Resolve "NPM dependencies: Uploads with bundleDependencies = false"
What does this MR do?
When uploading npm packages, the backend expects all the dependencies type to be described as hashes but it's not always the case. See #198471 (closed).
This MR ensures that before extracting npm dependencies, these are properly described as a Hash
.
Screenshots
$ CI_JOB_TOKEN=XXXX npm publish
npm notice
npm notice 📦 @root/bananas@1.0.0-rc.3
npm notice === Tarball Contents ===
npm notice 1.1kB LICENSE
npm notice 12.2kB lib/api/attributes.js
npm notice 3.0kB lib/cheerio.js
npm notice 2.4kB lib/api/css.js
npm notice 2.5kB lib/api/forms.js
npm notice 170B index.js
npm notice 11.0kB lib/api/manipulation.js
npm notice 309B lib/options.js
npm notice 2.3kB lib/parse.js
npm notice 5.6kB lib/static.js
npm notice 11.1kB lib/api/traversing.js
npm notice 2.3kB lib/utils.js
npm notice 2.1kB package.json
npm notice 25.9kB History.md
npm notice 31.1kB Readme.md
npm notice === Tarball Details ===
npm notice name: @root/bananas
npm notice version: 1.0.0-rc.3
npm notice package size: 32.9 kB
npm notice unpacked size: 113.0 kB
npm notice shasum: 3cff207a972a4eafcc15783b163ad3bf7fe52905
npm notice integrity: sha512-IVDkmyab6evBS[...]NPNXDuIUezRWw==
npm notice total files: 15
npm notice
+ @root/bananas@1.0.0-rc.3
$ cat package.json | grep bundleDependencies
"bundleDependencies": false,
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
- [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
- [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Peter Leitzen