From cbb3d150495c5021f7c6c114fa89f9a9031b6969 Mon Sep 17 00:00:00 2001 From: Zoltan Kochan Date: Sat, 16 Apr 2022 02:29:50 +0300 Subject: [PATCH 1/2] fix: store integrity check when the lockfile is updated --- .changeset/modern-maps-unite.md | 6 +++ .../package-requester/src/packageRequester.ts | 6 ++- packages/package-requester/test/index.ts | 46 +++++++++++++++++++ pnpm-lock.yaml | 2 +- 4 files changed, 57 insertions(+), 3 deletions(-) create mode 100644 .changeset/modern-maps-unite.md diff --git a/.changeset/modern-maps-unite.md b/.changeset/modern-maps-unite.md new file mode 100644 index 00000000000..2c414834660 --- /dev/null +++ b/.changeset/modern-maps-unite.md @@ -0,0 +1,6 @@ +--- +"@pnpm/package-requester": patch +"pnpm": patch +--- + +Don't check the integrity of the store with the package version from the lockfile, when the package was updated. diff --git a/packages/package-requester/src/packageRequester.ts b/packages/package-requester/src/packageRequester.ts index ab8c109f09b..79959e14ddc 100644 --- a/packages/package-requester/src/packageRequester.ts +++ b/packages/package-requester/src/packageRequester.ts @@ -244,7 +244,7 @@ async function resolveAndFetch ( } } - const pkg = pick(['name', 'version'], manifest ?? {}) + const pkg: PkgNameVersion = pick(['name', 'version'], manifest ?? {}) const fetchResult = ctx.fetchPackageToStore({ fetchRawManifest: true, force: forceFetch, @@ -254,7 +254,9 @@ async function resolveAndFetch ( id, resolution, }, - expectedPkg: options.expectedPkg?.name != null ? options.expectedPkg : pkg, + expectedPkg: options.expectedPkg?.name != null + ? (updated ? { name: options.expectedPkg.name, version: pkg.version } : options.expectedPkg) + : pkg, }) return { diff --git a/packages/package-requester/test/index.ts b/packages/package-requester/test/index.ts index 3a642e2b42e..7c96ceddb1f 100644 --- a/packages/package-requester/test/index.ts +++ b/packages/package-requester/test/index.ts @@ -973,6 +973,52 @@ test('throw exception if the package data in the store differs from the expected } }) +test("don't throw an error if the package was updated, so the expectedPkg has a different version than the version in the store", async () => { + const storeDir = tempy.directory() + const cafs = createCafsStore(storeDir) + { + const requestPackage = createPackageRequester({ + resolve, + fetchers, + cafs, + networkConcurrency: 1, + storeDir, + verifyStoreIntegrity: true, + }) + + const projectDir = tempy.directory() + const pkgResponse = await requestPackage({ alias: 'is-positive', pref: '3.1.0' }, { + downloadPriority: 0, + lockfileDir: projectDir, + preferredVersions: {}, + projectDir, + registry, + }) + await pkgResponse.finishing!() + } + const requestPackage = createPackageRequester({ + resolve, + fetchers, + cafs, + networkConcurrency: 1, + storeDir, + verifyStoreIntegrity: true, + }) + const projectDir = tempy.directory() + const pkgResponse = await requestPackage({ alias: 'is-positive', pref: '3.1.0' }, { + downloadPriority: 0, + lockfileDir: tempy.directory(), + preferredVersions: {}, + projectDir, + registry, + expectedPkg: { + name: 'is-positive', + version: '3.0.0', + }, + }) + await expect(pkgResponse.files!()).resolves.toStrictEqual(expect.anything()) +}) + test('the version in the bundled manifest should be normalized', async () => { const storeDir = tempy.directory() const cafs = createCafsStore(storeDir) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0cd4a94d7e4..e0a152e0972 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1,4 +1,4 @@ -lockfileVersion: 5.3 +lockfileVersion: 5.4 neverBuiltDependencies: - core-js From 6391951439ddeb5538f6cfd2340d5173317c8f6c Mon Sep 17 00:00:00 2001 From: Zoltan Kochan Date: Sat, 16 Apr 2022 02:58:43 +0300 Subject: [PATCH 2/2] docs: update changesets --- .changeset/modern-maps-unite.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changeset/modern-maps-unite.md b/.changeset/modern-maps-unite.md index 2c414834660..65f44638feb 100644 --- a/.changeset/modern-maps-unite.md +++ b/.changeset/modern-maps-unite.md @@ -3,4 +3,4 @@ "pnpm": patch --- -Don't check the integrity of the store with the package version from the lockfile, when the package was updated. +Don't check the integrity of the store with the package version from the lockfile, when the package was updated [#4580](https://github.com/pnpm/pnpm/pull/4580).