From f177aa7ee1c18906c496dcfcf901cb1bc3cb5ee8 Mon Sep 17 00:00:00 2001
From: Zoltan Kochan <zkochan@users.noreply.github.com>
Date: Thu, 21 Jan 2021 11:40:43 +0200
Subject: [PATCH] fix: lockfile flickering caused by build metadata (#3087)

close #2928
---
 package.json                               |  2 +-
 packages/lockfile-utils/package.json       |  2 +-
 packages/resolve-dependencies/package.json |  2 +-
 packages/supi/test/lockfile.ts             | 22 ++++++++++++++++++++++
 pnpm-lock.yaml                             | 20 ++++++++++----------
 5 files changed, 35 insertions(+), 13 deletions(-)

diff --git a/package.json b/package.json
index ff87333216..e64218b29d 100644
--- a/package.json
+++ b/package.json
@@ -23,7 +23,7 @@
     "@commitlint/prompt-cli": "^11.0.0",
     "@pnpm/eslint-config": "workspace:*",
     "@pnpm/meta-updater": "^0.0.0",
-    "@pnpm/registry-mock": "^2.2.2",
+    "@pnpm/registry-mock": "^2.3.0",
     "@pnpm/tsconfig": "workspace:*",
     "@types/jest": "^26.0.19",
     "@types/node": "^14.14.22",
diff --git a/packages/lockfile-utils/package.json b/packages/lockfile-utils/package.json
index e0a1d77c3a..76b13a4813 100644
--- a/packages/lockfile-utils/package.json
+++ b/packages/lockfile-utils/package.json
@@ -42,7 +42,7 @@
     "@pnpm/resolver-base": "workspace:7.1.0",
     "@pnpm/types": "workspace:6.3.1",
     "dependency-path": "workspace:5.1.0",
-    "get-npm-tarball-url": "^2.0.1",
+    "get-npm-tarball-url": "^2.0.2",
     "ramda": "^0.27.1"
   },
   "funding": "https://opencollective.com/pnpm"
diff --git a/packages/resolve-dependencies/package.json b/packages/resolve-dependencies/package.json
index d48b18bf37..de7b07cf50 100644
--- a/packages/resolve-dependencies/package.json
+++ b/packages/resolve-dependencies/package.json
@@ -44,7 +44,7 @@
     "@pnpm/types": "workspace:6.3.1",
     "dependency-path": "workspace:5.1.0",
     "encode-registry": "^3.0.0",
-    "get-npm-tarball-url": "^2.0.1",
+    "get-npm-tarball-url": "^2.0.2",
     "import-from": "^3.0.0",
     "path-exists": "^4.0.0",
     "ramda": "^0.27.1",
diff --git a/packages/supi/test/lockfile.ts b/packages/supi/test/lockfile.ts
index 166e987de8..171a098754 100644
--- a/packages/supi/test/lockfile.ts
+++ b/packages/supi/test/lockfile.ts
@@ -1242,3 +1242,25 @@ packages:
   const lockfile = await project.readLockfile()
   expect(lockfile.dependencies['dep-of-pkg-with-1-dep']).toBe('100.1.0')
 })
+
+// Covers https://github.com/pnpm/pnpm/issues/2928
+test('build metadata is always ignored in versions and the lockfile is not flickering because of them', async () => {
+  const project = prepareEmpty()
+
+  const manifest = await addDependenciesToPackage({},
+    [
+      '@monorepolint/cli@0.5.0-alpha.51',
+    ], await testDefaults({ lockfileOnly: true }))
+
+  const depPath = '/@monorepolint/core/0.5.0-alpha.51'
+  const initialLockfile = await project.readLockfile()
+  const initialPkgEntry = initialLockfile.packages[depPath]
+  expect(initialPkgEntry?.resolution).toStrictEqual({
+    integrity: 'sha512-ihFonHDppOZyG717OW6Bamd37mI2gQHjd09buTjbKhRX8NAHsTbRUKwp39ZYVI5AYgLF1eDlLpgOY4dHy2xGQw==',
+  })
+
+  await addDependenciesToPackage(manifest, ['is-positive'], await testDefaults({ lockfileOnly: true }))
+
+  const updatedLockfile = await project.readLockfile()
+  expect(initialPkgEntry).toStrictEqual(updatedLockfile.packages[depPath])
+})
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index b0f082956c..706b30b279 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -7,7 +7,7 @@ importers:
       '@commitlint/prompt-cli': 11.0.0
       '@pnpm/eslint-config': link:utils/eslint-config
       '@pnpm/meta-updater': 0.0.0
-      '@pnpm/registry-mock': 2.2.2
+      '@pnpm/registry-mock': 2.3.0
       '@pnpm/tsconfig': link:utils/tsconfig
       '@types/jest': 26.0.20
       '@types/node': 14.14.22
@@ -35,7 +35,7 @@ importers:
       '@commitlint/prompt-cli': ^11.0.0
       '@pnpm/eslint-config': workspace:*
       '@pnpm/meta-updater': ^0.0.0
-      '@pnpm/registry-mock': ^2.2.2
+      '@pnpm/registry-mock': ^2.3.0
       '@pnpm/tsconfig': workspace:*
       '@types/jest': ^26.0.19
       '@types/node': ^14.14.22
@@ -1059,7 +1059,7 @@ importers:
       '@pnpm/resolver-base': link:../resolver-base
       '@pnpm/types': link:../types
       dependency-path: link:../dependency-path
-      get-npm-tarball-url: 2.0.1
+      get-npm-tarball-url: 2.0.2
       ramda: 0.27.1
     devDependencies:
       '@pnpm/lockfile-utils': 'link:'
@@ -1076,7 +1076,7 @@ importers:
       '@types/js-yaml': ^4.0.0
       '@types/ramda': ^0.27.35
       dependency-path: workspace:5.1.0
-      get-npm-tarball-url: ^2.0.1
+      get-npm-tarball-url: ^2.0.2
       ramda: ^0.27.1
       tempy: ^1.0.0
       write-yaml-file: ^4.1.3
@@ -2598,7 +2598,7 @@ importers:
       '@pnpm/types': link:../types
       dependency-path: link:../dependency-path
       encode-registry: 3.0.0
-      get-npm-tarball-url: 2.0.1
+      get-npm-tarball-url: 2.0.2
       import-from: 3.0.0
       path-exists: 4.0.0
       ramda: 0.27.1
@@ -2631,7 +2631,7 @@ importers:
       '@types/semver': ^7.3.4
       dependency-path: workspace:5.1.0
       encode-registry: ^3.0.0
-      get-npm-tarball-url: ^2.0.1
+      get-npm-tarball-url: ^2.0.2
       import-from: ^3.0.0
       path-exists: ^4.0.0
       ramda: ^0.27.1
@@ -4281,7 +4281,7 @@ packages:
       node: '>=10.16'
     resolution:
       integrity: sha512-U0Mrg2UUl28OspWqggArUFcal5nVAM3K2+NW1+SpdOSbmpLruNMkL9dSM4wyfiaEz8T+EqKhE063FFrrUACQkw==
-  /@pnpm/registry-mock/2.2.2:
+  /@pnpm/registry-mock/2.3.0:
     dependencies:
       anonymous-npm-registry-client: 0.1.2
       cpr: 3.0.1
@@ -4295,7 +4295,7 @@ packages:
       node: '>=10.13'
     hasBin: true
     resolution:
-      integrity: sha512-RqtdO1dJw8F922Kt72B3kJiwTZAX4MVsT5u3X+8tCoI98BcsvBCzsoetnjQR4eD7mKqKMk9MDwUTV8SMSuDoWQ==
+      integrity: sha512-539rFHzTiEiqTbxo5GUH9x/eaM8l1gwNjWUrLr3xu87RVqXkdkhtwHJptkBsBi6AvbHSMk3kttN8HG9ukawaPw==
   /@pnpm/self-installer/2.1.0:
     dev: false
     engines:
@@ -8305,14 +8305,14 @@ packages:
       has-symbols: 1.0.1
     resolution:
       integrity: sha512-aeX0vrFm21ILl3+JpFFRNe9aUvp6VFZb2/CTbgLb8j75kOhvoNYjt9d8KA/tJG4gSo8nzEDedRl0h7vDmBYRVg==
-  /get-npm-tarball-url/2.0.1:
+  /get-npm-tarball-url/2.0.2:
     dependencies:
       normalize-registry-url: 1.0.0
     dev: false
     engines:
       node: '>=4'
     resolution:
-      integrity: sha512-POrVRGyS9X5w+855/H46JGVYBGuVgJXyIkbsTCzW+sv5x2qH+rfQjc7652DzkgOskF+cqLevA2En7V0hu0gZCg==
+      integrity: sha512-2dPhgT0K4pVyciTqdS0gr9nEwyCQwt9ql1/t5MCUMvcjWjAysjGJgT7Sx4n6oq3tFBjBN238mxX4RfTjT3838Q==
   /get-package-type/0.1.0:
     dev: true
     engines: