Skip to content

Commit

Permalink
fix(arborist): update save exact
Browse files Browse the repository at this point in the history
When updating dependencies we need an extra check when filtering nodes
to be updated that ensures we do not override semver ranges that are
pointing to an exact version. e.g: =1.0.0, 1.0.0

Fixes: #4329
  • Loading branch information
ruyadorno committed Jan 27, 2022
1 parent 8558527 commit 0a4dc69
Show file tree
Hide file tree
Showing 6 changed files with 145 additions and 0 deletions.
18 changes: 18 additions & 0 deletions workspaces/arborist/lib/arborist/reify.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ const pacote = require('pacote')
const AuditReport = require('../audit-report.js')
const { subset, intersects } = require('semver')
const npa = require('npm-package-arg')
const semver = require('semver')
const debug = require('../debug.js')
const walkUp = require('walk-up-path')

Expand Down Expand Up @@ -1273,6 +1274,21 @@ module.exports = cls => class Reifier extends cls {
}
}

// Returns true if any of the edges from this node has a semver
// range definition that is an exact match to the version installed
// e.g: should return true if for a given an installed version 1.0.0,
// range is either =1.0.0 or 1.0.0
const exactVersion = node => {
for (const edge of node.edgesIn) {
try {
if (semver.subset(edge.spec, node.version)) {
return false
}
} catch {}
}
return true
}

// helper that retrieves an array of nodes that were
// potentially updated during the reify process, in order
// to limit the number of nodes to check and update, only
Expand All @@ -1284,6 +1300,8 @@ module.exports = cls => class Reifier extends cls {
const filterDirectDependencies = node =>
!node.isRoot && node.resolveParent.isRoot
&& (!names || names.includes(node.name))
&& exactVersion(node) // skip update for exact ranges

const directDeps = this.idealTree.inventory
.filter(filterDirectDependencies)

Expand Down
29 changes: 29 additions & 0 deletions workspaces/arborist/test/arborist/reify.js
Original file line number Diff line number Diff line change
Expand Up @@ -2572,5 +2572,34 @@ t.test('save package.json on update', t => {
)
})

t.test('should preserve exact ranges', async t => {
const path = fixture(t, 'update-exact-version')

await reify(path, { update: true, save: true })

t.equal(
require(resolve(path, 'package.json')).dependencies.abbrev,
'1.0.4',
'should save no top level dep update to root package.json'
)
})

t.test('should preserve exact ranges, missing actual tree', async t => {
const path = t.testdir({
'package.json': JSON.stringify({
dependencies: {
abbrev: '1.0.4',
},
}),
})

await reify(path, { update: true, save: true })

t.equal(
require(resolve(path, 'package.json')).dependencies.abbrev,
'1.0.4',
'should save no top level dep update to root package.json'
)
})
t.end()
})
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
// generated from test/fixtures/update-exact-version
module.exports = t => {
const path = t.testdir({
"node_modules": {
"abbrev": {
"package.json": JSON.stringify({
"name": "abbrev",
"version": "1.0.4",
"description": "Like ruby's abbrev module, but in js",
"author": "Isaac Z. Schlueter <i@izs.me>",
"main": "./lib/abbrev.js",
"scripts": {
"test": "node lib/abbrev.js"
},
"repository": "http://github.com/isaacs/abbrev-js",
"license": {
"type": "MIT",
"url": "https://github.com/isaacs/abbrev-js/raw/master/LICENSE"
}
})
}
},
"package-lock.json": JSON.stringify({
"name": "update-exact-version",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"dependencies": {
"abbrev": "1.0.4"
}
},
"node_modules/abbrev": {
"version": "1.0.4",
"resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.0.4.tgz",
"integrity": "sha1-vVWuXkE7oXIu5Mq6H26hBBSlns0="
}
},
"dependencies": {
"abbrev": {
"version": "1.0.4",
"resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.0.4.tgz",
"integrity": "sha1-vVWuXkE7oXIu5Mq6H26hBBSlns0="
}
}
}),
"package.json": JSON.stringify({
"dependencies": {
"abbrev": "1.0.4"
}
})
})
return path
}

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"dependencies": {
"abbrev": "1.0.4"
}
}

0 comments on commit 0a4dc69

Please sign in to comment.