Fix pnpm updater logic for devDependencies and others groups

dependabot · Jan 14, 2025 · 8874045 · 8874045
1 parent b39f1f8
commit 8874045
Showing 1 changed file with 40 additions and 1 deletion.
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb
@@ -104,14 +104,18 @@ def run_pnpm_update(pnpm_lock:)
 
               write_final_package_json_files
 
-              run_pnpm_install
+              # Avoid running `pnpm install` unless the experimental fix is enabled
+              return run_pnpm_install unless Dependabot::Experiments.enabled?(:enable_fix_for_pnpm_no_change_error)
 
               File.read(pnpm_lock.name)
             end
           end
         end
 
         def run_pnpm_updater
+          # Use the experimental updater if enabled
+          return run_pnpm_updater_v2 if Dependabot::Experiments.enabled?(:enable_fix_for_pnpm_no_change_error)
+
           dependency_updates = dependencies.map do |d|
             "#{d.name}@#{d.version}"
           end.join(" ")
@@ -122,6 +126,41 @@ def run_pnpm_updater
           )
         end
 
+        def run_pnpm_updater_v2
+          # Separate devDependencies and other dependencies
+          dev_dependencies = dependencies.select do |d|
+            d.requirements.any? { |req| req[:groups].include?("devDependencies") }
+          end
+
+          other_dependencies = dependencies.reject do |d|
+            d.requirements.any? { |req| req[:groups].include?("devDependencies") }
+          end
+
+          # Update devDependencies with the --save-dev flag
+          unless dev_dependencies.empty?
+            dev_dependency_updates = dev_dependencies.map { |d| "#{d.name}@#{d.version}" }.join(" ")
+            run_pnpm_update_command(dev_dependency_updates, dev_dependency: true)
+          end
+
+          # Update other dependencies without any flags
+          return if other_dependencies.empty?
+
+          other_dependency_updates = other_dependencies.map { |d| "#{d.name}@#{d.version}" }.join(" ")
+          run_pnpm_update_command(other_dependency_updates, dev_dependency: false)
+        end
+
+        def run_pnpm_update_command(dependency_updates, dev_dependency: false)
+          command = create_run_pnpm_updater_command(dependency_updates, dev_dependency: dev_dependency)
+          fingerprint = create_run_pnpm_updater_command("<dependency_updates>", dev_dependency: dev_dependency)
+
+          Helpers.run_pnpm_command(command, fingerprint: fingerprint)
+        end
+
+        def create_run_pnpm_updater_command(dependency_updates, dev_dependency: false)
+          flag = dev_dependency ? "--save-dev" : ""
+          "install #{dependency_updates} --lockfile-only --ignore-workspace-root-check #{flag}"
+        end
+
         def run_pnpm_install
           Helpers.run_pnpm_command(
             "install --lockfile-only"