diff --git a/lib/manager/npm/update/locked-dependency/__fixtures__/package-lock.v2.json b/lib/manager/npm/update/locked-dependency/__fixtures__/package-lock.v2.json
deleted file mode 100644
index d816dd4979d9c76f71828a4dbc02f635e7da78d2..0000000000000000000000000000000000000000
--- a/lib/manager/npm/update/locked-dependency/__fixtures__/package-lock.v2.json
+++ /dev/null
@@ -1,352 +0,0 @@
-{
- "name": "npm50",
- "lockfileVersion": 2,
- "requires": true,
- "packages": {
- "": {
- "dependencies": {
- "express": "4.0.0"
- }
- },
- "node_modules/accepts": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.0.0.tgz",
- "integrity": "sha1-NgTHZVhsO5z3h3tpN829RYf5R9w=",
- "dependencies": {
- "mime": "~1.2.11",
- "negotiator": "~0.3.0"
- }
- },
- "node_modules/buffer-crc32": {
- "version": "0.2.1",
- "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.1.tgz",
- "integrity": "sha1-vj5TgvwCttYySVasGvmKqYsIU0w=",
- "engines": {
- "node": "*"
- }
- },
- "node_modules/cookie": {
- "version": "0.1.0",
- "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.1.0.tgz",
- "integrity": "sha1-kOtGndzpBchm3mh+/EMTHYgB+dA=",
- "engines": {
- "node": "*"
- }
- },
- "node_modules/cookie-signature": {
- "version": "1.0.3",
- "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.3.tgz",
- "integrity": "sha1-kc2ZfMUftkFZVzjGnNoCAyj1D/k="
- },
- "node_modules/debug": {
- "version": "0.8.1",
- "resolved": "https://registry.npmjs.org/debug/-/debug-0.8.1.tgz",
- "integrity": "sha1-IP9NJvXkIstoobrLu2EDmtjBwTA=",
- "engines": {
- "node": "*"
- }
- },
- "node_modules/escape-html": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.1.tgz",
- "integrity": "sha1-GBoobq05ejmpKFfPsdQwUuNWv/A="
- },
- "node_modules/express": {
- "version": "4.0.0",
- "resolved": "https://registry.npmjs.org/express/-/express-4.0.0.tgz",
- "integrity": "sha1-J03IKTPJ9XTMOKDOXqgXK+nGsJQ=",
- "dependencies": {
- "accepts": "1.0.0",
- "buffer-crc32": "0.2.1",
- "cookie": "0.1.0",
- "cookie-signature": "1.0.3",
- "debug": ">= 0.7.3 < 1",
- "escape-html": "1.0.1",
- "fresh": "0.2.2",
- "merge-descriptors": "0.0.2",
- "methods": "0.1.0",
- "parseurl": "1.0.1",
- "path-to-regexp": "0.1.2",
- "qs": "0.6.6",
- "range-parser": "1.0.0",
- "send": "0.2.0",
- "serve-static": "1.0.1",
- "type-is": "1.0.0",
- "utils-merge": "1.0.0"
- },
- "engines": {
- "node": ">= 0.8.0"
- }
- },
- "node_modules/fresh": {
- "version": "0.2.2",
- "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.2.2.tgz",
- "integrity": "sha1-lzHc9WeMf660T7kDxPct9VGH+nc="
- },
- "node_modules/merge-descriptors": {
- "version": "0.0.2",
- "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-0.0.2.tgz",
- "integrity": "sha1-w2pSp4FDdRPFcnXzndnTF1FKyMc="
- },
- "node_modules/methods": {
- "version": "0.1.0",
- "resolved": "https://registry.npmjs.org/methods/-/methods-0.1.0.tgz",
- "integrity": "sha1-M11Cnu/SG3us8unJIqjSvRSjDk8="
- },
- "node_modules/mime": {
- "version": "1.2.11",
- "resolved": "https://registry.npmjs.org/mime/-/mime-1.2.11.tgz",
- "integrity": "sha1-WCA+7Ybjpe8XrtK32evUfwpg3RA="
- },
- "node_modules/negotiator": {
- "version": "0.3.0",
- "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.3.0.tgz",
- "integrity": "sha1-cG1pLv7d9XTVfqn7GriaT6fuj2A=",
- "engines": {
- "node": "*"
- }
- },
- "node_modules/parseurl": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.0.1.tgz",
- "integrity": "sha1-Llfc5u/dN8NRhwEDCUTCK/OIt7Q="
- },
- "node_modules/path-to-regexp": {
- "version": "0.1.2",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.2.tgz",
- "integrity": "sha1-mysVH5zDAYye6lDKlXKeBXgXErQ="
- },
- "node_modules/qs": {
- "version": "0.6.6",
- "resolved": "https://registry.npmjs.org/qs/-/qs-0.6.6.tgz",
- "integrity": "sha1-bgFQmP9RlouKPIGQAdXyyJvEsQc=",
- "engines": {
- "node": "*"
- }
- },
- "node_modules/range-parser": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.0.0.tgz",
- "integrity": "sha1-pLJkz+C+XONqvjdlrJwqJIdG28A="
- },
- "node_modules/send": {
- "version": "0.2.0",
- "resolved": "https://registry.npmjs.org/send/-/send-0.2.0.tgz",
- "integrity": "sha1-Bnq/Rc/4v/spy9t0OXJbMjiKLFg=",
- "dependencies": {
- "debug": "*",
- "fresh": "~0.2.1",
- "mime": "~1.2.9",
- "range-parser": "~1.0.0"
- }
- },
- "node_modules/serve-static": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.0.1.tgz",
- "integrity": "sha1-ENy/1Es+ApGhMfyatKslqfWnikI=",
- "dependencies": {
- "send": "0.1.4"
- },
- "engines": {
- "node": ">= 0.8.0"
- }
- },
- "node_modules/serve-static/node_modules/fresh": {
- "version": "0.2.0",
- "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.2.0.tgz",
- "integrity": "sha1-v9lALPPfEsSkwxDHn5mj3eE9NKc="
- },
- "node_modules/serve-static/node_modules/range-parser": {
- "version": "0.0.4",
- "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-0.0.4.tgz",
- "integrity": "sha1-wEJ//vUcEKy6B4KkbJYC50T/Ygs="
- },
- "node_modules/serve-static/node_modules/send": {
- "version": "0.1.4",
- "resolved": "https://registry.npmjs.org/send/-/send-0.1.4.tgz",
- "integrity": "sha1-vnDY0b4B3mGCGvE3gLUDRaT3Gr0=",
- "dependencies": {
- "debug": "*",
- "fresh": "0.2.0",
- "mime": "~1.2.9",
- "range-parser": "0.0.4"
- }
- },
- "node_modules/type-is": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.0.0.tgz",
- "integrity": "sha1-T/Qk6XNJoe4ZELS/xIhZXs3EQ/w=",
- "dependencies": {
- "mime": "~1.2.11"
- }
- },
- "node_modules/utils-merge": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.0.tgz",
- "integrity": "sha1-ApT7kiu5N1FTVBxPcJYjHyh8ivg=",
- "engines": {
- "node": ">= 0.4.0"
- }
- }
- },
- "dependencies": {
- "accepts": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.0.0.tgz",
- "integrity": "sha1-NgTHZVhsO5z3h3tpN829RYf5R9w=",
- "requires": {
- "mime": "~1.2.11",
- "negotiator": "~0.3.0"
- }
- },
- "buffer-crc32": {
- "version": "0.2.1",
- "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.1.tgz",
- "integrity": "sha1-vj5TgvwCttYySVasGvmKqYsIU0w="
- },
- "cookie": {
- "version": "0.1.0",
- "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.1.0.tgz",
- "integrity": "sha1-kOtGndzpBchm3mh+/EMTHYgB+dA="
- },
- "cookie-signature": {
- "version": "1.0.3",
- "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.3.tgz",
- "integrity": "sha1-kc2ZfMUftkFZVzjGnNoCAyj1D/k="
- },
- "debug": {
- "version": "0.8.1",
- "resolved": "https://registry.npmjs.org/debug/-/debug-0.8.1.tgz",
- "integrity": "sha1-IP9NJvXkIstoobrLu2EDmtjBwTA="
- },
- "escape-html": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.1.tgz",
- "integrity": "sha1-GBoobq05ejmpKFfPsdQwUuNWv/A="
- },
- "express": {
- "version": "4.0.0",
- "resolved": "https://registry.npmjs.org/express/-/express-4.0.0.tgz",
- "integrity": "sha1-J03IKTPJ9XTMOKDOXqgXK+nGsJQ=",
- "requires": {
- "accepts": "1.0.0",
- "buffer-crc32": "0.2.1",
- "cookie": "0.1.0",
- "cookie-signature": "1.0.3",
- "debug": ">= 0.7.3 < 1",
- "escape-html": "1.0.1",
- "fresh": "0.2.2",
- "merge-descriptors": "0.0.2",
- "methods": "0.1.0",
- "parseurl": "1.0.1",
- "path-to-regexp": "0.1.2",
- "qs": "0.6.6",
- "range-parser": "1.0.0",
- "send": "0.2.0",
- "serve-static": "1.0.1",
- "type-is": "1.0.0",
- "utils-merge": "1.0.0"
- }
- },
- "fresh": {
- "version": "0.2.2",
- "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.2.2.tgz",
- "integrity": "sha1-lzHc9WeMf660T7kDxPct9VGH+nc="
- },
- "merge-descriptors": {
- "version": "0.0.2",
- "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-0.0.2.tgz",
- "integrity": "sha1-w2pSp4FDdRPFcnXzndnTF1FKyMc="
- },
- "methods": {
- "version": "0.1.0",
- "resolved": "https://registry.npmjs.org/methods/-/methods-0.1.0.tgz",
- "integrity": "sha1-M11Cnu/SG3us8unJIqjSvRSjDk8="
- },
- "mime": {
- "version": "1.2.11",
- "resolved": "https://registry.npmjs.org/mime/-/mime-1.2.11.tgz",
- "integrity": "sha1-WCA+7Ybjpe8XrtK32evUfwpg3RA="
- },
- "negotiator": {
- "version": "0.3.0",
- "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.3.0.tgz",
- "integrity": "sha1-cG1pLv7d9XTVfqn7GriaT6fuj2A="
- },
- "parseurl": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.0.1.tgz",
- "integrity": "sha1-Llfc5u/dN8NRhwEDCUTCK/OIt7Q="
- },
- "path-to-regexp": {
- "version": "0.1.2",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.2.tgz",
- "integrity": "sha1-mysVH5zDAYye6lDKlXKeBXgXErQ="
- },
- "qs": {
- "version": "0.6.6",
- "resolved": "https://registry.npmjs.org/qs/-/qs-0.6.6.tgz",
- "integrity": "sha1-bgFQmP9RlouKPIGQAdXyyJvEsQc="
- },
- "range-parser": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.0.0.tgz",
- "integrity": "sha1-pLJkz+C+XONqvjdlrJwqJIdG28A="
- },
- "send": {
- "version": "0.2.0",
- "resolved": "https://registry.npmjs.org/send/-/send-0.2.0.tgz",
- "integrity": "sha1-Bnq/Rc/4v/spy9t0OXJbMjiKLFg=",
- "requires": {
- "debug": "*",
- "fresh": "~0.2.1",
- "mime": "~1.2.9",
- "range-parser": "~1.0.0"
- }
- },
- "serve-static": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.0.1.tgz",
- "integrity": "sha1-ENy/1Es+ApGhMfyatKslqfWnikI=",
- "requires": {
- "send": "0.1.4"
- },
- "dependencies": {
- "fresh": {
- "version": "0.2.0",
- "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.2.0.tgz",
- "integrity": "sha1-v9lALPPfEsSkwxDHn5mj3eE9NKc="
- },
- "range-parser": {
- "version": "0.0.4",
- "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-0.0.4.tgz",
- "integrity": "sha1-wEJ//vUcEKy6B4KkbJYC50T/Ygs="
- },
- "send": {
- "version": "0.1.4",
- "resolved": "https://registry.npmjs.org/send/-/send-0.1.4.tgz",
- "integrity": "sha1-vnDY0b4B3mGCGvE3gLUDRaT3Gr0=",
- "requires": {
- "debug": "*",
- "fresh": "0.2.0",
- "mime": "~1.2.9",
- "range-parser": "0.0.4"
- }
- }
- }
- },
- "type-is": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.0.0.tgz",
- "integrity": "sha1-T/Qk6XNJoe4ZELS/xIhZXs3EQ/w=",
- "requires": {
- "mime": "~1.2.11"
- }
- },
- "utils-merge": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.0.tgz",
- "integrity": "sha1-ApT7kiu5N1FTVBxPcJYjHyh8ivg="
- }
- }
-}
diff --git a/lib/manager/npm/update/locked-dependency/index.spec.ts b/lib/manager/npm/update/locked-dependency/index.spec.ts
index 76b65e9a4e5fa38e36da22327d4549a236d94610..b5cff2f0e15a15fab4e7c7fd735987b42d3ab127 100644
--- a/lib/manager/npm/update/locked-dependency/index.spec.ts
+++ b/lib/manager/npm/update/locked-dependency/index.spec.ts
@@ -14,10 +14,6 @@ const lockFileContent = readFileSync(
resolve(__dirname, './__fixtures__/package-lock.json'),
'utf8'
);
-const lockFileV2Content = readFileSync(
- resolve(__dirname, './__fixtures__/package-lock.v2.json'),
- 'utf8'
-);
const acceptsJson = JSON.parse(
readFileSync(resolve(__dirname, './__fixtures__/accepts.json'), 'utf8')
@@ -79,6 +75,14 @@ describe(getName(__filename), () => {
await updateLockedDependency({ ...config, lockFileContent: 'not json' })
).toBeNull();
});
+ it('rejects lockFileVersion 2', async () => {
+ expect(
+ await updateLockedDependency({
+ ...config,
+ lockFileContent: lockFileContent.replace(': 1,', ': 2,'),
+ })
+ ).toBeNull();
+ });
it('returns null if no locked deps', async () => {
expect(await updateLockedDependency(config)).toBeNull();
});
@@ -104,18 +108,6 @@ describe(getName(__filename), () => {
JSON.parse(res['package-lock.json']).dependencies.mime.version
).toEqual('1.2.12');
});
- it('remediates v2 in-range', async () => {
- const res = await updateLockedDependency({
- ...config,
- lockFileContent: lockFileV2Content,
- depName: 'mime',
- currentVersion: '1.2.11',
- newVersion: '1.2.12',
- });
- expect(
- JSON.parse(res['package-lock.json']).dependencies.mime.version
- ).toEqual('1.2.12');
- });
it('fails to remediate if parent dep cannot support', async () => {
const acceptsModified = clone(acceptsJson);
acceptsModified.versions['2.0.0'] = {};
@@ -144,18 +136,6 @@ describe(getName(__filename), () => {
const packageLock = JSON.parse(res['package-lock.json']);
expect(packageLock.dependencies.express.version).toEqual('4.1.0');
});
- it('remediates v2 express', async () => {
- config.depName = 'express';
- config.currentVersion = '4.0.0';
- config.newVersion = '4.1.0';
- const res = await updateLockedDependency({
- ...config,
- lockFileContent: lockFileV2Content,
- });
- expect(res['package.json']).toContain('"express": "4.1.0"');
- const packageLock = JSON.parse(res['package-lock.json']);
- expect(packageLock.dependencies.express.version).toEqual('4.1.0');
- });
it('remediates mime', async () => {
config.depName = 'mime';
config.currentVersion = '1.2.11';
diff --git a/lib/manager/npm/update/locked-dependency/index.ts b/lib/manager/npm/update/locked-dependency/index.ts
index cb17c5cda6169aa0b95d3887bae110160dc37f0b..3560879e5acd4a01108c8b7fe5eac6a2de507997 100644
--- a/lib/manager/npm/update/locked-dependency/index.ts
+++ b/lib/manager/npm/update/locked-dependency/index.ts
@@ -54,6 +54,10 @@ export async function updateLockedDependency(
logger.warn({ err }, 'Failed to parse files');
return null;
}
+ if (packageLockJson.lockfileVersion === 2) {
+ logger.debug('Only lockfileVersion 1 is supported');
+ return null;
+ }
const lockedDeps = getLockedDependencies(
packageLockJson,
depName,
diff --git a/lib/workers/repository/init/vulnerability.ts b/lib/workers/repository/init/vulnerability.ts
index 482b12dd3ccb886b21ffaa395f41f5a5c77e168b..c4e5940d1f2dc5717b4f6bfa2070602157e70d4e 100644
--- a/lib/workers/repository/init/vulnerability.ts
+++ b/lib/workers/repository/init/vulnerability.ts
@@ -217,10 +217,7 @@ export async function detectVulnerabilityAlerts(
}
}
}
- logger.debug(
- { alertPackageRules, remediations: config.remediations },
- 'alert package rules'
- );
+ logger.debug({ alertPackageRules }, 'alert package rules');
config.packageRules = (config.packageRules || []).concat(alertPackageRules);
return config;
}