getCurrentDependencies: Guard comparison of duplicates (#893).

raineorshine · May 15, 2021 · a1ad7c9 · a1ad7c9
1 parent 486535f
commit a1ad7c9
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 8 deletions.
diff --git a/lib/versionmanager.js b/lib/versionmanager.js
@@ -298,6 +298,14 @@ async function upgradePackageData(pkgData, oldDependencies, newDependencies, new
   return { newPkgData, selectedNewDependencies }
 }
 
+/** Returns true if spec1 is greater than spec2, ignoring invalid version ranges. */
+const isGreaterThanSafe = (spec1, spec2) =>
+  // not a valid range to compare (e.g. github url)
+  semver.validRange(spec1) &&
+  semver.validRange(spec2) &&
+  // otherwise return true if spec2 is smaller than spec1
+  semver.gt(semver.minVersion(spec1), semver.minVersion(spec2))
+
 /**
  * Get the current dependencies from the package file.
  *
@@ -320,10 +328,10 @@ function getCurrentDependencies(pkgData = {}, options = {}) {
   // get all dependencies from the selected sections
   // if a dependency appears in more than one section, take the lowest version number
   const allDependencies = depSections.reduce((accum, depSection) => {
-    const isLessThanAccum = (dep, spec) => !accum[dep] || semver.lt(spec, accum[dep])
+
     return {
       ...accum,
-      ...cint.filterObject(pkgData[depSection], isLessThanAccum)
+      ...cint.filterObject(pkgData[depSection], (dep, spec) => !isGreaterThanSafe(spec, accum[dep]))
     }
   }, {})
 

diff --git a/test/index.test.js b/test/index.test.js
@@ -774,31 +774,31 @@ describe('run', function () {
     const upgrades = await ncu.run({
       packageData: JSON.stringify({
         dependencies: {
-          'ncu-test-v2': '2.0.0'
+          'ncu-test-v2': '^2.0.0'
         },
         devDependencies: {
-          'ncu-test-v2': '1.0.0'
+          'ncu-test-v2': '^1.0.0'
         }
       })
     })
     upgrades.should.deep.equal({
-      'ncu-test-v2': '2.0.0'
+      'ncu-test-v2': '^2.0.0'
     })
   })
 
   it('update dependency when duplicate devDependency is up-to-date', async () => {
     const upgrades = await ncu.run({
       packageData: JSON.stringify({
         dependencies: {
-          'ncu-test-v2': '1.0.0'
+          'ncu-test-v2': '^1.0.0'
         },
         devDependencies: {
-          'ncu-test-v2': '2.0.0'
+          'ncu-test-v2': '^2.0.0'
         }
       })
     })
     upgrades.should.deep.equal({
-      'ncu-test-v2': '2.0.0'
+      'ncu-test-v2': '^2.0.0'
     })
   })