fix(pnpm): locked version extraction logic (#23342)

562b745e · Daniil Samoylov · GitHub · 45062322 · 562b745e · 562b745e
Unverified Commit 562b745e authored 1 year ago by Daniil Samoylov Committed by GitHub 1 year ago
--- a/lib/modules/manager/npm/extract/locked-versions.spec.ts
+++ b/lib/modules/manager/npm/extract/locked-versions.spec.ts
@@ -552,6 +552,145 @@ describe('modules/manager/npm/extract/locked-versions', () => {
    ]);
  });

+  it('uses pnpm-lock in subfolder', async () => {
+    pnpm.getPnpmLock.mockReturnValue({
+      lockedVersionsWithPath: {
+        '.': {
+          dependencies: {
+            a: '1.0.0',
+            b: '2.0.0',
+            c: '3.0.0',
+          },
+        },
+      },
+      lockfileVersion: 6.0,
+    });
+    const packageFiles = [
+      {
+        managerData: {
+          pnpmShrinkwrap: 'subfolder/pnpm-lock.yaml',
+        },
+        extractedConstraints: {
+          pnpm: '>=6.0.0',
+        },
+        deps: [
+          {
+            depName: 'a',
+            depType: 'dependencies',
+            currentValue: '1.0.0',
+          },
+          {
+            depName: 'b',
+            depType: 'dependencies',
+            currentValue: '2.0.0',
+          },
+        ],
+        packageFile: 'subfolder/package.json',
+      },
+    ];
+    await getLockedVersions(packageFiles);
+    expect(packageFiles).toEqual([
+      {
+        extractedConstraints: { pnpm: '>=6.0.0' },
+        deps: [
+          {
+            currentValue: '1.0.0',
+            depName: 'a',
+            lockedVersion: '1.0.0',
+            depType: 'dependencies',
+          },
+          {
+            currentValue: '2.0.0',
+            depName: 'b',
+            lockedVersion: '2.0.0',
+            depType: 'dependencies',
+          },
+        ],
+        lockFiles: ['subfolder/pnpm-lock.yaml'],
+        managerData: { pnpmShrinkwrap: 'subfolder/pnpm-lock.yaml' },
+        packageFile: 'subfolder/package.json',
+      },
+    ]);
+  });
+
+  it('uses pnpm-lock with workspaces', async () => {
+    pnpm.getPnpmLock.mockReturnValue({
+      lockedVersionsWithPath: {
+        'workspace-package': {
+          dependencies: {
+            a: '1.0.0',
+            b: '2.0.0',
+            c: '3.0.0',
+          },
+        },
+      },
+      lockfileVersion: 6.0,
+    });
+    const packageFiles = [
+      {
+        managerData: {
+          pnpmShrinkwrap: 'subfolder/pnpm-lock.yaml',
+        },
+        extractedConstraints: {
+          pnpm: '>=6.0.0',
+        },
+        deps: [],
+        packageFile: 'subfolder/package.json',
+      },
+      {
+        managerData: {
+          pnpmShrinkwrap: 'subfolder/pnpm-lock.yaml',
+        },
+        extractedConstraints: {
+          pnpm: '>=6.0.0',
+        },
+        deps: [
+          {
+            depName: 'a',
+            depType: 'dependencies',
+            currentValue: '1.0.0',
+          },
+          {
+            depName: 'b',
+            depType: 'dependencies',
+            currentValue: '2.0.0',
+          },
+        ],
+        packageFile: 'subfolder/workspace-package/package.json',
+      },
+    ];
+    await getLockedVersions(packageFiles);
+    expect(packageFiles).toEqual([
+      {
+        extractedConstraints: { pnpm: '>=6.0.0' },
+        deps: [],
+        lockFiles: ['subfolder/pnpm-lock.yaml'],
+        managerData: { pnpmShrinkwrap: 'subfolder/pnpm-lock.yaml' },
+        packageFile: 'subfolder/package.json',
+      },
+      {
+        extractedConstraints: { pnpm: '>=6.0.0' },
+        deps: [
+          {
+            currentValue: '1.0.0',
+            depName: 'a',
+            lockedVersion: '1.0.0',
+            depType: 'dependencies',
+          },
+          {
+            currentValue: '2.0.0',
+            depName: 'b',
+            lockedVersion: '2.0.0',
+            depType: 'dependencies',
+          },
+        ],
+        lockFiles: ['subfolder/pnpm-lock.yaml'],
+        managerData: { pnpmShrinkwrap: 'subfolder/pnpm-lock.yaml' },
+        packageFile: 'subfolder/workspace-package/package.json',
+      },
+    ]);
+  });
+
  it('should log warning if unsupported lockfileVersion is found', async () => {
    npm.getNpmLock.mockReturnValue({
      lockedVersions: {},

--- a/lib/modules/manager/npm/extract/locked-versions.ts
+++ b/lib/modules/manager/npm/extract/locked-versions.ts
 import is from '@sindresorhus/is';
 import semver from 'semver';
+import { dirname, relative } from 'upath';
 import { logger } from '../../../../logger';
 import type { PackageFile } from '../../types';
 import type { NpmManagerData } from '../types';
@@ -124,14 +125,15 @@ export async function getLockedVersions(
        lockFileCache[pnpmShrinkwrap] = await getPnpmLock(pnpmShrinkwrap);
      }

-      const parentDir = packageFile.packageFile
-        .replace(/\/package\.json$/, '')
-        .replace(/^package\.json$/, '.');
+      const packageDir = dirname(packageFile.packageFile);
+      const pnpmRootDir = dirname(pnpmShrinkwrap);
+      const relativeDir = relative(pnpmRootDir, packageDir) || '.';
+
      for (const dep of packageFile.deps) {
        const { depName, depType } = dep;
        // TODO: types (#7154)
        const lockedVersion = semver.valid(
-          lockFileCache[pnpmShrinkwrap].lockedVersionsWithPath?.[parentDir]?.[
+          lockFileCache[pnpmShrinkwrap].lockedVersionsWithPath?.[relativeDir]?.[
            depType!
          ]?.[depName!]
        );