dependabot-npm_and_yarn 0.271.0 → 0.273.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f4f98b20f2112f6db686800d5b7e601a30cb2b11bdf128015086f9f4131d4fd1
-  data.tar.gz: d148ba0aaff4f8d57a4905a618dea6aee59250a03757e0adc4f49d3f3cc76235
+  metadata.gz: f50ca11122e4cb20467429d842d14a2f94ba49961bae91467427a9f5e5e527bd
+  data.tar.gz: 1e5cb3d387f9028704cbafdac219711f4fde4630398bc8372d41a0c0980bacaa
 SHA512:
-  metadata.gz: c55e404408f8ccb890dbc1fd3aba9035e92149ede65d296dc5a0b14bbd2c496ae9d418fb75a7ca39cd9bf7220c5c34b49c466f2686c0b5f0c038d4de56e71488
-  data.tar.gz: a52b4a47eae0cb7f5bb38dac5c9644ad59a45a74c55186e49c5691f194ba65145eec59bac04b37821355585e021237d9832f4eb0f280cce6f7df5be3f4a028fe
+  metadata.gz: 7f4db9619ad3e83704ff8761805ae2fb920c4573ce42a7c0cbf582fc10757bd7a8b1b5df85f781a253c5d4f9c47ff5323d40eb342f7a2f3e62aab269f66ebac6
+  data.tar.gz: 984b65763fa999cab20ca319dcd20406032bfda471612554a5ea1aa51cdc5d666bb31c444b487bf996e118f73b9cb8ba58b8d88615e04c1cfdf4f45f8bc4bad7

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb

@@ -74,9 +74,11 @@ module Dependabot
         INVALID_PACKAGE = /Can't install (?<package_req>.*): Missing/
         SOCKET_HANG_UP = /(?:request to )?(?<url>.*): socket hang up/
         ESOCKETTIMEDOUT = /(?<url>.*): ESOCKETTIMEDOUT/
+        UNABLE_TO_ACCESS = /unable to access '(?<url>.*)': Empty reply from server/
         UNABLE_TO_AUTH_NPMRC = /Unable to authenticate, need: Basic, Bearer/
         UNABLE_TO_AUTH_REGISTRY = /Unable to authenticate, need: *.*(Basic|BASIC) *.*realm="(?<url>.*)"/
         MISSING_AUTH_TOKEN = /401 Unauthorized - GET (?<url>.*) - authentication token not provided/
+        AUTH_REQUIRED_ERROR = /(?<url>.*): authentication required/
         INVALID_AUTH_TOKEN =
           /401 Unauthorized - GET (?<url>.*) - unauthenticated: User cannot be authenticated with the token provided./
         NPM_PACKAGE_REGISTRY = "https://npm.pkg.github.com"
@@ -88,8 +90,13 @@ module Dependabot
         EMPTY_OBJECT_ERROR = /Object for dependency "(?<package>.*)" is empty/
         ERROR_E401 = /code E401/
         ERROR_E403 = /code E403/
+        REQUEST_ERROR_E403 = /Request "(?<pkg>.*)" returned a 403/
         ERROR_EAI_AGAIN = /request to (?<url>.*) failed, reason: getaddrinfo EAI_AGAIN/
-        PACKAGE_DISCOVERY_FAIL = /Couldn't find package "(?<pkg>.*)" *.* on the "(?<regis>.*)" registry./
+
+        NPM_PACKAGE_NOT_FOUND_CODES = T.let([
+          /Couldn't find package "(?<pkg>.*)" on the "(?<regis>.*)" registry./,
+          /Couldn't find package "(?<pkg>.*)" required by "(?<dep>.*)" on the "(?<regis>.*)" registry./
+        ].freeze, T::Array[Regexp])
 
         # TODO: look into fixing this in npm, seems like a bug in the git
         # downloader introduced in npm 7
@@ -416,8 +423,9 @@ module Dependabot
                   "Error while updating peer dependency."
           end
 
-          if error_message.match?(ERROR_E401) || error_message.match?(ERROR_E403)
-            raise Dependabot::PrivateSourceAuthenticationFailure, error_message
+          if error_message.match?(ERROR_E401) || error_message.match?(ERROR_E403) || error_message.match?(REQUEST_ERROR_E403) || error_message.match?(AUTH_REQUIRED_ERROR) # rubocop:disable Layout/LineLength
+            url = T.must(URI.decode_www_form_component(error_message).split("https://").last).split("/").first
+            raise Dependabot::PrivateSourceAuthenticationFailure, url
           end
 
           if error_message.match?(MISSING_PACKAGE)
@@ -531,7 +539,8 @@ module Dependabot
             raise Dependabot::DependencyFileNotResolvable, msg
           end
 
-          if (git_source = error_message.match(SOCKET_HANG_UP) || error_message.match(ESOCKETTIMEDOUT))
+          if (git_source = error_message.match(SOCKET_HANG_UP) || error_message.match(ESOCKETTIMEDOUT) ||
+            error_message.match(UNABLE_TO_ACCESS))
             msg = sanitize_uri(git_source.named_captures.fetch("url"))
             raise Dependabot::PrivateSourceTimedOut, msg
           end
@@ -576,7 +585,10 @@ module Dependabot
             raise Dependabot::DependencyFileNotResolvable, msg
           end
 
-          raise Dependabot::DependencyFileNotResolvable, error_message if error_message.match(PACKAGE_DISCOVERY_FAIL)
+          package_errors = Regexp.union(NPM_PACKAGE_NOT_FOUND_CODES)
+          if (msg = error_message.match(package_errors))
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
 
           raise error
         end

data/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb

@@ -48,8 +48,10 @@ module Dependabot
         # ERR_PNPM_FETCH ERROR CODES
         ERR_PNPM_FETCH_401 = /ERR_PNPM_FETCH_401.*GET (?<dependency_url>.*):  - 401/
         ERR_PNPM_FETCH_403 = /ERR_PNPM_FETCH_403.*GET (?<dependency_url>.*):  - 403/
+        ERR_PNPM_FETCH_404 = /ERR_PNPM_FETCH_404.*GET (?<dependency_url>.*):  - 404/
         ERR_PNPM_FETCH_500 = /ERR_PNPM_FETCH_500.*GET (?<dependency_url>.*):  - 500/
         ERR_PNPM_FETCH_502 = /ERR_PNPM_FETCH_502.*GET (?<dependency_url>.*):  - 502/
+        ERR_PNPM_FETCH_503 = /ERR_PNPM_FETCH_503.*GET (?<dependency_url>.*):  - 503/
 
         # ERR_PNPM_UNSUPPORTED_ENGINE
         ERR_PNPM_UNSUPPORTED_ENGINE = /ERR_PNPM_UNSUPPORTED_ENGINE/
@@ -66,6 +68,16 @@ module Dependabot
         PLATFORM_VERSION_REQUIREMENT = /wanted {(?<supported_ver>.*)} \(current: (?<detected_ver>.*)\)/
         PLATFORM_PACAKGE_MANAGER = "pnpm"
 
+        INVALID_PACKAGE_SPEC = /Invalid package manager specification/
+
+        # Metadata inconsistent error codes
+        ERR_PNPM_META_FETCH_FAIL = /ERR_PNPM_META_FETCH_FAIL/
+        ERR_PNPM_BROKEN_METADATA_JSON = /ERR_PNPM_BROKEN_METADATA_JSON/
+
+        # Directory related error codes
+        ERR_PNPM_LINKED_PKG_DIR_NOT_FOUND = /ERR_PNPM_LINKED_PKG_DIR_NOT_FOUND*.*Could not install from \"(?<dir>.*)\" /
+        ERR_PNPM_WORKSPACE_PKG_NOT_FOUND = /ERR_PNPM_WORKSPACE_PKG_NOT_FOUND/
+
         def run_pnpm_update(pnpm_lock:)
           SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
             File.write(".npmrc", npmrc_content(pnpm_lock))
@@ -111,6 +123,8 @@ module Dependabot
 
         # rubocop:disable Metrics/AbcSize
         # rubocop:disable Metrics/PerceivedComplexity
+        # rubocop:disable Metrics/MethodLength
+        # rubocop:disable Metrics/CyclomaticComplexity
         def handle_pnpm_lock_updater_error(error, pnpm_lock)
           error_message = error.message
 
@@ -131,7 +145,8 @@ module Dependabot
           end
 
           [FORBIDDEN_PACKAGE, MISSING_PACKAGE, UNAUTHORIZED_PACKAGE, ERR_PNPM_FETCH_401,
-           ERR_PNPM_FETCH_403, ERR_PNPM_FETCH_500, ERR_PNPM_FETCH_502].each do |regexp|
+           ERR_PNPM_FETCH_403, ERR_PNPM_FETCH_404, ERR_PNPM_FETCH_500, ERR_PNPM_FETCH_502, ERR_PNPM_FETCH_503]
+            .each do |regexp|
             next unless error_message.match?(regexp)
 
             dependency_url = error_message.match(regexp).named_captures["dependency_url"]
@@ -147,6 +162,40 @@ module Dependabot
             raise Dependabot::DependencyFileNotResolvable, msg
           end
 
+          # TO-DO : investigate "packageManager" allowed regex
+          if error_message.match?(INVALID_PACKAGE_SPEC)
+            dependency_names = dependencies.map(&:name).join(", ")
+
+            msg = "Invalid package manager specification in package.json while resolving \"#{dependency_names}\"."
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
+          if error_message.match?(ERR_PNPM_META_FETCH_FAIL)
+
+            msg = error_message.split(ERR_PNPM_META_FETCH_FAIL).last
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
+          if error_message.match?(ERR_PNPM_WORKSPACE_PKG_NOT_FOUND)
+            dependency_names = dependencies.map(&:name).join(", ")
+
+            msg = "No package named \"#{dependency_names}\" present in workspace."
+            Dependabot.logger.warn(error_message)
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
+          if error_message.match?(ERR_PNPM_BROKEN_METADATA_JSON)
+            msg = "Error (ERR_PNPM_BROKEN_METADATA_JSON) while resolving \"pnpm-lock.yaml\" file."
+            Dependabot.logger.warn(error_message)
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
+          if error_message.match?(ERR_PNPM_LINKED_PKG_DIR_NOT_FOUND)
+            dir = error_message.match(ERR_PNPM_LINKED_PKG_DIR_NOT_FOUND).named_captures.fetch("dir")
+            msg = "Could not find linked package installation directory \"#{dir.split('/').last}\""
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
           raise_patch_dependency_error(error_message) if error_message.match?(ERR_PNPM_PATCH_NOT_APPLIED)
 
           raise_unsupported_engine_error(error_message, pnpm_lock) if error_message.match?(ERR_PNPM_UNSUPPORTED_ENGINE)
@@ -160,6 +209,8 @@ module Dependabot
         end
         # rubocop:enable Metrics/AbcSize
         # rubocop:enable Metrics/PerceivedComplexity
+        # rubocop:enable Metrics/MethodLength
+        # rubocop:enable Metrics/CyclomaticComplexity
 
         def raise_resolvability_error(error_message, pnpm_lock)
           dependency_names = dependencies.map(&:name).join(", ")

data/lib/dependabot/npm_and_yarn/file_updater.rb

@@ -30,26 +30,17 @@ module Dependabot
         end
       end
 
-      sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) }
-      def self.updated_files_regex(allowlist_enabled = false)
-        if allowlist_enabled
-          [
-            %r{^(?:.*\/)?package\.json$},
-            %r{^(?:.*\/)?package-lock\.json$},
-            %r{^(?:.*\/)?npm-shrinkwrap\.json$},
-            %r{^(?:.*\/)?yarn\.lock$},
-            %r{^(?:.*\/)?pnpm-lock\.yaml$}
-          ]
-        else
-          # Old regex. After 100% rollout of the allowlist, this will be removed.
-          [
-            /^package\.json$/,
-            /^package-lock\.json$/,
-            /^npm-shrinkwrap\.json$/,
-            /^yarn\.lock$/,
-            /^pnpm-lock\.yaml$/
-          ]
-        end
+      sig { override.returns(T::Array[Regexp]) }
+      def self.updated_files_regex
+        [
+          %r{^(?:.*/)?package\.json$},
+          %r{^(?:.*/)?package-lock\.json$},
+          %r{^(?:.*/)?npm-shrinkwrap\.json$},
+          %r{^(?:.*/)?yarn\.lock$},
+          %r{^(?:.*/)?pnpm-lock\.yaml$},
+          %r{^(?:.*/)?\.yarn/.*}, # Matches any file within the .yarn/ directory
+          %r{^(?:.*/)?\.pnp\.(?:js|cjs)$} # Matches .pnp.js or .pnp.cjs files
+        ]
       end
 
       sig { override.returns(T::Array[DependencyFile]) }

data/lib/dependabot/npm_and_yarn.rb

@@ -34,6 +34,7 @@ ErrorHandler = T.type_alias do
 end
 
 module Dependabot
+  # rubocop:disable Metrics/ModuleLength
   module NpmAndYarn
     NODE_VERSION_NOT_SATISFY_REGEX = /The current Node version (?<current_version>v?\d+\.\d+\.\d+) does not satisfy the required version (?<required_version>v?\d+\.\d+\.\d+)\./ # rubocop:disable Layout/LineLength
 
@@ -60,6 +61,16 @@ module Dependabot
 
     SOCKET_HANG_UP = /(?<url>.*?): socket hang up/
 
+    # Misc errors
+    EEXIST = /EEXIST: file already exists, mkdir '(?<regis>.*)'/
+
+    # registry access errors
+    REQUEST_ERROR_E403 = /Request "(?<url>.*)" returned a 403/ # Forbidden access to the URL.
+    AUTH_REQUIRED_ERROR = /(?<url>.*): authentication required/ # Authentication is required for the URL.
+    PERMISSION_DENIED = /(?<url>.*): Permission denied/ # Lack of permission to access the URL.
+    BAD_REQUEST = /(?<url>.*): bad_request/ # Inconsistent request while accessing resource.
+    INTERNAL_SERVER_ERROR = /Request failed "500 Internal Server Error"/ # Server error response by remote registry.
+
     # Used to identify git unreachable error
     UNREACHABLE_GIT_CHECK_REGEX = /ls-remote --tags --heads (?<url>.*)/
 
@@ -78,6 +89,8 @@ module Dependabot
     PACKAGE_NOT_FOUND_PACKAGE_NAME_CAPTURE = "package_req"
     PACKAGE_NOT_FOUND_PACKAGE_NAME_CAPTURE_SPLIT_REGEX = /(?<=\w)\@/
 
+    YARN_PACKAGE_NOT_FOUND_CODE = /npm package "(?<dep>.*)" does not exist under owner "(?<regis>.*)"/
+
     YN0035 = T.let({
       PACKAGE_NOT_FOUND: %r{(?<package_req>@[\w-]+\/[\w-]+@\S+): Package not found},
       FAILED_TO_RETRIEVE: %r{(?<package_req>@[\w-]+\/[\w-]+@\S+): The remote server failed to provide the requested resource} # rubocop:disable Layout/LineLength
@@ -96,6 +109,9 @@ module Dependabot
 
     DEPENDENCY_NO_VERSION_FOUND = "Couldn't find any versions"
 
+    # Manifest not found
+    MANIFEST_NOT_FOUND = /Cannot read properties of undefined \(reading '(?<file>.*)'\)/
+
     # Used to identify error if node_modules state file not resolved
     NODE_MODULES_STATE_FILE_NOT_FOUND = "Couldn't find the node_modules state file"
 
@@ -115,6 +131,33 @@ module Dependabot
 
     ENV_VAR_NOT_RESOLVABLE = /Failed to replace env in config: \$\{(?<var>.*)\}/
 
+    OUT_OF_DISKSPACE = / Out of diskspace/
+
+    # yarnrc.yml errors
+    YARNRC_PARSE_ERROR = /Parse error when loading (?<filename>.*?); /
+    YARNRC_ENV_NOT_FOUND = /Usage Error: Environment variable not found /
+    YARNRC_ENV_NOT_FOUND_REGEX = /Usage Error: Environment variable not found \((?<token>.*)\) in (?<filename>.*?) /
+    YARNRC_EAI_AGAIN = /getaddrinfo EAI_AGAIN/
+    YARNRC_ENOENT = /Internal Error: ENOENT/
+    YARNRC_ENOENT_REGEX = /Internal Error: ENOENT: no such file or directory, stat '(?<filename>.*?)'/
+
+    # if not package found with specified version
+    YARN_PACKAGE_NOT_FOUND = /MessageError: Couldn't find any versions for "(?<pkg>.*?)" that matches "(?<ver>.*?)"/
+
+    YN0001_FILE_NOT_RESOLVED_CODES = T.let({
+      FIND_PACKAGE_LOCATION: /YN0001:(.*?)UsageError: Couldn't find the (?<pkg>.*) state file/,
+      NO_CANDIDATE_FOUND: /YN0001:(.*?)Error: (?<pkg>.*): No candidates found/,
+      NO_SUPPORTED_RESOLVER: /YN0001:(.*?)Error: (?<pkg>.*) isn't supported by any available resolver/,
+      WORKSPACE_NOT_FOUND: /YN0001:(.*?)Error: (?<pkg>.*): Workspace not found/,
+      ENOENT: /YN0001:(.*?)Thrown Error: (?<pkg>.*) ENOENT/,
+      MANIFEST_NOT_FOUND: /YN0001:(.*?)Error: (?<pkg>.*): Manifest not found/,
+      LIBZIP_ERROR: /YN0001:(.*?)Libzip Error: Failed to open the cache entry for (?<pkg>.*): Not a zip archive/
+    }.freeze, T::Hash[String, Regexp])
+
+    YN0001_AUTH_ERROR_CODES = T.let({
+      AUTH_ERROR: /YN0001:*.*Fatal Error: could not read Username for '(?<url>.*)': terminal prompts disabled/
+    }.freeze, T::Hash[String, Regexp])
+
     class Utils
       extend T::Sig
 
@@ -155,6 +198,18 @@ module Dependabot
       "YN0001" => {
         message: "Exception error",
         handler: lambda { |message, _error, _params|
+          YN0001_FILE_NOT_RESOLVED_CODES.each do |(_yn0001_key, yn0001_regex)|
+            if (msg = message.match(yn0001_regex))
+              return Dependabot::DependencyFileNotResolvable.new(msg)
+            end
+          end
+
+          YN0001_AUTH_ERROR_CODES.each do |(_yn0001_key, yn0001_regex)|
+            if (msg = message.match(yn0001_regex))
+              url = msg.named_captures.fetch(URL_CAPTURE)
+              return Dependabot::PrivateSourceAuthenticationFailure.new(url)
+            end
+          end
           Dependabot::DependabotError.new(message)
         }
       },
@@ -164,6 +219,12 @@ module Dependabot
           Dependabot::DependencyFileNotResolvable.new(message)
         }
       },
+      "YN0009" => {
+        message: "Build Failed",
+        handler: lambda { |message, _error, _params|
+          Dependabot::DependencyFileNotResolvable.new(message)
+        }
+      },
       "YN0016" => {
         message: "Remote not found",
         handler: lambda { |message, _error, _params|
@@ -189,6 +250,13 @@ module Dependabot
           Dependabot::DependencyNotFound.new(message)
         }
       },
+      "YN0041" => {
+        message: "Invalid authentication",
+        handler: lambda { |message, _error, _params|
+          url = T.must(URI.decode_www_form_component(message).split("https://").last).split("/").first
+          Dependabot::PrivateSourceAuthenticationFailure.new(url)
+        }
+      },
       "YN0046" => {
         message: "Automerge failed to parse",
         handler: lambda { |message, _error, _params|
@@ -213,6 +281,12 @@ module Dependabot
           Dependabot::IncompatibleCPU.new(message)
         }
       },
+      "YN0068" => {
+        message: "No matching package",
+        handler: lambda { |message, _error, _params|
+          Dependabot::DependencyFileNotResolvable.new(message)
+        }
+      },
       "YN0071" => {
         message: "NM can't install external soft link",
         handler: lambda { |message, _error, _params|
@@ -385,8 +459,113 @@ module Dependabot
         },
         in_usage: false,
         matchfn: nil
-      }
+      },
+      {
+        patterns: [OUT_OF_DISKSPACE],
+        handler: lambda { |message, _error, _params|
+          Dependabot::OutOfDisk.new(message)
+        },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [YARNRC_PARSE_ERROR],
+        handler: lambda { |message, _error, _params|
+          filename = message.match(YARNRC_PARSE_ERROR).named_captures["filename"]
+
+          msg = "Error while loading \"#{filename.split('/').last}\"."
+          Dependabot::DependencyFileNotResolvable.new(msg)
+        },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [YARNRC_ENV_NOT_FOUND],
+        handler: lambda { |message, _error, _params|
+          error_message = message.gsub(/[[:space:]]+/, " ").strip
+
+          filename = error_message.match(YARNRC_ENV_NOT_FOUND_REGEX)
+                                    .named_captures["filename"]
+
+          env_var = error_message.match(YARNRC_ENV_NOT_FOUND_REGEX)
+                                .named_captures["token"]
+
+          msg = "Environment variable \"#{env_var}\" not found in \"#{filename.split('/').last}\"."
+          Dependabot::MissingEnvironmentVariable.new(env_var, msg)
+        },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [YARNRC_EAI_AGAIN],
+        handler: lambda { |_message, _error, _params|
+          Dependabot::DependencyFileNotResolvable.new("Network error while resolving dependency.")
+        },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [YARNRC_ENOENT],
+        handler: lambda { |message, _error, _params|
+          error_message = message.gsub(/[[:space:]]+/, " ").strip
+          filename = error_message.match(YARNRC_ENOENT_REGEX).named_captures["filename"]
+
+          Dependabot::DependencyFileNotResolvable.new("Internal error while resolving dependency." \
+                                                      "File not found \"#{filename.split('/').last}\"")
+        },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [YARN_PACKAGE_NOT_FOUND],
+        handler: lambda { |message, _error, _params|
+          package_name = message.match(YARN_PACKAGE_NOT_FOUND).named_captures["pkg"]
+          version = message.match(YARN_PACKAGE_NOT_FOUND).named_captures["ver"]
+
+          Dependabot::InconsistentRegistryResponse.new("Couldn't find any versions for \"#{package_name}\" that " \
+                                                       "matches \"#{version}\"")
+        },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [YARN_PACKAGE_NOT_FOUND_CODE],
+        handler: lambda { |message, _error, _params|
+          msg = message.match(YARN_PACKAGE_NOT_FOUND_CODE)
 
+          Dependabot::DependencyFileNotResolvable.new(msg)
+        },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [REQUEST_ERROR_E403, AUTH_REQUIRED_ERROR, PERMISSION_DENIED, BAD_REQUEST],
+        handler: lambda { |message, _error, _params|
+          dependency_url = T.must(URI.decode_www_form_component(message).split("https://").last).split("/").first
+
+          Dependabot::PrivateSourceAuthenticationFailure.new(dependency_url)
+        },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [MANIFEST_NOT_FOUND],
+        handler: lambda { |message, _error, _params|
+          msg = message.match(MANIFEST_NOT_FOUND)
+          Dependabot::DependencyFileNotResolvable.new(msg)
+        },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [INTERNAL_SERVER_ERROR],
+        handler: lambda { |message, _error, _params|
+          msg = message.match(INTERNAL_SERVER_ERROR)
+          Dependabot::DependencyFileNotResolvable.new(msg)
+        },
+        in_usage: false,
+        matchfn: nil
+      }
     ].freeze, T::Array[{
       patterns: T::Array[T.any(String, Regexp)],
       handler: ErrorHandler,
@@ -394,4 +573,5 @@ module Dependabot
       matchfn: T.nilable(T.proc.params(usage: String, message: String).returns(T::Boolean))
     }])
   end
+  # rubocop:enable Metrics/ModuleLength
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.271.0
+  version: 0.273.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-08-15 00:00:00.000000000 Z
+date: 2024-08-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.271.0
+        version: 0.273.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.271.0
+        version: 0.273.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -345,7 +345,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.271.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.273.0
 post_install_message: 
 rdoc_options: []
 require_paths: