From c4fc03e9eb3a6386e8feacb67c19f0a1578dfe38 Mon Sep 17 00:00:00 2001 From: Ruy Adorno Date: Fri, 28 May 2021 14:44:27 -0400 Subject: [PATCH] @npmcli/arborist@2.6.1 --- node_modules/@npmcli/arborist/lib/diff.js | 20 +++++++++++++++++-- .../@npmcli/arborist/lib/shrinkwrap.js | 7 ++++++- node_modules/@npmcli/arborist/package.json | 2 +- package-lock.json | 14 ++++++------- package.json | 2 +- 5 files changed, 33 insertions(+), 12 deletions(-) diff --git a/node_modules/@npmcli/arborist/lib/diff.js b/node_modules/@npmcli/arborist/lib/diff.js index 842996ba4866..dac7c81f8ecf 100644 --- a/node_modules/@npmcli/arborist/lib/diff.js +++ b/node_modules/@npmcli/arborist/lib/diff.js @@ -110,16 +110,32 @@ const getAction = ({actual, ideal}) => { if (ideal.isRoot && actual.isRoot) return null + // if the versions don't match, it's a change no matter what + if (ideal.version !== actual.version) + return 'CHANGE' + const binsExist = ideal.binPaths.every((path) => existsSync(path)) // top nodes, links, and git deps won't have integrity, but do have resolved - if (!ideal.integrity && !actual.integrity && ideal.resolved === actual.resolved && binsExist) + // if neither node has integrity, the bins exist, and either (a) neither + // node has a resolved value or (b) they both do and match, then we can + // leave this one alone since we already know the versions match due to + // the condition above. The "neither has resolved" case (a) cannot be + // treated as a 'mark CHANGE and refetch', because shrinkwraps, bundles, + // and link deps may lack this information, and we don't want to try to + // go to the registry for something that isn't there. + const noIntegrity = !ideal.integrity && !actual.integrity + const noResolved = !ideal.resolved && !actual.resolved + const resolvedMatch = ideal.resolved && ideal.resolved === actual.resolved + if (noIntegrity && binsExist && (resolvedMatch || noResolved)) return null // otherwise, verify that it's the same bits // note that if ideal has integrity, and resolved doesn't, we treat // that as a 'change', so that it gets re-fetched and locked down. - if (!ideal.integrity || !actual.integrity || !ssri.parse(ideal.integrity).match(actual.integrity) || !binsExist) + const integrityMismatch = !ideal.integrity || !actual.integrity || + !ssri.parse(ideal.integrity).match(actual.integrity) + if (integrityMismatch || !binsExist) return 'CHANGE' return null diff --git a/node_modules/@npmcli/arborist/lib/shrinkwrap.js b/node_modules/@npmcli/arborist/lib/shrinkwrap.js index cff9f09633df..0a19ef93005a 100644 --- a/node_modules/@npmcli/arborist/lib/shrinkwrap.js +++ b/node_modules/@npmcli/arborist/lib/shrinkwrap.js @@ -714,6 +714,7 @@ class Shrinkwrap { resolved, integrity, hasShrinkwrap, + version, } = this.get(node.path) const pathFixed = !resolved ? null @@ -727,8 +728,12 @@ class Shrinkwrap { node.resolved === pathFixed const integrityOk = !integrity || !node.integrity || node.integrity === integrity + const versionOk = !version || !node.version || version === node.version - if ((resolved || integrity) && resolvedOk && integrityOk) { + const allOk = (resolved || integrity || version) && + resolvedOk && integrityOk && versionOk + + if (allOk) { node.resolved = node.resolved || pathFixed || null node.integrity = node.integrity || integrity || null node.hasShrinkwrap = node.hasShrinkwrap || hasShrinkwrap || false diff --git a/node_modules/@npmcli/arborist/package.json b/node_modules/@npmcli/arborist/package.json index 8500eaadf675..8aaa8ecdb7a4 100644 --- a/node_modules/@npmcli/arborist/package.json +++ b/node_modules/@npmcli/arborist/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/arborist", - "version": "2.6.0", + "version": "2.6.1", "description": "Manage node_modules trees", "dependencies": { "@npmcli/installed-package-contents": "^1.0.7", diff --git a/package-lock.json b/package-lock.json index 3e3f6a7db04c..bc8ac92f69e8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -78,7 +78,7 @@ ], "license": "Artistic-2.0", "dependencies": { - "@npmcli/arborist": "^2.6.0", + "@npmcli/arborist": "^2.6.1", "@npmcli/ci-detect": "^1.2.0", "@npmcli/config": "^2.2.0", "@npmcli/run-script": "^1.8.5", @@ -712,9 +712,9 @@ } }, "node_modules/@npmcli/arborist": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.6.0.tgz", - "integrity": "sha512-6njRVuPMgGRvQUmsXwGdp1ItZtJuSdt5ouoQe4AeFTTZoMufKWLeXFDOlWj7qbMAzqw+guNEAZwBiwm04J7T2g==", + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.6.1.tgz", + "integrity": "sha512-OOlntFIOAo7RplEQaYXlA5U5NXE+EwZtnTCsit4Wtme5+llGiea6GBytuV8dOzdPMPlNx3fQQjBUE9E8k76yjQ==", "inBundle": true, "dependencies": { "@npmcli/installed-package-contents": "^1.0.7", @@ -10811,9 +10811,9 @@ "dev": true }, "@npmcli/arborist": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.6.0.tgz", - "integrity": "sha512-6njRVuPMgGRvQUmsXwGdp1ItZtJuSdt5ouoQe4AeFTTZoMufKWLeXFDOlWj7qbMAzqw+guNEAZwBiwm04J7T2g==", + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.6.1.tgz", + "integrity": "sha512-OOlntFIOAo7RplEQaYXlA5U5NXE+EwZtnTCsit4Wtme5+llGiea6GBytuV8dOzdPMPlNx3fQQjBUE9E8k76yjQ==", "requires": { "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/map-workspaces": "^1.0.2", diff --git a/package.json b/package.json index 60637d605515..d0b40812141a 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "./package.json": "./package.json" }, "dependencies": { - "@npmcli/arborist": "^2.6.0", + "@npmcli/arborist": "^2.6.1", "@npmcli/ci-detect": "^1.2.0", "@npmcli/config": "^2.2.0", "@npmcli/run-script": "^1.8.5",