fix(npm): better logs when transitive remediation is prevented

lib/manager/npm/update/locked-dependency/dep-constraints.ts

@@ -1,4 +1,5 @@
 import type { PackageJson } from 'type-fest';
+import { logger } from '../../../../logger';
 import { api as semver } from '../../../../versioning/npm';
 import type { PackageLockOrEntry, ParentDependency } from './types';
 
@@ -29,7 +30,10 @@ export function findDepConstraints(
   const { dependencies, requires, version } = lockEntry;
   if (parentDepName && requires) {
     const constraint = requires[depName];
-    if (constraint && semver.matches(currentVersion, constraint)) {
+    if (constraint) {
+      // istanbul ignore else
+      if (semver.isValid(constraint)) {
+        if (semver.matches(currentVersion, constraint)) {
           if (constraint === currentVersion) {
             // Workaround for old versions of npm which wrote the exact version in requires instead of the constraint
             requires[depName] = newVersion;
@@ -40,6 +44,13 @@ export function findDepConstraints(
             constraint,
           });
         }
+      } else {
+        logger.warn(
+          { parentDepName, depName, currentVersion, constraint },
+          'Parent constraint is invalid'
+        );
+      }
+    }
   }
   if (dependencies) {
     for (const [packageName, dependency] of Object.entries(dependencies)) {

lib/manager/npm/update/locked-dependency/index.ts

@@ -89,7 +89,10 @@ export async function updateLockedDependency(
     );
     logger.trace({ deps: lockedDeps, constraints }, 'Matching details');
     if (!constraints.length) {
-      logger.warn('Could not find constraints for the locked dependency');
+      logger.info(
+        { depName, currentVersion, newVersion },
+        'Could not find constraints for the locked dependency - cannot remediate'
+      );
       return null;
     }
     const parentUpdates: UpdateLockedConfig[] = [];