@teambit/dependency-resolver 1.0.606 → 1.0.610

package/dist/dependency-resolver-workspace-config.d.ts

@@ -2,6 +2,7 @@ import { PeerDependencyRules } from '@pnpm/types';
 import { WorkspacePolicyConfigObject } from './policy';
 import { PackageImportMethod } from './package-manager';
 export type NodeLinker = 'hoisted' | 'isolated';
+export type ComponentRangePrefix = '~' | '^' | '+' | '-';
 export interface DependencyResolverWorkspaceConfig {
     policy: WorkspacePolicyConfigObject;
     /**
@@ -105,4 +106,13 @@ export interface DependencyResolverWorkspaceConfig {
      * Tells pnpm to automatically install peer dependencies. It is true by default.
      */
     autoInstallPeers?: boolean;
+    /**
+     * By default, Bit saves component dependencies with exact versions (pinned) in the package.json,
+     * even if the dependency-resolver policy specifies a version range.
+     *
+     * To preserve the range defined in the policy, set this value to "+".
+     * To apply a predefined range ("~" or "^") to other component dependencies not covered by the policy,
+     * set this to the desired range symbol.
+     */
+    componentRangePrefix?: ComponentRangePrefix;
 }

package/dist/dependency-resolver-workspace-config.js.map

@@ -1 +1 @@
-{"version":3,"names":[],"sources":["dependency-resolver-workspace-config.ts"],"sourcesContent":["import { PeerDependencyRules } from '@pnpm/types';\nimport { WorkspacePolicyConfigObject } from './policy';\nimport { PackageImportMethod } from './package-manager';\n\nexport type NodeLinker = 'hoisted' | 'isolated';\n\nexport interface DependencyResolverWorkspaceConfig {\n  policy: WorkspacePolicyConfigObject;\n  /**\n   * choose the package manager for Bit to use. you can choose between 'npm', 'yarn', 'pnpm'\n   * and 'librarian'. our recommendation is use 'librarian' which reduces package duplicates\n   * and totally removes the need of a 'node_modules' directory in your project.\n   */\n  packageManager?: string;\n\n  /**\n   * A proxy server for out going network requests by the package manager\n   * Used for both http and https requests (unless the httpsProxy is defined)\n   */\n  proxy?: string;\n\n  /**\n   * A proxy server for outgoing https requests by the package manager (fallback to proxy server if not defined)\n   * Use this in case you want different proxy for http and https requests.\n   */\n  httpsProxy?: string;\n\n  /**\n   * A path to a file containing one or multiple Certificate Authority signing certificates.\n   * allows for multiple CA's, as well as for the CA information to be stored in a file on disk.\n   */\n  ca?: string;\n\n  /**\n   * Whether or not to do SSL key validation when making requests to the registry via https\n   */\n  strictSsl?: string;\n\n  /**\n   * A client certificate to pass when accessing the registry. Values should be in PEM format (Windows calls it \"Base-64 encoded X.509 (.CER)\") with newlines replaced by the string \"\\n\". For example:\n   * cert=\"----BEGIN CERTIFICATE-----\\nXXXX\\nXXXX\\n-----END CERTIFICATE----\"\n   * It is not the path to a certificate file (and there is no \"certfile\" option).\n   */\n  cert?: string;\n\n  /**\n   * A client key to pass when accessing the registry. Values should be in PEM format with newlines replaced by the string \"\\n\". For example:\n   * key=\"----BEGIN PRIVATE KEY-----\\nXXXX\\nXXXX\\n-----END PRIVATE KEY----\"\n   * It is not the path to a key file (and there is no \"keyfile\" option).\n   */\n  key?: string;\n\n  /**\n   * A comma-separated string of domain extensions that a proxy should not be used for.\n   */\n  noProxy?: string;\n\n  /**\n   * The IP address of the local interface to use when making connections to the npm registry.\n   */\n  localAddress?: string;\n\n  /**\n   * How many times to retry if Bit fails to fetch from the registry.\n   */\n  fetchRetries?: number;\n\n  /*\n   * The exponential factor for retry backoff.\n   */\n  fetchRetryFactor?: number;\n\n  /*\n   * The minimum (base) timeout for retrying requests.\n   */\n  fetchRetryMintimeout?: number;\n\n  /*\n   * The maximum fallback timeout to ensure the retry factor does not make requests too long.\n   */\n  fetchRetryMaxtimeout?: number;\n\n  /*\n   * The maximum amount of time (in milliseconds) to wait for HTTP requests to complete.\n   */\n  fetchTimeout?: number;\n\n  /*\n   * The maximum number of connections to use per origin (protocol/host/port combination).\n   */\n  maxSockets?: number;\n\n  /*\n   * Controls the maximum number of HTTP(S) requests to process simultaneously.\n   */\n  networkConcurrency?: number;\n\n  /*\n   * Set the prefix to use when adding dependency to workspace.jsonc via bit install\n   * to lock version to exact version you can use empty string (default)\n   */\n  savePrefix?: string;\n\n  /*\n   * in case you want to disable this proxy set this config to false\n   *\n   */\n  installFromBitDevRegistry?: boolean;\n\n  /*\n   * map of extra arguments to pass to the configured package manager upon the installation\n   * of dependencies.\n   */\n  packageManagerArgs?: string[];\n\n  /*\n   * This field allows to instruct the package manager to override any dependency in the dependency graph.\n   * This is useful to enforce all your packages to use a single version of a dependency, backport a fix,\n   * or replace a dependency with a fork.\n   */\n  overrides?: Record<string, string>;\n\n  /**\n   * This is similar to overrides, but will only affect installation in capsules.\n   * In case overrides is configured and this not, the regular overrides will affect capsules as well.\n   * in case both configured, capsulesOverrides will be used for capsules, and overrides will affect the workspace.\n   */\n  capsulesOverrides?: Record<string, string>;\n\n  /*\n   * Defines what linker should be used for installing Node.js packages.\n   * Supported values are hoisted and isolated.\n   */\n  nodeLinker?: NodeLinker;\n\n  /*\n   * Controls the way packages are imported from the store.\n   */\n  packageImportMethod?: PackageImportMethod;\n\n  /*\n   * Use and cache the results of (pre/post)install hooks.\n   */\n  sideEffectsCache?: boolean;\n\n  /*\n   * The list of components that should be installed in isolation from the workspace.\n   * The component's package names should be used in this list, not their component IDs.\n   */\n  rootComponents?: boolean;\n\n  /*\n   * The node version to use when checking a package's engines setting.\n   */\n  nodeVersion?: string;\n\n  /*\n   * Refuse to install any package that claims to not be compatible with the current Node.js version.\n   */\n  engineStrict?: boolean;\n\n  /*\n   * Rules to mute specific peer dependeny warnings.\n   */\n  peerDependencyRules?: PeerDependencyRules;\n\n  /*\n   * This setting is \"true\" by default and tells bit to link core aspects to the node_modules of the workspace.\n   * It only makes sense to set this to \"false\" in a workspace in which core aspects are actually developed.\n   */\n  linkCoreAspects?: boolean;\n\n  /**\n   * When false, Bit will create a shared node_modules directory for all components in a capsule.\n   */\n  isolatedCapsules?: boolean;\n\n  /*\n   * Ignore the builds of specific dependencies. The \"preinstall\", \"install\", and \"postinstall\" scripts\n   * of the listed packages will not be executed during installation.\n   */\n  neverBuiltDependencies?: string[];\n\n  /**\n   * If true, staleness checks for cached data will be bypassed, but missing data will be requested from the server.\n   */\n  preferOffline?: boolean;\n\n  /**\n   * When true, components in capsules are symlinked into their own node_modules.\n   */\n  capsuleSelfReference?: boolean;\n\n  /**\n   * Tells pnpm which packages should be hoisted to node_modules/.pnpm/node_modules.\n   * By default, all packages are hoisted - however, if you know that only some flawed packages have phantom dependencies,\n   * you can use this option to exclusively hoist the phantom dependencies (recommended).\n   */\n  hoistPatterns?: string[];\n\n  /**\n   * When true, dependencies from the workspace are hoisted to node_modules/.pnpm/node_modules\n   * even if they are found in the root node_modules\n   */\n  hoistInjectedDependencies?: boolean;\n\n  /**\n   * Tells pnpm to automatically install peer dependencies. It is true by default.\n   */\n  autoInstallPeers?: boolean;\n}\n"],"mappings":"","ignoreList":[]}
+{"version":3,"names":[],"sources":["dependency-resolver-workspace-config.ts"],"sourcesContent":["import { PeerDependencyRules } from '@pnpm/types';\nimport { WorkspacePolicyConfigObject } from './policy';\nimport { PackageImportMethod } from './package-manager';\n\nexport type NodeLinker = 'hoisted' | 'isolated';\n\nexport type ComponentRangePrefix = '~' | '^' | '+' | '-';\n\nexport interface DependencyResolverWorkspaceConfig {\n  policy: WorkspacePolicyConfigObject;\n  /**\n   * choose the package manager for Bit to use. you can choose between 'npm', 'yarn', 'pnpm'\n   * and 'librarian'. our recommendation is use 'librarian' which reduces package duplicates\n   * and totally removes the need of a 'node_modules' directory in your project.\n   */\n  packageManager?: string;\n\n  /**\n   * A proxy server for out going network requests by the package manager\n   * Used for both http and https requests (unless the httpsProxy is defined)\n   */\n  proxy?: string;\n\n  /**\n   * A proxy server for outgoing https requests by the package manager (fallback to proxy server if not defined)\n   * Use this in case you want different proxy for http and https requests.\n   */\n  httpsProxy?: string;\n\n  /**\n   * A path to a file containing one or multiple Certificate Authority signing certificates.\n   * allows for multiple CA's, as well as for the CA information to be stored in a file on disk.\n   */\n  ca?: string;\n\n  /**\n   * Whether or not to do SSL key validation when making requests to the registry via https\n   */\n  strictSsl?: string;\n\n  /**\n   * A client certificate to pass when accessing the registry. Values should be in PEM format (Windows calls it \"Base-64 encoded X.509 (.CER)\") with newlines replaced by the string \"\\n\". For example:\n   * cert=\"----BEGIN CERTIFICATE-----\\nXXXX\\nXXXX\\n-----END CERTIFICATE----\"\n   * It is not the path to a certificate file (and there is no \"certfile\" option).\n   */\n  cert?: string;\n\n  /**\n   * A client key to pass when accessing the registry. Values should be in PEM format with newlines replaced by the string \"\\n\". For example:\n   * key=\"----BEGIN PRIVATE KEY-----\\nXXXX\\nXXXX\\n-----END PRIVATE KEY----\"\n   * It is not the path to a key file (and there is no \"keyfile\" option).\n   */\n  key?: string;\n\n  /**\n   * A comma-separated string of domain extensions that a proxy should not be used for.\n   */\n  noProxy?: string;\n\n  /**\n   * The IP address of the local interface to use when making connections to the npm registry.\n   */\n  localAddress?: string;\n\n  /**\n   * How many times to retry if Bit fails to fetch from the registry.\n   */\n  fetchRetries?: number;\n\n  /*\n   * The exponential factor for retry backoff.\n   */\n  fetchRetryFactor?: number;\n\n  /*\n   * The minimum (base) timeout for retrying requests.\n   */\n  fetchRetryMintimeout?: number;\n\n  /*\n   * The maximum fallback timeout to ensure the retry factor does not make requests too long.\n   */\n  fetchRetryMaxtimeout?: number;\n\n  /*\n   * The maximum amount of time (in milliseconds) to wait for HTTP requests to complete.\n   */\n  fetchTimeout?: number;\n\n  /*\n   * The maximum number of connections to use per origin (protocol/host/port combination).\n   */\n  maxSockets?: number;\n\n  /*\n   * Controls the maximum number of HTTP(S) requests to process simultaneously.\n   */\n  networkConcurrency?: number;\n\n  /*\n   * Set the prefix to use when adding dependency to workspace.jsonc via bit install\n   * to lock version to exact version you can use empty string (default)\n   */\n  savePrefix?: string;\n\n  /*\n   * in case you want to disable this proxy set this config to false\n   *\n   */\n  installFromBitDevRegistry?: boolean;\n\n  /*\n   * map of extra arguments to pass to the configured package manager upon the installation\n   * of dependencies.\n   */\n  packageManagerArgs?: string[];\n\n  /*\n   * This field allows to instruct the package manager to override any dependency in the dependency graph.\n   * This is useful to enforce all your packages to use a single version of a dependency, backport a fix,\n   * or replace a dependency with a fork.\n   */\n  overrides?: Record<string, string>;\n\n  /**\n   * This is similar to overrides, but will only affect installation in capsules.\n   * In case overrides is configured and this not, the regular overrides will affect capsules as well.\n   * in case both configured, capsulesOverrides will be used for capsules, and overrides will affect the workspace.\n   */\n  capsulesOverrides?: Record<string, string>;\n\n  /*\n   * Defines what linker should be used for installing Node.js packages.\n   * Supported values are hoisted and isolated.\n   */\n  nodeLinker?: NodeLinker;\n\n  /*\n   * Controls the way packages are imported from the store.\n   */\n  packageImportMethod?: PackageImportMethod;\n\n  /*\n   * Use and cache the results of (pre/post)install hooks.\n   */\n  sideEffectsCache?: boolean;\n\n  /*\n   * The list of components that should be installed in isolation from the workspace.\n   * The component's package names should be used in this list, not their component IDs.\n   */\n  rootComponents?: boolean;\n\n  /*\n   * The node version to use when checking a package's engines setting.\n   */\n  nodeVersion?: string;\n\n  /*\n   * Refuse to install any package that claims to not be compatible with the current Node.js version.\n   */\n  engineStrict?: boolean;\n\n  /*\n   * Rules to mute specific peer dependeny warnings.\n   */\n  peerDependencyRules?: PeerDependencyRules;\n\n  /*\n   * This setting is \"true\" by default and tells bit to link core aspects to the node_modules of the workspace.\n   * It only makes sense to set this to \"false\" in a workspace in which core aspects are actually developed.\n   */\n  linkCoreAspects?: boolean;\n\n  /**\n   * When false, Bit will create a shared node_modules directory for all components in a capsule.\n   */\n  isolatedCapsules?: boolean;\n\n  /*\n   * Ignore the builds of specific dependencies. The \"preinstall\", \"install\", and \"postinstall\" scripts\n   * of the listed packages will not be executed during installation.\n   */\n  neverBuiltDependencies?: string[];\n\n  /**\n   * If true, staleness checks for cached data will be bypassed, but missing data will be requested from the server.\n   */\n  preferOffline?: boolean;\n\n  /**\n   * When true, components in capsules are symlinked into their own node_modules.\n   */\n  capsuleSelfReference?: boolean;\n\n  /**\n   * Tells pnpm which packages should be hoisted to node_modules/.pnpm/node_modules.\n   * By default, all packages are hoisted - however, if you know that only some flawed packages have phantom dependencies,\n   * you can use this option to exclusively hoist the phantom dependencies (recommended).\n   */\n  hoistPatterns?: string[];\n\n  /**\n   * When true, dependencies from the workspace are hoisted to node_modules/.pnpm/node_modules\n   * even if they are found in the root node_modules\n   */\n  hoistInjectedDependencies?: boolean;\n\n  /**\n   * Tells pnpm to automatically install peer dependencies. It is true by default.\n   */\n  autoInstallPeers?: boolean;\n\n  /**\n   * By default, Bit saves component dependencies with exact versions (pinned) in the package.json,\n   * even if the dependency-resolver policy specifies a version range.\n   *\n   * To preserve the range defined in the policy, set this value to \"+\".\n   * To apply a predefined range (\"~\" or \"^\") to other component dependencies not covered by the policy,\n   * set this to the desired range symbol.\n   */\n  componentRangePrefix?: ComponentRangePrefix;\n}\n"],"mappings":"","ignoreList":[]}

package/dist/dependency-resolver.main.runtime.d.ts

@@ -8,7 +8,6 @@ import { GraphqlMain } from '@teambit/graphql';
 import { Logger } from '@teambit/logger';
 import { ExtensionDataList } from '@teambit/legacy.extension-data';
 import { ProxyConfig, NetworkConfig } from '@teambit/scope.network';
-import { onTagIdTransformer } from '@teambit/snapping';
 import { ConsumerComponent as LegacyComponent, Dependency as LegacyDependency } from '@teambit/legacy.consumer-component';
 import { ComponentID } from '@teambit/component-id';
 import { SourceFile } from '@teambit/component.sources';
@@ -20,8 +19,8 @@ import { UpdatedComponent } from './apply-updates';
 import { DependencyInstaller, PreInstallSubscriberList, PostInstallSubscriberList, DepInstallerContext } from './dependency-installer';
 import { DependencyVersionResolver } from './dependency-version-resolver';
 import { DepLinkerContext, DependencyLinker, LinkingOptions } from './dependency-linker';
-import { DependencyResolverWorkspaceConfig, NodeLinker } from './dependency-resolver-workspace-config';
-import { OutdatedPkg } from './get-all-policy-pkgs';
+import { ComponentRangePrefix, DependencyResolverWorkspaceConfig, NodeLinker } from './dependency-resolver-workspace-config';
+import { CurrentPkg, OutdatedPkg } from './get-all-policy-pkgs';
 import { CreateFromComponentsOptions, WorkspaceManifest, ManifestDependenciesObject } from './manifest';
 import { WorkspacePolicyConfigObject, VariantPolicyConfigObject, WorkspacePolicy, VariantPolicy, WorkspacePolicyAddEntryOptions, WorkspacePolicyEntry, SerializedVariantPolicy } from './policy';
 import { PackageManager, PackageManagerGetPeerDependencyIssuesOptions } from './package-manager';
@@ -36,6 +35,7 @@ export interface DependencyResolverComponentData {
     packageName: string;
     policy: SerializedVariantPolicy;
     dependencies: SerializedDependency[];
+    componentRangePrefix?: ComponentRangePrefix;
 }
 export interface DependencyResolverVariantConfig {
     policy: VariantPolicyConfigObject;
@@ -67,6 +67,12 @@ export type GetDependenciesOptions = {
 export type GetVersionResolverOptions = {
     cacheRootDirectory?: string;
 };
+/**
+ * see @teambit/dependencies.aspect-docs.dependency-resolver for more information about this aspect.
+ *
+ * The data of this aspect gets saved in workspace-component-loader.ts, `executeLoadSlot()`.
+ * The type of the data is `DependencyResolverComponentData`.
+ */
 export declare class DependencyResolverMain {
     /**
      * Dependency resolver  extension configuration.
@@ -350,7 +356,6 @@ export declare class DependencyResolverMain {
      * So policies installed only locally for the env, not to any components that use the env.
      */
     getPoliciesFromEnvForItself(id: ComponentID, legacyFiles?: SourceFile[], envExtendsDeps?: LegacyDependency[]): Promise<VariantPolicy | undefined>;
-    updateDepsOnLegacyTag(component: LegacyComponent, idTransformer: onTagIdTransformer): LegacyComponent;
     /**
      * Register a new dependency detector. Detectors allow to extend Bit's dependency detection
      * mechanism to support new file extensions and types.
@@ -399,6 +404,23 @@ export declare class DependencyResolverMain {
         patterns?: string[];
         forceVersionBump?: 'major' | 'minor' | 'patch' | 'compatible';
     }): Promise<MergedOutdatedPkg[] | null>;
+    getAllDependencies({ variantPoliciesByPatterns, componentPolicies, components, }: {
+        variantPoliciesByPatterns: Record<string, VariantPolicyConfigObject>;
+        componentPolicies: Array<{
+            componentId: ComponentID;
+            policy: any;
+        }>;
+        components: Component[];
+    }): CurrentPkg[];
+    getAllDedupedDirectDependencies(opts: {
+        variantPoliciesByPatterns: Record<string, VariantPolicyConfigObject>;
+        componentPolicies: Array<{
+            componentId: ComponentID;
+            policy: any;
+        }>;
+        components: Component[];
+    }): CurrentPkg[];
+    private warnAboutOverwrite;
     /**
      * Fetching the package manifest from the full package document.
      * By default, we always request the abbreviated package document,
@@ -430,6 +452,8 @@ export declare class DependencyResolverMain {
         updatedVariants: string[];
         updatedComponents: UpdatedComponent[];
     };
+    getWorkspaceComponentRangePrefix(): ComponentRangePrefix | undefined;
+    calcComponentRangePrefixByConsumerComponent(component: LegacyComponent): ComponentRangePrefix | undefined;
     static runtime: import("@teambit/harmony").RuntimeDefinition;
     static dependencies: Aspect[];
     static slots: (((registerFn: () => string) => SlotRegistry<WorkspacePolicy>) | ((registerFn: () => string) => SlotRegistry<Partial<Record<keyof import("./policy").PolicyConfigKeys, {

package/dist/dependency-resolver.main.runtime.js

@@ -65,6 +65,13 @@ function _component() {
   };
   return data;
 }
+function _pkgModules() {
+  const data = require("@teambit/pkg.modules.semver-helper");
+  _pkgModules = function () {
+    return data;
+  };
+  return data;
+}
 function _path() {
   const data = require("path");
   _path = function () {
@@ -128,9 +135,9 @@ function _legacy2() {
   };
   return data;
 }
-function _pkgModules() {
+function _pkgModules2() {
   const data = require("@teambit/pkg.modules.component-package-name");
-  _pkgModules = function () {
+  _pkgModules2 = function () {
     return data;
   };
   return data;
@@ -335,6 +342,13 @@ const defaultCreateFromComponentsOptions = {
   filterComponentsFromManifests: true,
   createManifestForComponentsWithoutDependencies: true
 };
+
+/**
+ * see @teambit/dependencies.aspect-docs.dependency-resolver for more information about this aspect.
+ *
+ * The data of this aspect gets saved in workspace-component-loader.ts, `executeLoadSlot()`.
+ * The type of the data is `DependencyResolverComponentData`.
+ */
 class DependencyResolverMain {
   constructor(
   /**
@@ -648,7 +662,7 @@ class DependencyResolverMain {
     return component.state.aspects.get(_dependencyResolver().DependencyResolverAspect.id)?.data;
   }
   calcPackageName(component) {
-    return (0, _pkgModules().componentIdToPackageName)(component.state._consumer);
+    return (0, _pkgModules2().componentIdToPackageName)(component.state._consumer);
   }
 
   /*
@@ -1226,26 +1240,6 @@ class DependencyResolverMain {
     const envPolicy = await this.getEnvPolicyFromEnvId(id, legacyFiles, envExtendsDeps);
     return envPolicy?.selfPolicy;
   }
-  updateDepsOnLegacyTag(component, idTransformer) {
-    const entry = component.extensions.findCoreExtension(_dependencyResolver().DependencyResolverAspect.id);
-    if (!entry) {
-      return component;
-    }
-    const dependencies = (0, _lodash().get)(entry, ['data', 'dependencies'], []);
-    dependencies.forEach(dep => {
-      if (dep.__type === _dependencies2().COMPONENT_DEP_TYPE) {
-        // @todo: it's unclear why "dep.componentId" randomly becomes a ComponentID instance.
-        // this check is added because on Ripple in some scenarios it was throwing:
-        // "ComponentID.fromObject expect to get an object, got an instance of ComponentID" (locally it didn't happen)
-        const depId = dep.componentId instanceof _componentId().ComponentID ? dep.componentId : _componentId().ComponentID.fromObject(dep.componentId);
-        const newDepId = idTransformer(depId);
-        dep.componentId = (newDepId || depId).serialize();
-        dep.id = (newDepId || depId).toString();
-        dep.version = (newDepId || depId).version;
-      }
-    });
-    return component;
-  }
 
   /**
    * Register a new dependency detector. Detectors allow to extend Bit's dependency detection
@@ -1385,10 +1379,37 @@ as an alternative, you can use "+" to keep the same version installed in the wor
     components,
     patterns,
     forceVersionBump
+  }) {
+    let allPkgs = this.getAllDependencies({
+      variantPoliciesByPatterns,
+      componentPolicies,
+      components
+    });
+    if (patterns?.length) {
+      const selectedPkgNames = new Set((0, _multimatch().default)(allPkgs.map(({
+        name
+      }) => name), patterns));
+      allPkgs = allPkgs.filter(({
+        name
+      }) => selectedPkgNames.has(name));
+      if (!allPkgs.length) {
+        return null;
+      }
+    }
+    const outdatedPkgs = await this.getOutdatedPkgs({
+      rootDir,
+      forceVersionBump
+    }, allPkgs);
+    return mergeOutdatedPkgs(outdatedPkgs);
+  }
+  getAllDependencies({
+    variantPoliciesByPatterns,
+    componentPolicies,
+    components
   }) {
     const localComponentPkgNames = new Set(components.map(component => this.getPackageName(component)));
-    const componentModelVersions = (await Promise.all(components.map(async component => {
-      const depList = await this.getDependencies(component);
+    const componentModelVersions = components.map(component => {
+      const depList = this.getDependencies(component);
       return depList.filter(dep => typeof dep.getPackageName === 'function' &&
       // If the dependency is referenced not via a valid range it means that it wasn't yet published to the registry
       _semver().default.validRange(dep.version) != null && !dep['isExtension'] &&
@@ -1401,29 +1422,47 @@ as an alternative, you can use "+" to keep the same version installed in the wor
         componentId: component.id,
         lifecycleType: dep.lifecycle
       }));
-    }))).flat();
-    let allPkgs = (0, _getAllPolicyPkgs().getAllPolicyPkgs)({
+    }).flat();
+    return (0, _getAllPolicyPkgs().getAllPolicyPkgs)({
       rootPolicy: this.getWorkspacePolicyFromConfig(),
       variantPoliciesByPatterns,
       componentPolicies,
       componentModelVersions
     });
-    if (patterns?.length) {
-      const selectedPkgNames = new Set((0, _multimatch().default)(allPkgs.map(({
-        name
-      }) => name), patterns));
-      allPkgs = allPkgs.filter(({
-        name
-      }) => selectedPkgNames.has(name));
-      if (!allPkgs.length) {
-        return null;
+  }
+  getAllDedupedDirectDependencies(opts) {
+    const allDeps = this.getAllDependencies(opts);
+    const mergedDeps = {};
+    for (const dep of allDeps) {
+      const existing = mergedDeps[dep.name];
+      if (existing) {
+        if (existing.currentRange === dep.currentRange) continue;
+        if (shouldOverwrite(existing, dep)) {
+          this.warnAboutOverwrite(existing, dep);
+          mergedDeps[dep.name] = dep;
+        } else {
+          this.warnAboutOverwrite(dep, existing);
+        }
+      } else {
+        mergedDeps[dep.name] = dep;
       }
     }
-    const outdatedPkgs = await this.getOutdatedPkgs({
-      rootDir,
-      forceVersionBump
-    }, allPkgs);
-    return mergeOutdatedPkgs(outdatedPkgs);
+    return Object.values(mergedDeps);
+    function shouldOverwrite(existing, incoming) {
+      if (isRootPolicy(existing)) {
+        if (!isRootPolicy(incoming)) return false;
+        return (0, _pkgModules().isRange1GreaterThanRange2Naively)(incoming.currentRange, existing.currentRange);
+      }
+      return isRootPolicy(incoming) || (0, _pkgModules().isRange1GreaterThanRange2Naively)(incoming.currentRange, existing.currentRange);
+    }
+  }
+  warnAboutOverwrite(originalPkg, newPkg) {
+    const message = `${originalPkg.name}@${originalPkg.currentRange} from ${originalPkg.source} overwritten by ${newPkg.currentRange} from ${newPkg.source}`;
+    if (isRootPolicy(newPkg)) {
+      this.logger.info(message);
+    } else {
+      this.logger.warn(message);
+    }
   }
 
   /**
@@ -1500,6 +1539,24 @@ as an alternative, you can use "+" to keep the same version installed in the wor
       updatedComponents
     };
   }
+  getWorkspaceComponentRangePrefix() {
+    return this.config.componentRangePrefix;
+  }
+  calcComponentRangePrefixByConsumerComponent(component) {
+    const fromWs = this.getWorkspaceComponentRangePrefix();
+    if (fromWs) {
+      return fromWs;
+    }
+    const modelData = component.componentFromModel?.extensions.findCoreExtension(_dependencyResolver().DependencyResolverAspect.id);
+    if (modelData?.data?.componentRangePrefix) {
+      return modelData.data.componentRangePrefix;
+    }
+    const currentData = component.extensions?.findCoreExtension(_dependencyResolver().DependencyResolverAspect.id)?.data;
+    if (currentData?.componentRangePrefix) {
+      return currentData.componentRangePrefix;
+    }
+    return undefined;
+  }
   static async provider([envs, loggerExt, configMain, aspectLoader, componentAspect, graphql, configStore], config, [rootPolicyRegistry, policiesRegistry, packageManagerSlot, dependencyFactorySlot, preInstallSlot, postInstallSlot, addPackagesToLinkSlot]) {
     // const packageManager = new PackageManagerLegacy(config.packageManager, logger);
     const logger = loggerExt.createLogger(_dependencyResolver().DependencyResolverAspect.id);
@@ -1662,5 +1719,8 @@ function rangeToVersion(range) {
   }
   return range;
 }
+function isRootPolicy(dep) {
+  return dep.source === 'rootPolicy';
+}
 
 //# sourceMappingURL=dependency-resolver.main.runtime.js.map