Improve support for PNPM 9 #9687
Conversation
|
@robaiken it seems that the corepack version is always the version getting used and the |
| else | ||
| 6 | ||
| pnpm_version.to_i |
There was a problem hiding this comment.
This assumes that the lockfile version will always match the pnpm version.
It is unsafe and probably wrong.
There was a problem hiding this comment.
OK, but that's the current state of things, right? This is a better version of what is currently already "unsafe and probably wrong", right?
There was a problem hiding this comment.
What's unsafe or wrong with this exactly ?
if pnpm_lockfile_version(pnpm_lock).to_f >= 9.0
9
elsif pnpm_lockfile_version(pnpm_lock).to_f >= 6.0
8
elsif pnpm_lockfile_version(pnpm_lock).to_f >= 5.4
7
else
6
endThere was a problem hiding this comment.
What's unsafe or wrong with this exactly ?
- Given
pnpm_lockfile_version(pnpm_lock).to_f == 10, then it will use version9 - Given
pnpm_lockfile_version(pnpm_lock).to_f == 42, then it will use version9 - Given
pnpm_lockfile_version(pnpm_lock).to_f == 8576309, then it will use version9
Invert the logic, and you can future proof it. It makes no sense to constrain it the way it is.
|
@robaiken hello, can this get more attention please? pnpm support has been broken for almost a month now. |
npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb
Outdated
Show resolved
Hide resolved
| expect(lockfile.content).to include("/lodash@1.3.1:") | ||
| expect(lockfile.content).to include("/lodash").once | ||
| expect(lockfile.content).to include("lodash@1.3.1:") | ||
| expect(lockfile.content).to include("lodash").exactly(5) |
There was a problem hiding this comment.
What's causing the lockfile to contain this dep 5 times in this new version?
b01128d to
e9ac160
Compare
|
this has been replaced by: #10073 |
No description provided.