frozen-lockfile fails in CI environment using the latest pnpm version

[aholtkamp]

Possibly related to #5124 but the problem is not fixed for us. Maybe this is even intended?

pnpm version:

7.9.0

Code to reproduce the issue:

• Have a package.json containing some dependencies and a "publishConfig" -> "directory" entry
• Install pnpm 7.1.5
• Execute: pnpm install
• Upgrade to pnpm 7.9.0
• Execute: pnpm install --frozen-lockfile

Expected behavior:

The installation works. No error or non-zero exit code.

Actual behavior:

Lockfile is up to date, resolution step is skipped
 ERR_PNPM_OUTDATED_LOCKFILE  Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up to date with package.json

Exit Code: 1

Additional information:

• node -v prints: v16.15.0
• Linux

[zkochan]

Do you use auto-install-peers=true?

[aholtkamp]

No, auto-install-peers is not set.

[zkochan]

So the issue is that we added the publishDirectory field to the lockfile. You probably just need to update your lockfile.

[aholtkamp]

Hm...ok. Our CI usually uses the latest PNPM 7.x version. I assume this is then not recommended as the build might suddenly fail? Would you suggest always using a fixed version of pnpm in CI environments?

[zkochan]

It is your choice. I try to not cause such issues but of course pinning the version is the most reliable solution.

[aholtkamp]

Thanks, this issue can be considered solved.

[pitgrap]

Changing the pnpm-lock.yaml format is imho the most breaking change a package manager can do (like the one from 6 to 7). I would expect a 8.x release for that.
It would be nice to not pin the version in CI (because of manually update all references all the time), but expect a stable ci build and lock-file within a major version. @zkochan, please consider this.