From a67978f9593198796a37ba4e307c21071d7d2a6d Mon Sep 17 00:00:00 2001 From: Tim Keir Date: Wed, 23 Oct 2024 16:53:42 +1100 Subject: [PATCH] Disallow self referencing deps --- .yarn/versions/1157e53a.yml | 32 ++++++++++++++++++++ packages/yarnpkg-core/sources/Manifest.ts | 9 ++++++ packages/yarnpkg-core/tests/Manifest.test.ts | 11 +++++++ 3 files changed, 52 insertions(+) create mode 100644 .yarn/versions/1157e53a.yml diff --git a/.yarn/versions/1157e53a.yml b/.yarn/versions/1157e53a.yml new file mode 100644 index 000000000000..11300a475dea --- /dev/null +++ b/.yarn/versions/1157e53a.yml @@ -0,0 +1,32 @@ +releases: + "@yarnpkg/builder": patch + "@yarnpkg/cli": patch + "@yarnpkg/core": patch + "@yarnpkg/doctor": patch + "@yarnpkg/extensions": patch + "@yarnpkg/nm": patch + "@yarnpkg/plugin-compat": patch + "@yarnpkg/plugin-constraints": patch + "@yarnpkg/plugin-dlx": patch + "@yarnpkg/plugin-essentials": patch + "@yarnpkg/plugin-exec": patch + "@yarnpkg/plugin-file": patch + "@yarnpkg/plugin-git": patch + "@yarnpkg/plugin-github": patch + "@yarnpkg/plugin-http": patch + "@yarnpkg/plugin-init": patch + "@yarnpkg/plugin-interactive-tools": patch + "@yarnpkg/plugin-link": patch + "@yarnpkg/plugin-nm": patch + "@yarnpkg/plugin-npm": patch + "@yarnpkg/plugin-npm-cli": patch + "@yarnpkg/plugin-pack": patch + "@yarnpkg/plugin-patch": patch + "@yarnpkg/plugin-pnp": patch + "@yarnpkg/plugin-pnpm": patch + "@yarnpkg/plugin-stage": patch + "@yarnpkg/plugin-typescript": patch + "@yarnpkg/plugin-version": patch + "@yarnpkg/plugin-workspace-tools": patch + "@yarnpkg/pnpify": patch + "@yarnpkg/sdks": patch diff --git a/packages/yarnpkg-core/sources/Manifest.ts b/packages/yarnpkg-core/sources/Manifest.ts index fd70bb8333bf..e4c0814dcdea 100644 --- a/packages/yarnpkg-core/sources/Manifest.ts +++ b/packages/yarnpkg-core/sources/Manifest.ts @@ -871,6 +871,9 @@ export class Manifest { data.dependencies = Object.assign({}, ...structUtils.sortDescriptors(regularDependencies).map(dependency => { return {[structUtils.stringifyIdent(dependency)]: dependency.range}; })); + if (data.name && data.dependencies[data.name]) { + delete data.dependencies[data.name]; + } } else { delete data.dependencies; } @@ -887,6 +890,9 @@ export class Manifest { data.devDependencies = Object.assign({}, ...structUtils.sortDescriptors(this.devDependencies.values()).map(dependency => { return {[structUtils.stringifyIdent(dependency)]: dependency.range}; })); + if (data.name && data.devDependencies[data.name]) { + delete data.devDependencies[data.name]; + } } else { delete data.devDependencies; } @@ -895,6 +901,9 @@ export class Manifest { data.peerDependencies = Object.assign({}, ...structUtils.sortDescriptors(this.peerDependencies.values()).map(dependency => { return {[structUtils.stringifyIdent(dependency)]: dependency.range}; })); + if (data.name && data.peerDependencies[data.name]) { + delete data.peerDependencies[data.name]; + } } else { delete data.peerDependencies; } diff --git a/packages/yarnpkg-core/tests/Manifest.test.ts b/packages/yarnpkg-core/tests/Manifest.test.ts index 9b4141bef3fa..1030e619e06f 100644 --- a/packages/yarnpkg-core/tests/Manifest.test.ts +++ b/packages/yarnpkg-core/tests/Manifest.test.ts @@ -54,5 +54,16 @@ describe(`Manifest`, () => { const manifest = Manifest.fromText(`{ "name": "name", "bin": { "bin1": " ", "bin2": "./bin2.js" } }`); expect(manifest.exportTo({}).bin).toEqual({bin2: `./bin2.js`}); }); + + it(`should remove dependency if referencing itself`, () => { + const deps = `{ "bar": "^1.0.0", "foo": "^1.2.0" }`; + const manifest = Manifest.fromText(` + { "name": "foo", "dependencies": ${deps}, "devDependencies": ${deps}, "peerDependencies": ${deps} } + `); + const exportedManifest = manifest.exportTo({}); + expect(exportedManifest.dependencies).toEqual({bar: `^1.0.0`}); + expect(exportedManifest.devDependencies).toEqual({bar: `^1.0.0`}); + expect(exportedManifest.peerDependencies).toEqual({bar: `^1.0.0`}); + }); }); });