feat: lockfile v3 (#20424)

Details: https://github.com/denoland/deno_lockfile/pull/8

8 files changed, 62 insertions, 52 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 8ac3a1c16..d538c3dd0 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1335,9 +1335,9 @@ dependencies = [
 
 [[package]]
 name = "deno_lockfile"
-version = "0.16.2"
+version = "0.17.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1038f33740cd29127efa0f7858a869cef5df6baed7fd97c1c0db19213b11f5ef"
+checksum = "c7673d66847223bd4115075a96b0699da71b1755524aeb3956f0a3edf3af3217"
 dependencies = [
  "ring",
  "serde",
@@ -1441,9 +1441,9 @@ dependencies = [
 
 [[package]]
 name = "deno_npm"
-version = "0.13.0"
+version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f4f1ce6bc2738c0068f205cef30b33d46103f65a26031affcd8c3994db0ca51"
+checksum = "48ec636e8e1a92cb70b2451d9450698f1738f973b0436fe195cb934a51dcdb01"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -2073,9 +2073,9 @@ dependencies = [
 
 [[package]]
 name = "eszip"
-version = "0.51.0"
+version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15bfd903f4d76ae830b12b5b159d38d8def03e21be1bb93ad631d522b1191573"
+checksum = "4baf8c2353535c8ba042249c73b80d289c2ea82cd1eee4838560fa96b77dc392"
 dependencies = [
  "anyhow",
  "base64 0.21.2",
diff --git a/Cargo.toml b/Cargo.toml
index 54dce6f7f..167a51960 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -46,9 +46,9 @@ deno_runtime = { version = "0.126.0", path = "./runtime" }
 napi_sym = { version = "0.48.0", path = "./cli/napi/sym" }
 deno_bench_util = { version = "0.112.0", path = "./bench_util" }
 test_util = { path = "./test_util" }
-deno_lockfile = "0.16.2"
+deno_lockfile = "0.17.1"
 deno_media_type = { version = "0.1.1", features = ["module_specifier"] }
-deno_npm = "0.13.0"
+deno_npm = "0.14.0"
 deno_semver = "0.4.0"
 
 # exts
diff --git a/cli/Cargo.toml b/cli/Cargo.toml
index 84ecf7ac5..fceaeccac 100644
--- a/cli/Cargo.toml
+++ b/cli/Cargo.toml
@@ -58,7 +58,7 @@ deno_npm.workspace = true
 deno_runtime = { workspace = true, features = ["dont_create_runtime_snapshot", "exclude_runtime_main_js", "include_js_files_for_snapshotting"] }
 deno_semver.workspace = true
 deno_task_shell = "=0.13.2"
-eszip = "=0.51.0"
+eszip = "=0.52.0"
 napi_sym.workspace = true
 
 async-trait.workspace = true
diff --git a/cli/npm/resolution.rs b/cli/npm/resolution.rs
index d097f8cd4..73e27f487 100644
--- a/cli/npm/resolution.rs
+++ b/cli/npm/resolution.rs
@@ -369,13 +369,16 @@ fn populate_lockfile_from_snapshot(
   snapshot: &NpmResolutionSnapshot,
 ) -> Result<(), AnyError> {
   for (package_req, nv) in snapshot.package_reqs() {
-    lockfile.insert_npm_specifier(
-      package_req.to_string(),
-      snapshot
-        .resolve_package_from_deno_module(nv)
-        .unwrap()
-        .id
-        .as_serialized(),
+    lockfile.insert_package_specifier(
+      format!("npm:{}", package_req),
+      format!(
+        "npm:{}",
+        snapshot
+          .resolve_package_from_deno_module(nv)
+          .unwrap()
+          .id
+          .as_serialized()
+      ),
     );
   }
   for package in snapshot.all_packages_for_every_system() {
diff --git a/cli/tests/integration/check_tests.rs b/cli/tests/integration/check_tests.rs
index 253ccf767..402f683c8 100644
--- a/cli/tests/integration/check_tests.rs
+++ b/cli/tests/integration/check_tests.rs
@@ -370,9 +370,9 @@ fn npm_module_check_then_error() {
     lockfile.read_json::<deno_lockfile::LockfileContent>();
 
   // make the specifier resolve to version 1
-  lockfile_content.npm.specifiers.insert(
-    "@denotest/breaking-change-between-versions".to_string(),
-    "@denotest/breaking-change-between-versions@1.0.0".to_string(),
+  lockfile_content.packages.specifiers.insert(
+    "npm:@denotest/breaking-change-between-versions".to_string(),
+    "npm:@denotest/breaking-change-between-versions@1.0.0".to_string(),
   );
   lockfile.write_json(&lockfile_content);
   temp_dir.write(
@@ -385,9 +385,9 @@ fn npm_module_check_then_error() {
 
   // now update the lockfile to use version 2 instead, which should cause a
   // type checking error because the oldName no longer exists
-  lockfile_content.npm.specifiers.insert(
-    "@denotest/breaking-change-between-versions".to_string(),
-    "@denotest/breaking-change-between-versions@2.0.0".to_string(),
+  lockfile_content.packages.specifiers.insert(
+    "npm:@denotest/breaking-change-between-versions".to_string(),
+    "npm:@denotest/breaking-change-between-versions@2.0.0".to_string(),
   );
   lockfile.write_json(&lockfile_content);
 
diff --git a/cli/tests/integration/npm_tests.rs b/cli/tests/integration/npm_tests.rs
index 1352777d2..f9746f508 100644
--- a/cli/tests/integration/npm_tests.rs
+++ b/cli/tests/integration/npm_tests.rs
@@ -1261,7 +1261,7 @@ fn lock_file_missing_top_level_package() {
       "\n",
       "Caused by:\n",
       "    0: The lockfile is corrupt. You can recreate it with --lock-write\n",
-      "    1: Could not find referenced package 'cowsay@1.5.0' in the list of packages.\n"
+      "    1: Could not find 'cowsay@1.5.0' in the list of packages.\n"
     )
   );
 }
@@ -1280,13 +1280,12 @@ fn lock_file_lock_write() {
 
   // write a lock file with borked integrity
   let lock_file_content = r#"{
-  "version": "2",
-  "remote": {},
-  "npm": {
+  "version": "3",
+  "packages": {
     "specifiers": {
-      "cowsay@1.5.0": "cowsay@1.5.0"
+      "npm:cowsay@1.5.0": "npm:cowsay@1.5.0"
     },
-    "packages": {
+    "npm": {
       "ansi-regex@3.0.1": {
         "integrity": "sha512-+O9Jct8wf++lXxxFc4hc8LsjaSq0HFzzL7cVsw8pRDIPdjKD2mT4ytDZlLuSBZ4cLKZFXIrMGO7DbQCtMJJMKw==",
         "dependencies": {}
@@ -1472,7 +1471,8 @@ fn lock_file_lock_write() {
         }
       }
     }
-  }
+  },
+  "remote": {}
 }
 "#;
   temp_dir.write("deno.lock", lock_file_content);
@@ -1514,17 +1514,17 @@ fn auto_discover_lock_file() {
 
   // write a lock file with borked integrity
   let lock_file_content = r#"{
-    "version": "2",
-    "remote": {},
-    "npm": {
-      "specifiers": { "@denotest/bin": "@denotest/bin@1.0.0" },
-      "packages": {
+    "version": "3",
+    "packages": {
+      "specifiers": { "npm:@denotest/bin": "npm:@denotest/bin@1.0.0" },
+      "npm": {
         "@denotest/bin@1.0.0": {
           "integrity": "sha512-foobar",
           "dependencies": {}
         }
       }
-    }
+    },
+    "remote": {}
   }"#;
   temp_dir.write("deno.lock", lock_file_content);
 
diff --git a/cli/tests/integration/run_tests.rs b/cli/tests/integration/run_tests.rs
index dd5b346ae..0edfe1c48 100644
--- a/cli/tests/integration/run_tests.rs
+++ b/cli/tests/integration/run_tests.rs
@@ -993,7 +993,7 @@ fn lock_redirects() {
     .run()
     .skip_output_check();
   let initial_lockfile_text = r#"{
-  "version": "2",
+  "version": "3",
   "redirects": {
     "http://localhost:4546/run/001_hello.js": "http://localhost:4545/run/001_hello.js"
   },
@@ -1012,7 +1012,7 @@ fn lock_redirects() {
 
   // now try changing where the redirect occurs in the lockfile
   temp_dir.write("deno.lock", r#"{
-  "version": "2",
+  "version": "3",
   "redirects": {
     "http://localhost:4546/run/001_hello.js": "http://localhost:4545/echo.ts"
   },
@@ -1044,24 +1044,24 @@ fn lock_redirects() {
   util::assertions::assert_wildcard_match(
     &temp_dir.read_to_string("deno.lock"),
     r#"{
-  "version": "2",
-  "redirects": {
-    "http://localhost:4546/run/001_hello.js": "http://localhost:4545/echo.ts"
-  },
-  "remote": {
-    "http://localhost:4545/echo.ts": "829eb4d67015a695d70b2a33c78b631b29eea1dbac491a6bfcf394af2a2671c2",
-    "http://localhost:4545/run/001_hello.js": "c479db5ea26965387423ca438bb977d0b4788d5901efcef52f69871e4c1048c5"
-  },
-  "npm": {
+  "version": "3",
+  "packages": {
     "specifiers": {
-      "@denotest/esm-basic": "@denotest/esm-basic@1.0.0"
+      "npm:@denotest/esm-basic": "npm:@denotest/esm-basic@1.0.0"
     },
-    "packages": {
+    "npm": {
       "@denotest/esm-basic@1.0.0": {
         "integrity": "sha512-[WILDCARD]",
         "dependencies": {}
       }
     }
+  },
+  "redirects": {
+    "http://localhost:4546/run/001_hello.js": "http://localhost:4545/echo.ts"
+  },
+  "remote": {
+    "http://localhost:4545/echo.ts": "829eb4d67015a695d70b2a33c78b631b29eea1dbac491a6bfcf394af2a2671c2",
+    "http://localhost:4545/run/001_hello.js": "c479db5ea26965387423ca438bb977d0b4788d5901efcef52f69871e4c1048c5"
   }
 }
 "#,
@@ -4515,9 +4515,16 @@ fn permission_prompt_strips_ansi_codes_and_control_chars() {
     console.write_line(
       r#"Deno.permissions.request({ name: "env", variable: "\rDo you like ice cream? y/n" });"#
     );
-    console.expect(
-      "┌ ⚠️  Deno requests env access to \"Do you like ice cream? y/n\".",
-    )
+    // will be uppercase on windows
+    let env_name = if cfg!(windows) {
+      "DO YOU LIKE ICE CREAM? Y/N"
+    } else {
+      "Do you like ice cream? y/n"
+    };
+    console.expect(format!(
+      "┌ ⚠️  Deno requests env access to \"{}\".",
+      env_name
+    ))
   });
 
   util::with_pty(&["repl"], |mut console| {
diff --git a/cli/tests/testdata/lockfile/no_dts/deno.lock.out b/cli/tests/testdata/lockfile/no_dts/deno.lock.out
index 9bf784113..6aa547e28 100644
--- a/cli/tests/testdata/lockfile/no_dts/deno.lock.out
+++ b/cli/tests/testdata/lockfile/no_dts/deno.lock.out
@@ -1,5 +1,5 @@
 {
-  "version": "2",
+  "version": "3",
   "remote": {
     "http://localhost:4545/lockfile/no_dts/mod.js": "3f576f37a301d298c3032eb1835240bd83f3762db26fc1d358c5d67088d6ffc8"
   }