Fixes incorrect entries in lockfiles

Fixes #2629.
If lockfile pattern does not match a version it will be ignored and re-resolved

Author: bestander

__tests__/commands/install/lockfiles.js

@@ -288,3 +288,18 @@ test.concurrent('install should rewrite lockfile if patterns can be merged', ():
     expect(lockContent).not.toContain('https://fakepath.wont.download.com/mime-db/-/mime-db-1.0.0.tgz');
   });
 });
+
+test.concurrent('install should fix if lockfile patterns don\'t match resolved version', (): Promise<void> => {
+  const fixture = 'lockfile-fixed';
+
+  return runInstall({}, fixture, async (config, reporter) => {
+    const lockContent = await fs.readFile(
+      path.join(config.cwd, 'yarn.lock'),
+    );
+    expect(lockContent).not.toContain('mime-db-1.24.0.tgz');
+    expect(lockContent).toContain('mime-db-1.23.0.tgz');
+    expect(lockContent).not.toContain('left-pad-1.1.3.tgz');
+    expect(lockContent).toContain('left-pad-1.1.2.tgz');
+
+  });
+});

__tests__/fixtures/install/lockfile-fixed/package.json

@@ -0,0 +1,6 @@
+{
+  "dependencies": {
+    "left-pad": ">=1.0.0 <1.1.3",
+    "mime-db": "1.23.0"
+  }
+}

__tests__/fixtures/install/lockfile-fixed/yarn.lock

@@ -0,0 +1,11 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+"left-pad@>=1.0.0 <1.1.3":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/left-pad/-/left-pad-1.1.3.tgz#612f61c033f3a9e08e939f1caebeea41b6f3199a"
+
+[email protected]:
+  version "1.24.0"
+  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.24.0.tgz#e2d13f939f0016c6e4e9ad25a8652f126c467f0c"

src/lockfile/wrapper.js

@@ -122,6 +122,14 @@ export default class Lockfile {
     return undefined;
   }
 
+  removePattern(pattern: string) {
+    const cache = this.cache;
+    if (!cache) {
+      return;
+    }
+    delete cache[pattern];
+  }
+
   getLockfile(patterns: {
     [packagePattern: string]: Manifest
   }): Object {

src/package-resolver.js

@@ -438,15 +438,19 @@ export default class PackageResolver {
     if (!lockfileEntry) {
       this.newPatterns.push(req.pattern);
     } else {
-      const {range} = PackageRequest.normalizePattern(req.pattern);
-      // TODO anything about exotic?
+      const {range, hasVersion} = PackageRequest.normalizePattern(req.pattern);
       // lockfileEntry is incorrect, remove it from lockfile cache and consider the pattern as new
-      if (!PackageRequest.getExoticResolver(range) && !semver.satisfies(lockfileEntry.version, range)) {
-        // TODO print warning about incorrect lockfile entry for pattern
+      if (
+        semver.validRange(range) &&
+        semver.valid(lockfileEntry.version) &&
+        !semver.satisfies(lockfileEntry.version, range) &&
+        !PackageRequest.getExoticResolver(range) &&
+        hasVersion
+      ) {
+        this.reporter.warn(this.reporter.lang('incorrectLockfileEntry', req.pattern));
         this.removePattern(req.pattern);
         this.newPatterns.push(req.pattern);
-        // TODO encapsulate in lockfile
-        delete this.lockfile.cache[req.pattern];
+        this.lockfile.removePattern(req.pattern);
       }
     }
 

src/reporters/lang/en.js

@@ -94,6 +94,7 @@ const messages = {
   frozenLockfileError: 'Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.',
   fileWriteError: 'Could not write file $0: $1',
   multiplePackagesCantUnpackInSameDestination: 'Pattern $0 is trying to unpack in the same destination $1 as pattern $2. This could result in a non deterministic behavior, skipping.',
+  incorrectLockfileEntry: 'Lockfile has incorrect entry for $0. Ingoring it.',
 
   yarnOutdated: "Your current version of Yarn is out of date. The latest version is $0 while you're on $1.",
   yarnOutdatedInstaller: 'To upgrade, download the latest installer at $0.',