Skip to content

Commit

Permalink
Guard against invalid peerDependencies semver range (#1467).
Browse files Browse the repository at this point in the history
  • Loading branch information
raineorshine committed Oct 28, 2024
1 parent 3ab8125 commit 1b3185c
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 4 deletions.
12 changes: 10 additions & 2 deletions src/lib/getIgnoredUpgradesDueToPeerDeps.ts
Original file line number Diff line number Diff line change
Expand Up @@ -47,14 +47,22 @@ export async function getIgnoredUpgradesDueToPeerDeps(
latestVersionResults[pkgName]?.version &&
!satisfies(latestVersionResults[pkgName].version!, peers[pkgName]),
)
.reduce((accumReason, [peerPkg, peers]) => ({ ...accumReason, [peerPkg]: peers[pkgName] }), {} as Index<string>)
.reduce(
(accumReason, [peerPkg, peers]) => ({
...accumReason,
[peerPkg]: !validRange(peers[pkgName])
? `a range that semver does not understand: ${peers[pkgName]}. This range does not work with semver.satisfies or semver.intersects, which npm-check-updates relies on to determine peer dependency compatibility. Either this is a mistake in ${peerPkg}, or it relies on a new syntax that is not compatible with the semver package.`
: peers[pkgName],
}),
{} as Index<string>,
)
if (Object.keys(reason).length === 0) {
const peersOfPkg = upgradedPeerDependenciesLatest?.[pkgName] || {}
reason = Object.entries(peersOfPkg)
.filter(
([peer, peerSpec]) =>
upgradedPackagesWithPeerRestriction[peer] &&
!intersects(upgradedPackagesWithPeerRestriction[peer], peerSpec),
!(!validRange(peerSpec) || intersects(upgradedPackagesWithPeerRestriction[peer], peerSpec)),
)
.reduce(
(accumReason, [peerPkg, peerSpec]) => ({ ...accumReason, [pkgName]: `${peerPkg} ${peerSpec}` }),
Expand Down
6 changes: 4 additions & 2 deletions src/lib/upgradePackageDefinitions.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { dequal } from 'dequal'
import { intersects, satisfies } from 'semver'
import { intersects, satisfies, validRange } from 'semver'
import { parse, parseRange } from 'semver-utils'
import { Index } from '../types/IndexType'
import { Options } from '../types/Options'
Expand Down Expand Up @@ -36,7 +36,9 @@ const checkIfInPeerViolation = (
}
return Object.entries(peerDeps).every(
([peer, peerSpec]) =>
upgradedDependencies[peer] === undefined || intersects(upgradedDependencies[peer], peerSpec),
upgradedDependencies[peer] === undefined ||
!validRange(peerSpec) ||
intersects(upgradedDependencies[peer], peerSpec),
)
})
const violated =
Expand Down

0 comments on commit 1b3185c

Please sign in to comment.