Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm: support node constraints filtering #9264

Closed
rarkins opened this issue Mar 24, 2021 · 3 comments
Closed

npm: support node constraints filtering #9264

rarkins opened this issue Mar 24, 2021 · 3 comments
Labels
duplicate This issue is closed as a duplicate of another issue

Comments

@rarkins
Copy link
Collaborator

rarkins commented Mar 24, 2021

What would you like Renovate to be able to do?

Skip proposing package updates if they don't meet the engines.node constraints of the package.json being updated.

Did you already have any implementation ideas?

I thought for sure this has been discussed in an issue before, and I recall a back and forth with @ljharb on it, however I cannot find any existing issue so creating this one.

If the repo package.json has no engines.node constraint then this is not applicable.

If the package's updated release(s) contain no engines.node constraints then this is also not applicable.

This is applicable if both the repo package.json and the newer versions package.json contain node constraints.

Here's what I propose:

  • As done already, we extract constraints.node during npm manager extraction, and this gets passed through to the datasource lookup
  • The npm datasource should be "constraint agnostic" and return all releases, but make sure to include constraints.node with each release if applicable
  • Renovate should then do this evaluation:
  • Query and cache (perhaps hourly) a list of all Node.js versions
  • Filter the full node.js release list again the repo's constraint, and then against each release's constraint. Results for these constraints can also be cached for the period as an optimization.
  • If the release's list is not a superset of the repository's release list (e.g. the repo needs to support node 10 but the new release does not) then the release is marked with skipReason: "incompatible" and not proposed as an update

The idea is that Renovate does not propose npm dependency updates unless they are compatible with the engines.node specified in the package.json.

One edge case I can think of: what if the current version in the package.json is already not compatible with the engines.node value in the same package.json? Should we skip this constraints check altogether and log a WARN instead?

Another edge case: what if it's a git/github npm dependency instead of npm? Today we don't dig into the package.json to extract a constraint, and I'm not sure we want to make that requirement of the v1 of this feature.
@rarkins rarkins added type:feature Feature (new functionality) priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others manager:npm package.json files (npm/yarn/pnpm) status:requirements Full requirements are not yet known, so implementation should not be started datasource:npm labels Mar 24, 2021
@HonkingGoose
Copy link
Collaborator

I guess https://github.com/renovatebot/renovate/issues/2443 and #4826 are related as well?

@rarkins
Copy link
Collaborator Author

rarkins commented Mar 24, 2021

Yes, it's #4826! Somehow that escaped my issue searches. I'll close this as a duplicate.

@rarkins rarkins closed this as completed Mar 24, 2021
@rarkins rarkins added duplicate This issue is closed as a duplicate of another issue and removed datasource:npm manager:npm package.json files (npm/yarn/pnpm) priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others status:requirements Full requirements are not yet known, so implementation should not be started type:feature Feature (new functionality) labels Mar 24, 2021
@HonkingGoose
Copy link
Collaborator

Yay! I finally linked the proper issue for once! 😄 🚀

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 24, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
duplicate This issue is closed as a duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rarkins @HonkingGoose