Update npm6 to allow for better semver
handling
#4460
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Often when using git, github or gitlab style
semver
dependencies with npm (ex,github:Brightspace/d2l-activity-alignments#semver:^2
) the tags/branches associated with the repository can be for the formv[major].[minor].[patch]
(common if following standardsemver
set-up s and automated tooling such assemantic-release
) or[major].[minor].[patch]
. Thesemver
keyword allows for variance of branch name allowingv3.0.0
and3.0.0
to be treated as the same version allowing these dependency checks to succeed. When not using thesemver
keyword in the dependency install command the resolved version will be treated as needing to be an exact match for a branch/tag name. This change adjust the install command used to update package lock file to include thesemver
keyword whenever it's present in the existing requirement which allows this variance in branch naming to be allowed. Once this change is done we also need to repair thefrom
properties of the installed dependencies since they will no longer match the existing requirement in thepackage.json
file (repairgithub:Brightspace/d2l-activity-alignments#semver:3.0.0
togithub:Brightspace/d2l-activity-alignments#semver:^3
).Example of something that wouldn't work before
The
github:Brightspace/d2l-activity-alignments#semver:^2
dependency is attempting to be updated togithub:Brightspace/d2l-activity-alignments#semver:^3
which results in the install command ofThis causes a git error since the branch on the target repository is
v3.0.0
.After change
The
github:Brightspace/d2l-activity-alignments#semver:^2
dependency is attempting to be updated togithub:Brightspace/d2l-activity-alignments#semver:^3
which results in the install command ofThis succeeds even though the tag name is
v3.0.0
.Notes
Repository used for testing of changes along side existing tests https://github.com/devpow112/dependabot-core-test. This would just throw errors when trying to run dependabot