Giters

renovatebot / config-help

Please use the Discussions feature of https://github.com/renovatebot/renovate instead

Home Page:https://github.com/renovatebot/renovate/discussions

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

npm v7 is not enforced

kochen opened this issue · comments

commented

What Renovate type, platform and version are you using?
We are using GitLab (CI) self-hosted version: 23.84.3 (latest of of this moment)

Describe the bug
We are trying to mak use of the new postUpgradeTasks for our nx based project and we execute these commands:

    {
      "groupName": "Nrwl NX (Workspace)",
      "groupSlug": "nrwl-nx",
      "postUpgradeTasks": {
        "commands": [
          "npm install",
          "npx nx migrate {{{toVersion}}}",
          "[ -f migrations.json ] && npm install && npx nx migrate --run-migrations=migrations.json"
        ],
        "fileFilters": ["**/**"]
      },
      "packageNames": [
        "@nrwl/workspace"
      ]
    },

Relevant debug logs

DEBUG: Executing command (repository=REPO, branch=renovate/nrwl-nx)
       "command": "npm install --package-lock-only --ignore-scripts --no-audit"
DEBUG: exec completed (repository=REPO, branch=renovate/nrwl-nx)
       "cmd": "npm install --package-lock-only --ignore-scripts --no-audit",
       "durationMs": 11454,
       "stdout": "added 2311 packages in 9.553s\n",
       "stderr": "npm WARN read-shrinkwrap This version of npm is compatible with lockfileVersion@1, but package-lock.json was generated for lockfileVersion@2. I'll try to do my best with it!\n"
DEBUG: ui/package-lock.json needs updating (repository=REPO, branch=renovate/nrwl-nx)
DEBUG: Updated 1 lock files (repository=REPO, branch=renovate/nrwl-nx)
       "updatedArtifacts": ["ui/package-lock.json"]

To Reproduce
As it seems, the project was so far updated with npm v6 or at least had a lockfileVersion@1:

  • Manually downgrade @nrwal/workspace (in packages.json) to be not the latest version
  • Update the packages-lock.json accordingly with npm v7
  • Run renovate

This will result in:

This version of npm is compatible with lockfileVersion@1, but package-lock.json was generated for lockfileVersion@2. I'll try to do my best with it!

Additional context

Is there a way to "force" renovate to use the newly added npm v7? See renovatebot/renovate#7700

commented

To Reproduce
As it seems, the project was so far updated with npm v6 or at least had a lockfileVersion@1:

  • Manually downgrade @nrwal/workspace (in packages.json) to be not the latest version
  • Update the packages-lock.json accordingly with npm v7
  • Run renovate

The issue was related to the manual/local refresh of the lock file with a different node (15) and npm (7) version.