fix(npm): augment constraints less aggressively (#19850)

f34d395f · Rhys Arkins · GitHub · b4d1ad8e · f34d395f · f34d395f
Unverified Commit f34d395f authored 2 years ago by Rhys Arkins Committed by GitHub 2 years ago
--- a/lib/modules/manager/npm/extract/locked-versions.spec.ts
+++ b/lib/modules/manager/npm/extract/locked-versions.spec.ts
@@ -344,6 +344,39 @@ describe('modules/manager/npm/extract/locked-versions', () => {
      ]);
    });

+    it('skips augmenting v2 lock file constraint', async () => {
+      npm.getNpmLock.mockReturnValue({
+        lockedVersions: { a: '1.0.0', b: '2.0.0', c: '3.0.0' },
+        lockfileVersion: 2,
+      });
+      const packageFiles = [
+        {
+          npmLock: 'package-lock.json',
+          constraints: {
+            npm: '>=9.0.0',
+          },
+          deps: [
+            { depName: 'a', currentValue: '1.0.0' },
+            { depName: 'b', currentValue: '2.0.0' },
+          ],
+        },
+      ];
+      await getLockedVersions(packageFiles);
+      expect(packageFiles).toEqual([
+        {
+          constraints: {
+            npm: '>=9.0.0',
+          },
+          deps: [
+            { currentValue: '1.0.0', depName: 'a', lockedVersion: '1.0.0' },
+            { currentValue: '2.0.0', depName: 'b', lockedVersion: '2.0.0' },
+          ],
+          lockFiles: ['package-lock.json'],
+          npmLock: 'package-lock.json',
+        },
+      ]);
+    });
+
    it('appends <7 to npm constraints', async () => {
      npm.getNpmLock.mockReturnValue({
        lockedVersions: {
@@ -385,6 +418,47 @@ describe('modules/manager/npm/extract/locked-versions', () => {
      ]);
    });

+    it('skips appending <7 to npm constraints', async () => {
+      npm.getNpmLock.mockReturnValue({
+        lockedVersions: {
+          a: '1.0.0',
+          b: '2.0.0',
+          c: '3.0.0',
+        },
+        lockfileVersion: 1,
+      });
+      const packageFiles = [
+        {
+          npmLock: 'package-lock.json',
+          constraints: {
+            npm: '^8.0.0',
+          },
+          deps: [
+            {
+              depName: 'a',
+              currentValue: '1.0.0',
+            },
+            {
+              depName: 'b',
+              currentValue: '2.0.0',
+            },
+          ],
+        },
+      ];
+      await getLockedVersions(packageFiles);
+      expect(packageFiles).toEqual([
+        {
+          constraints: { npm: '^8.0.0' },
+          deps: [
+            { currentValue: '1.0.0', depName: 'a', lockedVersion: '1.0.0' },
+            { currentValue: '2.0.0', depName: 'b', lockedVersion: '2.0.0' },
+          ],
+          lockFiles: ['package-lock.json'],
+          npmLock: 'package-lock.json',
+        },
+      ]);
+    });
+
    it('ignores pnpm', async () => {
      const packageFiles = [
        {

--- a/lib/modules/manager/npm/extract/locked-versions.ts
+++ b/lib/modules/manager/npm/extract/locked-versions.ts
@@ -60,7 +60,7 @@ export async function getLockedVersions(
      if (lockfileVersion === 1) {
        if (packageFile.constraints?.npm) {
          // Add a <7 constraint if it's not already a fixed version
-          if (!semver.valid(packageFile.constraints.npm)) {
+          if (semver.satisfies('6.14.18', packageFile.constraints.npm)) {
            packageFile.constraints.npm += ' <7';
          }
        } else {
@@ -68,8 +68,8 @@ export async function getLockedVersions(
        }
      } else if (lockfileVersion === 2) {
        if (packageFile.constraints?.npm) {
-          // Add a <9 constraint if it's not already a fixed version
-          if (!semver.valid(packageFile.constraints.npm)) {
+          // Add a <9 constraint if the latest 8.x is compatible
+          if (semver.satisfies('8.19.3', packageFile.constraints.npm)) {
            packageFile.constraints.npm += ' <9';
          }
        } else {