From 5f4c8dce56ab4039a74cdfec71e19829df2f6bc9 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Mon, 1 Mar 2021 15:35:13 +0100
Subject: [PATCH] fix(npm): run npm after transitive remediation
---
lib/manager/npm/post-update/index.ts | 10 +++++++++-
.../npm/update/locked-dependency/index.spec.ts | 17 ++++++++---------
2 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/lib/manager/npm/post-update/index.ts b/lib/manager/npm/post-update/index.ts
index 03ffbc6c8e..79f3199e52 100644
--- a/lib/manager/npm/post-update/index.ts
+++ b/lib/manager/npm/post-update/index.ts
@@ -45,7 +45,7 @@ export function determineLockFileDirs(
const lernaDirs = [];
for (const upgrade of config.upgrades) {
- if (upgrade.updateType === 'lockFileMaintenance') {
+ if (upgrade.updateType === 'lockFileMaintenance' || upgrade.isRemediation) {
// Return every directory that contains a lockfile
if (upgrade.lernaDir && upgrade.npmLock) {
lernaDirs.push(upgrade.lernaDir);
@@ -235,6 +235,14 @@ export async function writeUpdatedPackageFiles(
return;
}
for (const packageFile of config.updatedPackageFiles) {
+ if (packageFile.name.endsWith('package-lock.json')) {
+ logger.debug(`Writing package-lock file: ${packageFile.name}`);
+ await outputFile(
+ upath.join(config.localDir, packageFile.name),
+ packageFile.contents
+ );
+ continue; // eslint-disable-line
+ }
if (!packageFile.name.endsWith('package.json')) {
continue; // eslint-disable-line
}
diff --git a/lib/manager/npm/update/locked-dependency/index.spec.ts b/lib/manager/npm/update/locked-dependency/index.spec.ts
index e6ba59c400..61c01306fd 100644
--- a/lib/manager/npm/update/locked-dependency/index.spec.ts
+++ b/lib/manager/npm/update/locked-dependency/index.spec.ts
@@ -104,7 +104,9 @@ describe(getName(__filename), () => {
currentVersion: '1.2.11',
newVersion: '1.2.12',
});
- expect(res['package-lock.json']).toContain('"mime":{"version":"1.2.12"');
+ expect(
+ JSON.parse(res['package-lock.json']).dependencies.mime.version
+ ).toEqual('1.2.12');
});
it('fails to remediate if parent dep cannot support', async () => {
const acceptsModified = clone(acceptsJson);
@@ -131,9 +133,8 @@ describe(getName(__filename), () => {
config.newVersion = '4.1.0';
const res = await updateLockedDependency(config);
expect(res['package.json']).toContain('"express": "4.1.0"');
- expect(res['package-lock.json']).toContain(
- '"express":{"version":"4.1.0"'
- );
+ const packageLock = JSON.parse(res['package-lock.json']);
+ expect(packageLock.dependencies.express.version).toEqual('4.1.0');
});
it('remediates mime', async () => {
config.depName = 'mime';
@@ -164,11 +165,9 @@ describe(getName(__filename), () => {
.get('/type-is')
.reply(200, typeIsJson);
const res = await updateLockedDependency(config);
- expect(res['package-lock.json']).toContain('"mime":{"version":"1.4.1"');
- expect(res['package-lock.json']).toContain(
- '"express":{"version":"4.16.0"'
- );
- expect(res['package.json']).toContain('"express": "4.16.0"');
+ const packageLock = JSON.parse(res['package-lock.json']);
+ expect(packageLock.dependencies.mime.version).toEqual('1.4.1');
+ expect(packageLock.dependencies.express.version).toEqual('4.16.0');
});
});
});
--
GitLab