fix(npm): extract pnpm overrides with version ranges correctly (#33727)

renovatebot · Jan 24, 2025 · 1dcb7cc · 1dcb7cc
1 parent 68ce0ed
commit 1dcb7cc
Show file tree

Hide file tree

Showing 5 changed files with 160 additions and 2 deletions.
diff --git a/lib/modules/manager/npm/extract/common/package-file.ts b/lib/modules/manager/npm/extract/common/package-file.ts
@@ -1,3 +1,4 @@
+import { parsePkgAndParentSelector } from '@pnpm/parse-overrides';
 import is from '@sindresorhus/is';
 import { CONFIG_VALIDATION } from '../../../../../constants/error-messages';
 import { logger } from '../../../../../logger';
@@ -91,7 +92,8 @@ export function extractPackageJson(
             )) {
               if (is.string(overridesVal)) {
                 // Newer flat syntax: `parent>parent>child`
-                const packageName = overridesKey.split('>').pop()!;
+                const packageName =
+                  parsePkgAndParentSelector(overridesKey).targetPkg.name;
                 dep = {
                   depName: overridesKey,
                   packageName,

diff --git a/lib/modules/manager/npm/extract/index.spec.ts b/lib/modules/manager/npm/extract/index.spec.ts
@@ -1027,6 +1027,87 @@ describe('modules/manager/npm/extract/index', () => {
         ],
       });
     });
+
+    it('extracts dependencies from pnpm.overrides, with version ranges in flat syntax', async () => {
+      const content = codeBlock`{
+        "pnpm": {
+          "overrides": {
+            "foo>bar": "2.0.0",
+            "[email protected]": "2.0.0",
+            "foo@>1.0.0": "2.0.0",
+            "foo@>=1.0.0": "2.0.0",
+            "[email protected]>bar": "2.0.0",
+            "foo@>1.0.0>bar": "2.0.0",
+            "foo@>=1.0.0 <2.0.0": ">=2.0.0"
+          }
+        }
+      }`;
+      const res = await npmExtract.extractPackageFile(
+        content,
+        'package.json',
+        defaultExtractConfig,
+      );
+      expect(res).toMatchObject({
+        deps: [
+          {
+            currentValue: '2.0.0',
+            datasource: 'npm',
+            depName: 'foo>bar',
+            depType: 'pnpm.overrides',
+            packageName: 'bar',
+            prettyDepType: 'overrides',
+          },
+          {
+            currentValue: '2.0.0',
+            datasource: 'npm',
+            depName: '[email protected]',
+            depType: 'pnpm.overrides',
+            packageName: 'foo',
+            prettyDepType: 'overrides',
+          },
+          {
+            currentValue: '2.0.0',
+            datasource: 'npm',
+            depName: 'foo@>1.0.0',
+            depType: 'pnpm.overrides',
+            packageName: 'foo',
+            prettyDepType: 'overrides',
+          },
+          {
+            currentValue: '2.0.0',
+            datasource: 'npm',
+            depName: 'foo@>=1.0.0',
+            depType: 'pnpm.overrides',
+            packageName: 'foo',
+            prettyDepType: 'overrides',
+          },
+          {
+            currentValue: '2.0.0',
+            datasource: 'npm',
+            depName: '[email protected]>bar',
+            depType: 'pnpm.overrides',
+            packageName: 'bar',
+            prettyDepType: 'overrides',
+          },
+          {
+            currentValue: '2.0.0',
+            datasource: 'npm',
+            depName: 'foo@>1.0.0>bar',
+            depType: 'pnpm.overrides',
+            packageName: 'bar',
+            prettyDepType: 'overrides',
+          },
+          {
+            currentValue: '>=2.0.0',
+            datasource: 'npm',
+            depName: 'foo@>=1.0.0 <2.0.0',
+            depType: 'pnpm.overrides',
+            packageName: 'foo',
+            prettyDepType: 'overrides',
+          },
+        ],
+      });
+    });
   });
 
   describe('.extractAllPackageFiles()', () => {

diff --git a/lib/modules/manager/npm/readme.md b/lib/modules/manager/npm/readme.md
@@ -7,6 +7,9 @@ The following `depTypes` are currently supported by the npm manager :
 - `engines` : Renovate will update any `node`, `npm` and `yarn` version specified under `engines`.
 - `volta` : Renovate will update any `node`, `npm`, `pnpm` and `yarn` version specified under `volta`.
 - `packageManager`
+- `overrides`
+- `resolutions`
+- `pnpm.overrides`
 
 ### Yarn
 

diff --git a/package.json b/package.json
@@ -162,6 +162,7 @@
     "@opentelemetry/sdk-trace-base": "1.30.1",
     "@opentelemetry/sdk-trace-node": "1.30.1",
     "@opentelemetry/semantic-conventions": "1.28.0",
+    "@pnpm/parse-overrides": "1000.0.1",
     "@qnighy/marshal": "0.1.3",
     "@renovatebot/detect-tools": "1.1.0",
     "@renovatebot/kbpgp": "4.0.1",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml