-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support nested "resolutions" / "overrides" #6608
Comments
This would be helpful in mitigating findings from security scans, where the immediate dependency may not have the fix, but I know I can safely bump the nested dependency. |
+1 |
+1 Currently "overrides": {
"pdfjs-dist": {
"canvas": "$canvas"
}
} I'm sure many other packages would benefit from nested overrides, especially in cases where there is a dependency that's not yet supported by bun but that has other dependencies that mimic the api but don't depend on node-specific functionality. For others with a similar problem for now I had to:
I added the second command to the "postinstall" script to make it something reproducible. |
+1 warn: Bun currently does not support nested "overrides" |
Is there any work being done on this yet? |
@gerardmarquinarubio as of Bun v1.1.13, you can do this as an alternative to nested overrides for that specific scenario: "overrides": {
"canvas": "npm:@napi-rs/canvas@latest"
} This installs |
I see, totally missed it from the docs:
Didn't cross my mind that "metadependency" refers to dependencies of dependencies, but it totally makes sense. |
The typical term for that is “transitive dependency”, fwiw. |
We're facing difficulties with the latest Next 15 release & bun as a package manager, as most react/next related dependencies still use React 18, there's no current way for us to pin React 19 as a nested resolution. Is it still planned for Q4? |
Same issue on Nestjs app, with |
To add a use case, this is currently a blocker for Ariakit to migrate to Bun as pm and script & dev server runner. It's necessary because Ariakit tests Would love to see this land! |
Would this work for monorepos with the root package.json specifying versions to resolve? |
What version of Bun is running?
1.0.6+969da088f5db3258a803ec186012e30f992829b4
What platform is your computer?
Darwin 23.0.0 arm64 arm
What steps can reproduce the bug?
in package.json add nested resolutions
example from a package.json that failed bun install
What is the expected behavior?
bun install should succeed without errors
What do you see instead?
I see
Additional information
No response
The text was updated successfully, but these errors were encountered: