fix(npm): better logs when transitive remediation is prevented

2025-01-13 15:36:25 +00:00 · 2021-05-14 12:44:02 +02:00 · 2021-05-14 12:44:02 +02:00 · 570ce0ccee
commit 570ce0ccee
parent c482661cf5
2 changed files with 24 additions and 10 deletions
--- a/lib/manager/npm/update/locked-dependency/dep-constraints.ts
+++ b/lib/manager/npm/update/locked-dependency/dep-constraints.ts
@ -1,4 +1,5 @@
 import type { PackageJson } from 'type-fest';
+import { logger } from '../../../../logger';
 import { api as semver } from '../../../../versioning/npm';
 import type { PackageLockOrEntry, ParentDependency } from './types';

@ -29,16 +30,26 @@ export function findDepConstraints(
  const { dependencies, requires, version } = lockEntry;
  if (parentDepName && requires) {
    const constraint = requires[depName];
-    if (constraint && semver.matches(currentVersion, constraint)) {
-      if (constraint === currentVersion) {
-        // Workaround for old versions of npm which wrote the exact version in requires instead of the constraint
-        requires[depName] = newVersion;
+    if (constraint) {
+      // istanbul ignore else
+      if (semver.isValid(constraint)) {
+        if (semver.matches(currentVersion, constraint)) {
+          if (constraint === currentVersion) {
+            // Workaround for old versions of npm which wrote the exact version in requires instead of the constraint
+            requires[depName] = newVersion;
+          }
+          parents.push({
+            parentDepName,
+            parentVersion: version,
+            constraint,
+          });
+        }
+      } else {
+        logger.warn(
+          { parentDepName, depName, currentVersion, constraint },
+          'Parent constraint is invalid'
+        );
      }
-      parents.push({
-        parentDepName,
-        parentVersion: version,
-        constraint,
-      });
    }
  }
  if (dependencies) {
--- a/lib/manager/npm/update/locked-dependency/index.ts
+++ b/lib/manager/npm/update/locked-dependency/index.ts
@ -89,7 +89,10 @@ export async function updateLockedDependency(
    );
    logger.trace({ deps: lockedDeps, constraints }, 'Matching details');
    if (!constraints.length) {
-      logger.warn('Could not find constraints for the locked dependency');
+      logger.info(
+        { depName, currentVersion, newVersion },
+        'Could not find constraints for the locked dependency - cannot remediate'
+      );
      return null;
    }
    const parentUpdates: UpdateLockedConfig[] = [];