Skip to content

Fix pnpm v9 parsing #1532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ryanlink wants to merge 14 commits into from
Closed

Fix pnpm v9 parsing #1532

ryanlink wants to merge 14 commits into from

Conversation

@ryanlink
Copy link
Contributor

@ryanlink ryanlink commented Apr 14, 2025

Overview

Provide an overview of this change. Describe the intent of this change, and how it implements that intent.

Example: This PR accomplishes X by doing Y.

Acceptance criteria

If this PR is successful, what impact does it have on the user experience?

Example: When users do X, Y should now happen.

Testing plan

How did you validate that this PR works? What literal steps did you take when manually checking that your code works?

Example:

  1. Set up test case X.
  2. Run command Y. Make sure Z happens.

This section should list concrete steps that a reviewer can sanity check and repeat on their own machine (and provide any needed test cases).

Risks

Highlight any areas that you're unsure of, want feedback on, or want reviewers to pay particular attention to.

Example: I'm not sure I did X correctly, can reviewers please double-check that for me?

Metrics

Is this change something that can or should be tracked? If so, can we do it today? And how? If its easy, do it

References

Add links to any referenced GitHub issues, Zendesk tickets, Jira tickets, Slack threads, etc.

Example:

Checklist

  • I added tests for this PR's change (or explained in the PR description why tests don't make sense).
  • If this PR introduced a user-visible change, I added documentation into docs/.
  • If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
  • If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an ## Unreleased section at the top.
  • If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
  • If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

ryanlink added 14 commits April 10, 2025 23:16
@ryanlink
[ANE-2235] Fix PNPM v9 lockfile parsing issues with package names and…
42e3c30 
… versions
@ryanlink
[ANE-2235] Fix PNPM v9 lockfile parsing issues and address linter war…
edc15ef 
…nings
@ryanlink
[ANE-2235] Fix fourmolu formatting issues
49568d2
@ryanlink
[ANE-2235] Fix remaining linter warnings in PnpmLock.hs
b63a92c
@ryanlink
[ANE-2235] Fix fourmolu formatting issues and unused variable warning
b93fcf1
@ryanlink
[ANE-2235] fix: update PnpmLockSpec.hs to fix test failures
e8d9005
@ryanlink
[ANE-2235] fix: update PnpmLockSpec.hs - remove unused imports, repla…
50ed98b 
…ce unsafe head, fix formatting
@ryanlink
[ANE-2235] Fix hlint warnings in PnpmLockSpec.hs by replacing error/u…
67fd875 
…ndefined with invalidDependency
@ryanlink
[ANE-2235] Fix pnpm v9 test dependencies
93378a4
@ryanlink
[ANE-2235] fix: remove unused imports and fix name shadowing in PnpmL…
4bb883b 
…ockSpec
@ryanlink
[ANE-2235] fix: update v9 lockfile test to expect correct dependencies
3e8f994
@ryanlink
[ANE-2235] Remove unused imports, fix name shadowing, keep test cases…
151f292 
… for both real-world pnpm repo and test dependencies lockfiles
@ryanlink
[ANE-2235] Fix pnpm v9 lockfile parsing and test expectations, remove…
bef9315 
… unused imports, fix name shadowing warnings, update v6 lockfile test to expect correct dependencies, fixed formatting
@ryanlink
[ANE-2235] Add support for Pnpm lockfile v9 and improve dependency re…
8724b2e 
…solution

Key changes:

- Added support for Pnpm lockfile v9 format, replacing PnpmLockGt6 with PnpmLockGt9

- Added Catalog and CatalogEntry types to handle new catalog-based version resolution

- Enhanced package key parsing with parseV9PackageKey to handle multiple formats:

  - ': ' format for direct dependencies

  - '@' format for package entries

  - '/' format for legacy entries

- Improved version handling with cleanupVersion to properly handle:

  - Peer dependencies in parentheses

  - Multiple @ symbols in version strings

  - Link prefixes and colon suffixes

- Added buildV9Graph function for v9+ lockfiles with:

  - Catalog-based version resolution

  - Proper handling of direct and deep dependencies

  - Support for peer dependencies

- Enhanced dependency resolution with new helper functions:

  - resolveDepFromImporter

  - resolveDepFromPackage

  - resolveDependency

  - resolveVersionFromCatalog

- Maintained backward compatibility for v5 and v6 lockfiles
@csasarak
Copy link
Contributor

csasarak commented Jun 26, 2025

If this PR is no longer in progress please close it and delete the branches.

@ryanlink ryanlink closed this Jun 27, 2025
@ryanlink ryanlink deleted the fix-pnpm-v9-parsing branch June 30, 2025 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ryanlink @csasarak