Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(npm): augment constraints less aggressively #19850

Merged
merged 1 commit into from
Jan 15, 2023
+77 −3
Merged

fix(npm): augment constraints less aggressively #19850

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
74 changes: 74 additions & 0 deletions lib/modules/manager/npm/extract/locked-versions.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,39 @@ describe('modules/manager/npm/extract/locked-versions', () => {
]);
});

it('skips augmenting v2 lock file constraint', async () => {
npm.getNpmLock.mockReturnValue({
lockedVersions: { a: '1.0.0', b: '2.0.0', c: '3.0.0' },
lockfileVersion: 2,
});
const packageFiles = [
{
npmLock: 'package-lock.json',
constraints: {
npm: '>=9.0.0',
},
deps: [
{ depName: 'a', currentValue: '1.0.0' },
{ depName: 'b', currentValue: '2.0.0' },
],
},
];
await getLockedVersions(packageFiles);
expect(packageFiles).toEqual([
{
constraints: {
npm: '>=9.0.0',
},
deps: [
{ currentValue: '1.0.0', depName: 'a', lockedVersion: '1.0.0' },
{ currentValue: '2.0.0', depName: 'b', lockedVersion: '2.0.0' },
],
lockFiles: ['package-lock.json'],
npmLock: 'package-lock.json',
},
]);
});

it('appends <7 to npm constraints', async () => {
npm.getNpmLock.mockReturnValue({
lockedVersions: {
Expand Down Expand Up @@ -385,6 +418,47 @@ describe('modules/manager/npm/extract/locked-versions', () => {
]);
});

it('skips appending <7 to npm constraints', async () => {
npm.getNpmLock.mockReturnValue({
lockedVersions: {
a: '1.0.0',
b: '2.0.0',
c: '3.0.0',
},
lockfileVersion: 1,
});
const packageFiles = [
{
npmLock: 'package-lock.json',
constraints: {
npm: '^8.0.0',
},
deps: [
{
depName: 'a',
currentValue: '1.0.0',
},
{
depName: 'b',
currentValue: '2.0.0',
},
],
},
];
await getLockedVersions(packageFiles);
expect(packageFiles).toEqual([
{
constraints: { npm: '^8.0.0' },
deps: [
{ currentValue: '1.0.0', depName: 'a', lockedVersion: '1.0.0' },
{ currentValue: '2.0.0', depName: 'b', lockedVersion: '2.0.0' },
],
lockFiles: ['package-lock.json'],
npmLock: 'package-lock.json',
},
]);
});

it('ignores pnpm', async () => {
const packageFiles = [
{
Expand Down
6 changes: 3 additions & 3 deletions lib/modules/manager/npm/extract/locked-versions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,16 +60,16 @@ export async function getLockedVersions(
if (lockfileVersion === 1) {
if (packageFile.constraints?.npm) {
// Add a <7 constraint if it's not already a fixed version
if (!semver.valid(packageFile.constraints.npm)) {
if (semver.satisfies('6.14.18', packageFile.constraints.npm)) {
rarkins marked this conversation as resolved.
Show resolved Hide resolved
packageFile.constraints.npm += ' <7';
}
} else {
packageFile.constraints!.npm = '<7';
}
} else if (lockfileVersion === 2) {
if (packageFile.constraints?.npm) {
// Add a <9 constraint if it's not already a fixed version
if (!semver.valid(packageFile.constraints.npm)) {
// Add a <9 constraint if the latest 8.x is compatible
if (semver.satisfies('8.19.3', packageFile.constraints.npm)) {
packageFile.constraints.npm += ' <9';
}
} else {
Expand Down