After some investigation, I still can't understand why this is happening:
I have a package.json file and a yarn.lock commited in my repo. If I checkout my main branch and run:
yarn install
I would expect the dependencies from yarn.lock to be installed (making my local installation consistent with others).
But for some reason, after running the install command, my yarn.lock file is changing to this:
I don't have the md5 dependency in my package.json, but when I run npm ls md5, I can see that this is used as a internal dependency in 2 of my packages:
Why is my yarn.lock updating the md5 dependency when nothing changed in the package.json?
