fix: handle dependencies where the new version is out-of-range

Author: David Sveningsson

package-lock.json

@@ -89,6 +89,7 @@
     "@jest/globals": "29.7.0",
     "@types/jest": "29.5.14",
     "@types/npmlog": "7.0.0",
+    "@types/semver": "7.5.8",
     "babel-plugin-transform-import-meta": "2.3.2",
     "esbuild": "0.25.0",
     "jest": "29.7.0",

package.json

@@ -4,7 +4,7 @@ import { existsSync } from "node:fs";
 import { format } from "node:util";
 import { execa } from "execa";
 import npmVersion from "libnpmversion";
-import semverParse from "semver/functions/parse.js";
+import { parse as semverParse, satisfies as semverSatisfies, validRange } from "semver";
 import { Package } from "./lerna/package";
 import { Project } from "./lerna/project";
 import getChangedPackages from "./get-changed-packages.js";
@@ -113,6 +113,7 @@ async function updateLockfile(npmrc, pkg, context) {
  * @param {Record<string, string>} currentVersions
  * @returns {void}
  */
+/* eslint-disable-next-line complexity, sonarjs/cognitive-complexity -- hard to refactor into something much more readable */
 function bumpDependency(dependencies, newVersion, currentVersions) {
 	const newParsed = semverParse(newVersion);
 	if (!newParsed) {
@@ -132,21 +133,37 @@ function bumpDependency(dependencies, newVersion, currentVersions) {
 		/* Exact versions */
 		if (range === version) {
 			dependencies[dep] = newVersion;
+			continue;
 		}
 
 		/* Hat ^x.y.z */
 		if (range === `^${version}`) {
 			dependencies[dep] = `^${newVersion}`;
+			continue;
 		}
 
 		/* Hat ^x.y */
 		if (range === `^${parsed.major}.${parsed.minor}`) {
 			dependencies[dep] = `^${newParsed.major}.${newParsed.minor}`;
+			continue;
 		}
 
 		/* Hat ^x */
 		if (range === `^${parsed.major}`) {
 			dependencies[dep] = `^${newParsed.major}`;
+			continue;
+		}
+
+		/* If the range is a a valid semver range but is no longer satisfied by the
+		 * new version forcibly update the range */
+		if (validRange(range)) {
+			const isSatisfied = semverSatisfies(newVersion, range);
+			if (!isSatisfied) {
+				const hat = range.startsWith("^") ? "^" : "";
+				const numComponents = Array.from(range).filter((it) => it === ".").length + 1;
+				const components = [newParsed.major, newParsed.minor, newParsed.patch];
+				dependencies[dep] = `${hat}${components.slice(0, numComponents).join(".")}`;
+			}
 		}
 	}
 }

src/prepare.js

@@ -479,6 +479,57 @@ it("Update package.json dependency when using hat", () => {
 	});
 });
 
+it("Update package.json dependency when new version is out of range", () => {
+	expect.assertions(1);
+	return withTempDir(async (cwd) => {
+		const npmrc = await temporaryFile({ name: ".npmrc" });
+		await createProject(cwd, "1.2.3");
+		const foo = await createPackage(
+			cwd,
+			"foo",
+			"1.2.3",
+			{
+				changed: true,
+			},
+			{
+				dependencies: {
+					a: "^1.1.0",
+					b: "^1.1",
+					c: "^1",
+				},
+			},
+		);
+
+		await createPackage(cwd, "a", "1.2.3", { changed: true });
+		await createPackage(cwd, "b", "1.2.3", { changed: true });
+		await createPackage(cwd, "c", "1.2.3", { changed: true });
+
+		await prepare(
+			npmrc,
+			{},
+			{
+				cwd,
+				env: {},
+				stdout: context.stdout,
+				stderr: context.stderr,
+				nextRelease: { version: "2.0.0" },
+				logger: context.logger,
+			},
+		);
+
+		// Verify dependency has been updated
+		expect(await readJson(foo.manifestLocation)).toEqual({
+			name: "foo",
+			version: "2.0.0",
+			dependencies: {
+				a: "^2.0.0",
+				b: "^2.0",
+				c: "^2",
+			},
+		});
+	});
+});
+
 it("Should not update other dependencies", () => {
 	expect.assertions(1);
 	return withTempDir(async (cwd) => {