Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Allow security updates of lock files for unconstrained dependencies #27331

Merged
merged 8 commits into from
Feb 22, 2024

Conversation

not7cd
Copy link
Contributor

@not7cd not7cd commented Feb 15, 2024

Changes

Allow updates through update-lockfile for dependencies that don't have set current version, and have only locked version. More holistic fix would include setting >=*fixed version* for unconstrained deps if rangeStrategy='bump'

Context

Deps with only locked version are a consequence of unconstrained dependencies.
Minimal reproduction repo (already tested with this fix): https://github.com/icetek-lab/renovate-bug4

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

@not7cd not7cd requested a review from viceice February 16, 2024 18:03
@not7cd
Copy link
Contributor Author

not7cd commented Feb 16, 2024

Something unrelated broke in tests after my addition

@not7cd not7cd requested a review from viceice February 19, 2024 10:58
@viceice viceice added this pull request to the merge queue Feb 22, 2024
Merged via the queue into renovatebot:main with commit 5279c91 Feb 22, 2024
35 checks passed
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 37.206.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants