those. Just a heads up for anybody else who comes across this.

[necolas]

bower.json probably wasn't replaced, but .bower.json was added. I don't think doing bower update <package> should be updating other packages.

Will reopen this as I think it shouldn't be happening, and I created an issue for a similar experience when using bower install <package>: #924

[satazor]

@necolas bower update jquery will only update jquery unless there are other "not installed" packages. Bower needs to also install the missing packages because it might influence the version of jquery that will be installed/updated.

The same applies to #924.

[necolas]

That only matters when you're installing all the packages.

[trisys3]

This still happens in 1.3.1. I am using bower.json in the root directory instead of component.json. It also updates dev dependencies (though not when using the --production option).

[joecorcoran]

Hitting this issue too in Bower 1.3.3. Running bower update <name> updates all packages, despite the named package having no dependencies. Maybe it would be preferable to remove the name option from the help message if the command doesn't use it?

[dreampulse]

I'm using Bower 1.3.5 and still hit this Problem. @satazor can you reopen this issu

[rayshan]

Can @trisys3 @joecorcoran @dreampulse confirm that 1.3.9 still have this problem?

[bcherny]

Confirming the same issue with bower 1.3.12 on OSX.

@necolas Please re-open this.

[sheerun]

I can confirm

[vikbez]

+1 👍
this is really annoying;
I was in the train, tethered, needed only one package to continue coding but bower failed continuously resolving on some other package for unknown reason.

I wish only one package installation method worked.

bower 1.3.12 on OSX

[sheerun]

Without version locking this feature doesn't make much sense. Please contribute to #1592

[dickeylth]

+1
Why this bug lasts so long?...

[sheerun]

The correct behavior is as @nschloe pointed out:

1. If no arguments are passed to bower update, it updates packages in bower_components that don't match the specs in bower.json (basically bower install, maybe without extra downloads). Also update packages in bower_components that are not listed in bower.json
2. If arguments are passed, limit updated packages.

Failing tests can be added to:
https://github.com/bower/bower/blob/master/test/commands/update.js

[sheerun]

@prappo Why did you close it?

[contolini]

@albertinadx Are you working on this issue? If you're not, let me know, and I'll hack on it later today.

[contolini]

Satisfied by #2070.

[erquhart]

@contolini I'm on bower 1.7.9 and am still experiencing this issue. I run bower update <package>, and an additional package gets updated as well. The additional package is not a direct dependency of the package I'm trying to update.

Is there any known reason why this would be happening?

[erquhart]

Found it: d3eef57

@sheerun it looks like you reverted this fix, but I can't find a reason given anywhere, and the changelog doesn't acknowledge it. Can we re-open this issue to continue the discussion?

Seems to have been removed in response to #2097, but again, the revert isn't called out directly.

[sheerun]

This is true, I had to revert because of #2097

[lmmfranco]

Still happens in 1.8.
I'm having a problem when installing all dependencies at once, so I was trying to install one at a time, but I cannot achieve that because of this issue.

[sheerun]

Now that Bower is not developed anymore, I'll close this issue. The update command never worked very well, and in fact even npm's and yarn's update also suffers from many issues. The solution is to use proper version ranges in bower.json and use bower install instead of bower update.