Closed
Conversation
== Background The current branch and recent tags fail buils due to npm ci failing with these errors: ... npm error Invalid: lock file's @volar/language-core@2.4.20 does not satisfy @volar/language-core@2.4.22 npm error Invalid: lock file's @volar/source-map@2.4.20 does not satisfy @volar/source-map@2.4.22 ... After installing the dependencies using npm install for diagnosis, running npm why showed the dependency graph: @volar/language-core@2.4.11 dev custom-npms/nc-nextcloud-vue/node_modules/@volar/language-core ... The fact that this dependency originated from a transitive dependency and is not included in package.json is suspicious already, meaning we have no direct control over it by updating dependencies. Bisecting showed the error first appeared with the v31 merge 1a19b2f Builds prior this version install just fine. I suspect the merge conflict for package-lock.json was not correctly solved back then and left the package-lock semantically broken. == Approach to fix 1. Checkout upstream package* files prior to the merge (this commit) 2. Apply all changes compared to upstream again (next commit) == Command git checkout v31.0.6 -- package.json package-lock.json
thlehmann-ionos
force-pushed
the
tl/dev/fix-package-lock-1350
branch
3 times, most recently
from
f3c8552 to
becd273
Compare
Author
|
See
|
printminion-co
requested changes
Jul 30, 2025
printminion-co
left a comment
printminion-co
left a comment
There was a problem hiding this comment.
vue-material-design-icons is missing
thlehmann-ionos
force-pushed
the
tl/dev/fix-package-lock-1350
branch
from
ae818cc to
2a83a80
Compare
== Background The current branch and recent tags fail buils due to npm ci failing with these errors: ... npm error Invalid: lock file's @volar/language-core@2.4.20 does not satisfy @volar/language-core@2.4.22 npm error Invalid: lock file's @volar/source-map@2.4.20 does not satisfy @volar/source-map@2.4.22 ... After installing the dependencies using npm install for diagnosis, running npm why showed the dependency graph: @volar/language-core@2.4.11 dev custom-npms/nc-nextcloud-vue/node_modules/@volar/language-core ... The fact that this dependency originated from a transitive dependency and is not included in package.json is suspicious already, meaning we have no direct control over it by updating dependencies. Bisecting showed the error first appeared with the v31 merge 1a19b2f Builds prior this version install just fine. I suspect the merge conflict for package-lock.json was not correctly solved back then and left the package-lock semantically broken. == Previous commit In the previous commit we checked out the upstream package.json and package-lock.json, taking them as ground truth. == Approach to fix 1. Checkout upstream package* files prior to the merge (previous commit) 2. Apply all changes compared to upstream again (this commit) == Re-applying our customizations Previous merge was: 1a19b2f Merge tag 'v31.0.6' into tmp/update-to-v31.0.6-20250702100826 Our HEAD before merge was: 7e474f1 IONOS(simplesettings): submodule update (workflows, refactor core code) Determining the changes from our pre-merge revision to the current revision: git diff 7e474f1..HEAD -- package.json | grep 'file:' Changes from ours to v31.0.6: git diff 7e474f1..HEAD --no-ext-diff -- package.json | grep 'file:' - "@nextcloud/vue": "file:./custom-npms/nc-nextcloud-vue", - "vue-material-design-icons": "file:./custom-npms/nc-vue-material-design-icons/dist", - "@mdi/svg": "file:./custom-npms/nc-mdi-svg/dist", - "@mdi/js": "file:./custom-npms/nc-mdi-js" Install: $ rm -rf node_modules/ $ npm ci Change modules: - "@mdi/js": "^7.4.47", - "@mdi/svg": "^7.4.47", + "@mdi/js": "file:custom-npms/nc-mdi-js", + "@mdi/svg": "file:custom-npms/nc-mdi-svg/dist", - "@nextcloud/vue": "^8.27.0", + "@nextcloud/vue": "file:custom-npms/nc-nextcloud-vue", - "vue-material-design-icons": "^5.3.1", + "vue-material-design-icons": "file:custom-npms/nc-vue-material-design-icons/dist", Add overrides "vue-material-design-icons" : "$vue-material-design-icons", "@mdi/svg" : "$@mdi/svg", "@mdi/js" : "$@mdi/js", "@nextcloud/vue" : "$@nextcloud/vue" Re-install of overrides: $ npm install
thlehmann-ionos
force-pushed
the
tl/dev/fix-package-lock-1350
branch
from
2a83a80 to
437b054
Compare
Author
Fixed. |
Author
|
See
|
|
fixed via #209 with |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Background
The current branch and recent tags fail buils due to npm ci failing with
these errors:
After installing the dependencies using npm install for diagnosis,
running npm why showed the dependency graph:
The fact that this dependency originated from a transitive dependency and
is not included in package.json is suspicious already, meaning we have no
direct control over it by updating dependencies.
Bisecting showed the error first appeared with the v31 merge
Builds prior this version install just fine.
I suspect the merge conflict for package-lock.json was not correctly
solved back then and left the package-lock semantically broken.
Previous commit
In the previous commit we checked out the upstream package.json and
package-lock.json, taking them as ground trouth.
Approach to fix