Merge pull request #4690 from g-chao/chao/fix

[rush-lib] Upgrade pnpm-sync-lib and fix an edge case that integrity could be none in _disallowInsecureSha1 logic
microsoft · May 10, 2024 · 890322a · 890322a
2 parents fb711c1 + 8dad71c
commit 890322a
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 14 deletions.
diff --git a/common/changes/@microsoft/rush/chao-fix_2024-05-09-23-55.json b/common/changes/@microsoft/rush/chao-fix_2024-05-09-23-55.json
@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@microsoft/rush",
+      "comment": "Fix an edge case that integrity could be none in _disallowInsecureSha1 logic",
+      "type": "none"
+    }
+  ],
+  "packageName": "@microsoft/rush"
+}
diff --git a/common/config/rush/version-policies.json b/common/config/rush/version-policies.json
@@ -103,7 +103,7 @@
     "policyName": "rush",
     "definitionName": "lockStepVersion",
     "version": "5.124.0",
-    "nextBump": "minor",
+    "nextBump": "patch",
     "mainProject": "@microsoft/rush"
   }
 ]
diff --git a/common/config/subspaces/default/pnpm-lock.yaml b/common/config/subspaces/default/pnpm-lock.yaml
diff --git a/common/config/subspaces/default/repo-state.json b/common/config/subspaces/default/repo-state.json
@@ -1,5 +1,5 @@
 // DO NOT MODIFY THIS FILE MANUALLY BUT DO COMMIT IT. It is generated and used by Rush.
 {
-  "pnpmShrinkwrapHash": "84413150c512b92dfbc986fab412bca06be42ab1",
+  "pnpmShrinkwrapHash": "4b7734088f9537c4644d58706e7a1e2cbb41b5d3",
   "preferredVersionsHash": "ce857ea0536b894ec8f346aaea08cfd85a5af648"
 }
diff --git a/libraries/rush-lib/package.json b/libraries/rush-lib/package.json
@@ -57,7 +57,7 @@
     "tar": "~6.2.1",
     "true-case-path": "~2.2.1",
     "uuid": "~8.3.2",
-    "pnpm-sync-lib": "0.2.4"
+    "pnpm-sync-lib": "0.2.5"
   },
   "devDependencies": {
     "@pnpm/logger": "4.0.0",

diff --git a/libraries/rush-lib/src/logic/pnpm/PnpmShrinkwrapFile.ts b/libraries/rush-lib/src/logic/pnpm/PnpmShrinkwrapFile.ts
@@ -347,17 +347,17 @@ export class PnpmShrinkwrapFile extends BaseShrinkwrapFile {
     exemptPackageVersions: Record<string, string[]>,
     terminal: ITerminal
   ): boolean {
-    const exmeptPackageList: Map<string, boolean> = new Map();
+    const exemptPackageList: Map<string, boolean> = new Map();
     for (const [pkgName, versions] of Object.entries(exemptPackageVersions)) {
       for (const version of versions) {
-        exmeptPackageList.set(this._getPackageId(pkgName, version), true);
+        exemptPackageList.set(this._getPackageId(pkgName, version), true);
       }
     }
 
     for (const [pkgName, { resolution }] of this.packages) {
       if (
-        resolution?.integrity.startsWith('sha1') &&
-        !exmeptPackageList.has(this._parseDependencyPath(pkgName))
+        resolution?.integrity?.startsWith('sha1') &&
+        !exemptPackageList.has(this._parseDependencyPath(pkgName))
       ) {
         terminal.writeErrorLine(
           'Error: An integrity field with "sha1" was found in pnpm-lock.yaml;' +