[BUG] npm 9 does not handle workspace versioning done outside of `npm version`

[rxmarbles]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

Currently a lerna monorepo that is using npm < 9 workspaces under the hood running

npx lerna version patch

would resolve as expected w/ bumping the versions of the packages. However running the same sequence generates this below

Expected Behavior

Once the above commands are run it should continue with lerna's process of bumping the package version and pushing of git tags

Steps To Reproduce

1. Clone this repo https://github.com/rxmarbles/lerna-lockfile-v3-bug-repro
2. Run npm install
3. Run npx lerna version patch
4. It should generate the issue
   

Environment

• npm: 9.2.
• Node.js: 18.12.1
• OS Name:
• System Model Name: Macbook Pro
• npm config:

; "user" config from /Users/rmarkins/.npmrc

//registry.npmjs.org/:_authToken = (protected) 

; "cli" config from command line options

location = "project" 

; node bin location = /Users/rmarkins/Library/Application Support/fnm/node-versions/v18.12.1/installation/bin/node
; node version = v18.12.1
; npm local prefix = /Users/rmarkins/Projects/personal/lerna-lockfile-v3-bug-repro
; npm version = 9.2.0
; cwd = /Users/rmarkins/Projects/personal/lerna-lockfile-v3-bug-repro
; HOME = /Users/rmarkins
; Run `npm config ls -l` to show all defaults.

[lukekarrys]

This is no longer reproducible by default in npm@9.4.2 due to reverting install-links back to false (ref: #6142).

But it is still a bug and I was able to write a failing test (ref: #6150) to isolate this behavior.

The gist is that npm install --package-only-only fails when dependent workspaces have had their ranges bumped in their parent package.json but not the package-lock.json. But only when --install-links=true.

Keeping this open since we will still want to track and fix this behavior even though install-links=true is no longer the default.