Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Smoke Tests for NPM 8 Fallback and Lockfile Version 3 with NPM 9 #235

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

kbukum1
Copy link
Contributor

@kbukum1 kbukum1 commented Oct 9, 2024

Purpose

This PR updates our smoke tests to align with recent changes in the Dependabot Core project, specifically PR #10757, which sets npm 8 as the default and fallback version under the npm_fallback_version_above_v6 feature flag and assigns lockfileVersion: 3 to npm 9. These changes ensure our tests reflect the supported npm versions (7, 8, and 9), with npm 8 as the fallback and compatibility adjustments for lockfile versioning under npm 9.

Key Updates

  • Updated smoke tests to validate functionality under npm 8 as the fallback version and lockfile version 3 with npm 9.
  • Adjusted test expectations for dependency fields and lockfile structures to match npm 8 and npm 9’s handling of dependencies, lockfile formats, and source URL representation.
  • Removed references to deprecated fields and structures specific to npm 6, aligning with the current support policy.

Why This is Important

Ensuring our smoke tests reflect npm 8 as the fallback and lockfile version 3 for npm 9 improves accuracy for projects without explicit npm versioning, providing reliable dependency resolution. These updates also validate the npm_fallback_version_above_v6 feature flag’s behavior, confirming that npm 8 is chosen as the fallback where applicable.

Additional Notes

  • Compatibility Validation: Tests confirm fallback behavior with npm 8 and lockfile versioning behavior with npm 9, focusing on dependency resolution and registry source handling.
  • Focus on Version-Specific Differences: Tests cover unique behaviors across npm versions 7, 8, and 9 while removing references to npm 6, ensuring alignment with our current support policy.

@kbukum1 kbukum1 requested a review from a team as a code owner October 9, 2024 19:00
@kbukum1 kbukum1 requested a review from abdulapopoola October 9, 2024 19:02
version: 1.1.0
directory: /npm/multi-dir/bar
updated-dependency-files:
- content: |
{
"name": "foo",
"version": "1.0.0",
"lockfileVersion": 3,
"lockfileVersion": 1,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this supposed to be 1?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, normally it shouldn't. I am checking it. Also there are problems I am solving then will let you know.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When running on 9, that is happening. I am trying to find out the reason.

@@ -283,8 +241,8 @@ output:
type: file
pr-title: Bump the npm_and_yarn group across 2 directories with 3 updates
pr-body: |
Bumps the npm_and_yarn group with 2 updates in the /npm/multi-dir/foo directory: @dependabot/dummy-pkg-b and [left-pad](https://github.com/stevemao/left-pad).
Bumps the npm_and_yarn group with 2 updates in the /npm/multi-dir/bar directory: [left-pad](https://github.com/stevemao/left-pad) and @dependabot/dummy-pkg-a.
Bumps the npm_and_yarn group with 1 update in the /npm/multi-dir/foo directory: @dependabot/dummy-pkg-b.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this a grouped updates bug?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants