deps: @npmcli/arborist@4.0.4

node_modules/@npmcli/arborist/lib/arborist/reify.js

@@ -1173,6 +1173,10 @@ module.exports = cls => class Reifier extends cls {
         }
 
         let newSpec
+        // True if the dependency is getting installed from a local file path
+        // In this case it is not possible to do the normal version comparisons
+        // as the new version will be a file path
+        const isLocalDep = req.type === 'directory' || req.type === 'file'
         if (req.registry) {
           const version = child.version
           const prefixRange = version ? this[_savePrefix] + version : '*'
@@ -1204,7 +1208,7 @@ module.exports = cls => class Reifier extends cls {
           } else {
             newSpec = h.shortcut(opt)
           }
-        } else if (req.type === 'directory' || req.type === 'file') {
+        } else if (isLocalDep) {
           // save the relative path in package.json
           // Normally saveSpec is updated with the proper relative
           // path already, but it's possible to specify a full absolute
@@ -1233,11 +1237,11 @@ module.exports = cls => class Reifier extends cls {
           if (hasSubKey(pkg, 'devDependencies', name)) {
             pkg.devDependencies[name] = newSpec
             // don't update peer or optional if we don't have to
-            if (hasSubKey(pkg, 'peerDependencies', name) && !intersects(newSpec, pkg.peerDependencies[name])) {
+            if (hasSubKey(pkg, 'peerDependencies', name) && (isLocalDep || !intersects(newSpec, pkg.peerDependencies[name]))) {
               pkg.peerDependencies[name] = newSpec
             }
 
-            if (hasSubKey(pkg, 'optionalDependencies', name) && !intersects(newSpec, pkg.optionalDependencies[name])) {
+            if (hasSubKey(pkg, 'optionalDependencies', name) && (isLocalDep || !intersects(newSpec, pkg.optionalDependencies[name]))) {
               pkg.optionalDependencies[name] = newSpec
             }
           } else {

node_modules/@npmcli/arborist/lib/place-dep.js

@@ -407,11 +407,12 @@ class PlaceDep {
       for (const entryEdge of peerEntrySets(edge.from).keys()) {
         // either this one needs to be pruned and re-evaluated, or marked
         // as peerConflicted and warned about.  If the entryEdge comes in from
-        // the root, then we have to leave it alone, and in that case, it
-        // will have already warned or crashed by getting to this point.
+        // the root or a workspace, then we have to leave it alone, and in that
+        // case, it will have already warned or crashed by getting to this point
         const entryNode = entryEdge.to
         const deepestTarget = deepestNestingTarget(entryNode)
-        if (deepestTarget !== target && !entryEdge.from.isRoot) {
+        if (deepestTarget !== target &&
+            !(entryEdge.from.isProjectRoot || entryEdge.from.isWorkspace)) {
           prunePeerSets.push(...gatherDepSet([entryNode], e => {
             return e.to !== entryNode && !e.peerConflicted
           }))

node_modules/@npmcli/arborist/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "4.0.3",
+  "version": "4.0.4",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.0.1",

package-lock.json

@@ -86,7 +86,7 @@
       ],
       "dependencies": {
         "@isaacs/string-locale-compare": "^1.1.0",
-        "@npmcli/arborist": "^4.0.3",
+        "@npmcli/arborist": "^4.0.4",
         "@npmcli/ci-detect": "^1.4.0",
         "@npmcli/config": "^2.3.0",
         "@npmcli/map-workspaces": "^2.0.0",
@@ -772,9 +772,9 @@
       }
     },
     "node_modules/@npmcli/arborist": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-4.0.3.tgz",
-      "integrity": "sha512-gFz/dNJtpv2bYXlupcUpEaWlFDRUNmvVnQNbE6dY4ild6beZ2SkG4R5/CM4GZZwj9HD2TyfGjO350Ja+xlLzuA==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-4.0.4.tgz",
+      "integrity": "sha512-5hRkiHF9zu62z6a7CJqhVG5CFUVnbYqvrrcxxEmhxFgyH2ovICyULOrj7nF4VBlfzp7OPu/rveV2ts9iYrn74g==",
       "inBundle": true,
       "dependencies": {
         "@isaacs/string-locale-compare": "^1.0.1",
@@ -11082,9 +11082,9 @@
       "dev": true
     },
     "@npmcli/arborist": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-4.0.3.tgz",
-      "integrity": "sha512-gFz/dNJtpv2bYXlupcUpEaWlFDRUNmvVnQNbE6dY4ild6beZ2SkG4R5/CM4GZZwj9HD2TyfGjO350Ja+xlLzuA==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-4.0.4.tgz",
+      "integrity": "sha512-5hRkiHF9zu62z6a7CJqhVG5CFUVnbYqvrrcxxEmhxFgyH2ovICyULOrj7nF4VBlfzp7OPu/rveV2ts9iYrn74g==",
       "requires": {
         "@isaacs/string-locale-compare": "^1.0.1",
         "@npmcli/installed-package-contents": "^1.0.7",

package.json

@@ -55,7 +55,7 @@
   },
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
-    "@npmcli/arborist": "^4.0.3",
+    "@npmcli/arborist": "^4.0.4",
     "@npmcli/ci-detect": "^1.4.0",
     "@npmcli/config": "^2.3.0",
     "@npmcli/map-workspaces": "^2.0.0",