@pnpm/installing.deps-resolver 1100.2.5 → 1100.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/resolveDependencies.js +29 -4
- package/package.json +15 -15
|
@@ -8,6 +8,7 @@ import { nameVerFromPkgSnapshot, pkgSnapshotToResolution, } from '@pnpm/lockfile
|
|
|
8
8
|
import { logger } from '@pnpm/logger';
|
|
9
9
|
import { getPatchInfo } from '@pnpm/patching.config';
|
|
10
10
|
import { convertEnginesRuntimeToDependencies } from '@pnpm/pkg-manifest.utils';
|
|
11
|
+
import { parseBareSpecifier } from '@pnpm/resolving.npm-resolver';
|
|
11
12
|
import { DIRECT_DEP_SELECTOR_WEIGHT, } from '@pnpm/resolving.resolver-base';
|
|
12
13
|
import { lexCompare } from '@pnpm/util.lex-comparator';
|
|
13
14
|
import normalizePath from 'normalize-path';
|
|
@@ -39,7 +40,8 @@ export async function resolveRootDependencies(ctx, importers) {
|
|
|
39
40
|
ctx.allPreferredVersions = getPreferredVersionsFromLockfileAndManifests(ctx.wantedLockfile.packages, []);
|
|
40
41
|
}
|
|
41
42
|
else if (ctx.hoistPeers) {
|
|
42
|
-
|
|
43
|
+
// Null-prototype: keyed by package names from resolved manifests.
|
|
44
|
+
ctx.allPreferredVersions = Object.create(null);
|
|
43
45
|
}
|
|
44
46
|
const { pkgAddressesByImportersWithoutPeers, publishedBy, time } = await resolveDependenciesOfImporters(ctx, importers);
|
|
45
47
|
if (!ctx.hoistPeers) {
|
|
@@ -434,8 +436,14 @@ async function resolveDependenciesOfDependency(ctx, preferredVersions, options,
|
|
|
434
436
|
const updateShouldContinue = options.currentDepth <= updateDepth;
|
|
435
437
|
const updateRequested = updateShouldContinue &&
|
|
436
438
|
((options.updateMatching == null) ||
|
|
437
|
-
(extendedWantedDep.infoFromLockfile?.name != null
|
|
438
|
-
options.updateMatching(extendedWantedDep.infoFromLockfile.name, extendedWantedDep.infoFromLockfile.version)
|
|
439
|
+
(extendedWantedDep.infoFromLockfile?.name != null
|
|
440
|
+
? options.updateMatching(extendedWantedDep.infoFromLockfile.name, extendedWantedDep.infoFromLockfile.version)
|
|
441
|
+
// A changed specifier forgets the edge's lockfile reference before
|
|
442
|
+
// resolution (e.g. `pnpm audit --fix` widening a vulnerable pin), so
|
|
443
|
+
// the target would otherwise lose its updateRequested status — and
|
|
444
|
+
// keep its seeded lockfile pins — at the very moment it is being
|
|
445
|
+
// updated. Fall back to matching by the wanted dependency itself.
|
|
446
|
+
: wantedDependencyMatchesUpdateTarget(ctx, options.updateMatching, extendedWantedDep.wantedDependency)));
|
|
439
447
|
const update = updateRequested ||
|
|
440
448
|
((extendedWantedDep.infoFromLockfile?.dependencyLockfile) == null) || Boolean((ctx.workspacePackages != null) &&
|
|
441
449
|
ctx.linkWorkspacePackagesDepth !== -1 &&
|
|
@@ -557,6 +565,21 @@ async function resolveDependenciesOfDependency(ctx, preferredVersions, options,
|
|
|
557
565
|
},
|
|
558
566
|
};
|
|
559
567
|
}
|
|
568
|
+
/**
|
|
569
|
+
* Whether a wanted dependency without a lockfile reference matches the
|
|
570
|
+
* update target by package name. The name is parsed from the bare
|
|
571
|
+
* specifier, so an `npm:` alias matches by the real package name it
|
|
572
|
+
* installs — `foo@npm:bar@^4` matches an update target of `bar`, not
|
|
573
|
+
* `foo`. Exotic specifiers the npm parser rejects fall back to the alias.
|
|
574
|
+
*/
|
|
575
|
+
function wantedDependencyMatchesUpdateTarget(ctx, updateMatching, wantedDependency) {
|
|
576
|
+
const { alias, bareSpecifier } = wantedDependency;
|
|
577
|
+
const spec = alias && bareSpecifier
|
|
578
|
+
? parseBareSpecifier(bareSpecifier, alias, ctx.defaultTag ?? 'latest', ctx.registries.default)
|
|
579
|
+
: null;
|
|
580
|
+
const name = spec?.name ?? alias;
|
|
581
|
+
return name != null && updateMatching(name, undefined);
|
|
582
|
+
}
|
|
560
583
|
export function createNodeIdForLinkedLocalPkg(lockfileDir, pkgDir) {
|
|
561
584
|
return `link:${normalizePath(path.relative(lockfileDir, pkgDir))}`;
|
|
562
585
|
}
|
|
@@ -1102,6 +1125,7 @@ async function resolveDependency(wantedDependency, ctx, options) {
|
|
|
1102
1125
|
trustPolicyExclude: ctx.trustPolicyExclude,
|
|
1103
1126
|
trustPolicyIgnoreAfter: ctx.trustPolicyIgnoreAfter,
|
|
1104
1127
|
update: options.update,
|
|
1128
|
+
updateRequested: options.updateRequested,
|
|
1105
1129
|
updateChecksums: options.updateChecksums,
|
|
1106
1130
|
workspacePackages: ctx.workspacePackages,
|
|
1107
1131
|
supportedArchitectures: options.supportedArchitectures,
|
|
@@ -1163,7 +1187,8 @@ async function resolveDependency(wantedDependency, ctx, options) {
|
|
|
1163
1187
|
}
|
|
1164
1188
|
if (ctx.allPreferredVersions && pkgResponse.body.manifest?.version) {
|
|
1165
1189
|
if (!ctx.allPreferredVersions[pkgResponse.body.manifest.name]) {
|
|
1166
|
-
|
|
1190
|
+
// Null-prototype: keyed by versions from the resolved manifest.
|
|
1191
|
+
ctx.allPreferredVersions[pkgResponse.body.manifest.name] = Object.create(null);
|
|
1167
1192
|
}
|
|
1168
1193
|
ctx.allPreferredVersions[pkgResponse.body.manifest.name][pkgResponse.body.manifest.version] = 'version';
|
|
1169
1194
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pnpm/installing.deps-resolver",
|
|
3
|
-
"version": "1100.2.
|
|
3
|
+
"version": "1100.2.6",
|
|
4
4
|
"description": "Resolves dependency graph of a package",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pnpm",
|
|
@@ -44,28 +44,28 @@
|
|
|
44
44
|
"validate-npm-package-name": "7.0.2",
|
|
45
45
|
"version-selector-type": "^3.0.0",
|
|
46
46
|
"@pnpm/catalogs.resolver": "1100.0.0",
|
|
47
|
-
"@pnpm/catalogs.types": "1100.0.0",
|
|
48
47
|
"@pnpm/config.version-policy": "1100.1.6",
|
|
48
|
+
"@pnpm/catalogs.types": "1100.0.0",
|
|
49
49
|
"@pnpm/constants": "1100.0.0",
|
|
50
50
|
"@pnpm/core-loggers": "1100.2.1",
|
|
51
|
-
"@pnpm/deps.
|
|
52
|
-
"@pnpm/deps.graph-hasher": "1100.2.6",
|
|
51
|
+
"@pnpm/deps.graph-hasher": "1100.2.7",
|
|
53
52
|
"@pnpm/deps.peer-range": "1100.0.2",
|
|
53
|
+
"@pnpm/deps.path": "1100.0.8",
|
|
54
54
|
"@pnpm/error": "1100.0.1",
|
|
55
|
-
"@pnpm/
|
|
56
|
-
"@pnpm/
|
|
57
|
-
"@pnpm/lockfile.preferred-versions": "1100.0.
|
|
58
|
-
"@pnpm/lockfile.pruner": "1100.0.
|
|
59
|
-
"@pnpm/lockfile.types": "1100.0.
|
|
60
|
-
"@pnpm/lockfile.utils": "1100.1.
|
|
55
|
+
"@pnpm/hooks.types": "1100.1.1",
|
|
56
|
+
"@pnpm/fetching.pick-fetcher": "1100.0.14",
|
|
57
|
+
"@pnpm/lockfile.preferred-versions": "1100.0.18",
|
|
58
|
+
"@pnpm/lockfile.pruner": "1100.0.13",
|
|
59
|
+
"@pnpm/lockfile.types": "1100.0.13",
|
|
60
|
+
"@pnpm/lockfile.utils": "1100.1.1",
|
|
61
61
|
"@pnpm/patching.config": "1100.0.9",
|
|
62
62
|
"@pnpm/patching.types": "1100.0.0",
|
|
63
|
+
"@pnpm/resolving.npm-resolver": "1102.1.1",
|
|
63
64
|
"@pnpm/pkg-manifest.reader": "1100.0.9",
|
|
65
|
+
"@pnpm/resolving.resolver-base": "1100.5.1",
|
|
64
66
|
"@pnpm/pkg-manifest.utils": "1100.2.6",
|
|
65
|
-
"@pnpm/resolving.resolver-base": "1100.5.0",
|
|
66
|
-
"@pnpm/store.controller-types": "1100.1.6",
|
|
67
|
-
"@pnpm/resolving.npm-resolver": "1102.1.0",
|
|
68
67
|
"@pnpm/types": "1101.3.2",
|
|
68
|
+
"@pnpm/store.controller-types": "1100.1.7",
|
|
69
69
|
"@pnpm/workspace.spec-parser": "1100.0.0"
|
|
70
70
|
},
|
|
71
71
|
"peerDependencies": {
|
|
@@ -77,8 +77,8 @@
|
|
|
77
77
|
"@types/ramda": "0.31.1",
|
|
78
78
|
"@types/semver": "7.7.1",
|
|
79
79
|
"@types/validate-npm-package-name": "^4.0.2",
|
|
80
|
-
"@pnpm/
|
|
81
|
-
"@pnpm/
|
|
80
|
+
"@pnpm/logger": "1100.0.0",
|
|
81
|
+
"@pnpm/installing.deps-resolver": "1100.2.6"
|
|
82
82
|
},
|
|
83
83
|
"engines": {
|
|
84
84
|
"node": ">=22.13"
|