From 1b3185c0055d6bfb9c50762779fe814bda185f8f Mon Sep 17 00:00:00 2001 From: Raine Revere Date: Mon, 28 Oct 2024 15:40:12 +0000 Subject: [PATCH] Guard against invalid peerDependencies semver range (#1467). --- src/lib/getIgnoredUpgradesDueToPeerDeps.ts | 12 ++++++++++-- src/lib/upgradePackageDefinitions.ts | 6 ++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/lib/getIgnoredUpgradesDueToPeerDeps.ts b/src/lib/getIgnoredUpgradesDueToPeerDeps.ts index 6bfa8ecc..73dba488 100644 --- a/src/lib/getIgnoredUpgradesDueToPeerDeps.ts +++ b/src/lib/getIgnoredUpgradesDueToPeerDeps.ts @@ -47,14 +47,22 @@ export async function getIgnoredUpgradesDueToPeerDeps( latestVersionResults[pkgName]?.version && !satisfies(latestVersionResults[pkgName].version!, peers[pkgName]), ) - .reduce((accumReason, [peerPkg, peers]) => ({ ...accumReason, [peerPkg]: peers[pkgName] }), {} as Index) + .reduce( + (accumReason, [peerPkg, peers]) => ({ + ...accumReason, + [peerPkg]: !validRange(peers[pkgName]) + ? `a range that semver does not understand: ${peers[pkgName]}. This range does not work with semver.satisfies or semver.intersects, which npm-check-updates relies on to determine peer dependency compatibility. Either this is a mistake in ${peerPkg}, or it relies on a new syntax that is not compatible with the semver package.` + : peers[pkgName], + }), + {} as Index, + ) if (Object.keys(reason).length === 0) { const peersOfPkg = upgradedPeerDependenciesLatest?.[pkgName] || {} reason = Object.entries(peersOfPkg) .filter( ([peer, peerSpec]) => upgradedPackagesWithPeerRestriction[peer] && - !intersects(upgradedPackagesWithPeerRestriction[peer], peerSpec), + !(!validRange(peerSpec) || intersects(upgradedPackagesWithPeerRestriction[peer], peerSpec)), ) .reduce( (accumReason, [peerPkg, peerSpec]) => ({ ...accumReason, [pkgName]: `${peerPkg} ${peerSpec}` }), diff --git a/src/lib/upgradePackageDefinitions.ts b/src/lib/upgradePackageDefinitions.ts index 51189195..86c9563d 100644 --- a/src/lib/upgradePackageDefinitions.ts +++ b/src/lib/upgradePackageDefinitions.ts @@ -1,5 +1,5 @@ import { dequal } from 'dequal' -import { intersects, satisfies } from 'semver' +import { intersects, satisfies, validRange } from 'semver' import { parse, parseRange } from 'semver-utils' import { Index } from '../types/IndexType' import { Options } from '../types/Options' @@ -36,7 +36,9 @@ const checkIfInPeerViolation = ( } return Object.entries(peerDeps).every( ([peer, peerSpec]) => - upgradedDependencies[peer] === undefined || intersects(upgradedDependencies[peer], peerSpec), + upgradedDependencies[peer] === undefined || + !validRange(peerSpec) || + intersects(upgradedDependencies[peer], peerSpec), ) }) const violated =