error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`

Question

I have an issue regarding one dependency in my yarn.lock file. The issue is with ldapjs, the latest version has a bug regarding special characters in user or password so I want to freeze it in the latest working version which is 1.0.2.

As I commited my code to master branch, the step of building this project started to fail saying the message of the title.

Here is my dockerfile

FROM repository/node-oracle:10.15.3

LABEL maintainer="Me"

RUN yarn cache clean

# Add Tini
ENV TINI_VERSION v0.18.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
RUN chmod +x /tini
ENTRYPOINT ["/tini", "--"]

WORKDIR /usr/src/auth

COPY . .

RUN yarn install --frozen-lockfile --non-interactive --silent

ENV PATH /usr/src/auth/node_modules/.bin:$PATH

EXPOSE 3000

CMD ["node", "./bin/www"]

Any work around on how can I make this work?

Also as an extra info, I was able to run the pipeline with this step in a feature branch, the message started in develop and master branch.

[UPDATE]

These are the dependencies updated and freezed in my yarn.lock file

activedirectory@^0.7.2:
  version "0.7.2"
  resolved "https://registry.yarnpkg.com/activedirectory/-/activedirectory-0.7.2.tgz#19286d10c6b24a98cc906dc638256191686fa91f"
  integrity sha1-GShtEMaySpjMkG3GOCVhkWhvqR8=
  dependencies:
    async ">= 0.1.22"
    bunyan ">= 1.3.5"
    **ldapjs "=1.0.2"**
    underscore ">= 1.4.3"

***[email protected]***:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/ldapjs/-/ldapjs-1.0.2.tgz#346e040a95a936e90c47edd6ede5df257dd21ee6"
  integrity sha512-XzF2BEGeM/nenYDAJvkDMYovZ07fIGalrYD+suprSqUWPCWpoa+a4vWl5g8o/En85m6NHWBpirDFNClWLAd77w==
  dependencies:
    asn1 "0.2.1"
    assert-plus "0.1.5"
    bunyan "0.22.1"
    nopt "2.1.1"
    pooling "0.4.6"
  optionalDependencies:
    dtrace-provider "0.2.8"

Answer 1

I was stuck in the same error and the issue was that my yarn.lock file was not up to date. I followed the following link and it fixed my issue.

Apparently, I just had to run yarn install to update my yarn.lock file and push to the repository.

Answer 2

Just an Update. After a few attempts I was finally able to do what i wanted. Removing the ^ from ldap.js and from active directory (which contains the ldap.js library) did the job as expected.