fix(npm): augment constraints less aggressively (#19850)

renovatebot · Jan 15, 2023 · f34d395 · f34d395
1 parent b4d1ad8
commit f34d395
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 3 deletions.
diff --git a/lib/modules/manager/npm/extract/locked-versions.spec.ts b/lib/modules/manager/npm/extract/locked-versions.spec.ts
@@ -344,6 +344,39 @@ describe('modules/manager/npm/extract/locked-versions', () => {
       ]);
     });
 
+    it('skips augmenting v2 lock file constraint', async () => {
+      npm.getNpmLock.mockReturnValue({
+        lockedVersions: { a: '1.0.0', b: '2.0.0', c: '3.0.0' },
+        lockfileVersion: 2,
+      });
+      const packageFiles = [
+        {
+          npmLock: 'package-lock.json',
+          constraints: {
+            npm: '>=9.0.0',
+          },
+          deps: [
+            { depName: 'a', currentValue: '1.0.0' },
+            { depName: 'b', currentValue: '2.0.0' },
+          ],
+        },
+      ];
+      await getLockedVersions(packageFiles);
+      expect(packageFiles).toEqual([
+        {
+          constraints: {
+            npm: '>=9.0.0',
+          },
+          deps: [
+            { currentValue: '1.0.0', depName: 'a', lockedVersion: '1.0.0' },
+            { currentValue: '2.0.0', depName: 'b', lockedVersion: '2.0.0' },
+          ],
+          lockFiles: ['package-lock.json'],
+          npmLock: 'package-lock.json',
+        },
+      ]);
+    });
+
     it('appends <7 to npm constraints', async () => {
       npm.getNpmLock.mockReturnValue({
         lockedVersions: {
@@ -385,6 +418,47 @@ describe('modules/manager/npm/extract/locked-versions', () => {
       ]);
     });
 
+    it('skips appending <7 to npm constraints', async () => {
+      npm.getNpmLock.mockReturnValue({
+        lockedVersions: {
+          a: '1.0.0',
+          b: '2.0.0',
+          c: '3.0.0',
+        },
+        lockfileVersion: 1,
+      });
+      const packageFiles = [
+        {
+          npmLock: 'package-lock.json',
+          constraints: {
+            npm: '^8.0.0',
+          },
+          deps: [
+            {
+              depName: 'a',
+              currentValue: '1.0.0',
+            },
+            {
+              depName: 'b',
+              currentValue: '2.0.0',
+            },
+          ],
+        },
+      ];
+      await getLockedVersions(packageFiles);
+      expect(packageFiles).toEqual([
+        {
+          constraints: { npm: '^8.0.0' },
+          deps: [
+            { currentValue: '1.0.0', depName: 'a', lockedVersion: '1.0.0' },
+            { currentValue: '2.0.0', depName: 'b', lockedVersion: '2.0.0' },
+          ],
+          lockFiles: ['package-lock.json'],
+          npmLock: 'package-lock.json',
+        },
+      ]);
+    });
+
     it('ignores pnpm', async () => {
       const packageFiles = [
         {

diff --git a/lib/modules/manager/npm/extract/locked-versions.ts b/lib/modules/manager/npm/extract/locked-versions.ts
@@ -60,16 +60,16 @@ export async function getLockedVersions(
       if (lockfileVersion === 1) {
         if (packageFile.constraints?.npm) {
           // Add a <7 constraint if it's not already a fixed version
-          if (!semver.valid(packageFile.constraints.npm)) {
+          if (semver.satisfies('6.14.18', packageFile.constraints.npm)) {
             packageFile.constraints.npm += ' <7';
           }
         } else {
           packageFile.constraints!.npm = '<7';
         }
       } else if (lockfileVersion === 2) {
         if (packageFile.constraints?.npm) {
-          // Add a <9 constraint if it's not already a fixed version
-          if (!semver.valid(packageFile.constraints.npm)) {
+          // Add a <9 constraint if the latest 8.x is compatible
+          if (semver.satisfies('8.19.3', packageFile.constraints.npm)) {
             packageFile.constraints.npm += ' <9';
           }
         } else {