dependabot-npm_and_yarn 0.97.5 → 0.97.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +244 -236
- data/helpers/package.json +1 -1
- data/helpers/yarn.lock +262 -262
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +33 -11
- metadata +4 -4
@@ -230,19 +230,24 @@ module Dependabot
|
|
230
230
|
raise Dependabot::GitDependenciesNotReachable, dependency_url
|
231
231
|
end
|
232
232
|
|
233
|
-
|
233
|
+
# This error happens when the lockfile has been messed up and some
|
234
|
+
# entries are missing a version, source:
|
235
|
+
# https://npm.community/t/cannot-read-property-match-of-undefined/203/3
|
236
|
+
#
|
237
|
+
# In this case we want to raise a more helpful error message asking
|
238
|
+
# people to re-generate their lockfiles (Future feature idea: add a
|
239
|
+
# way to click-to-fix the lockfile from the issue)
|
240
|
+
if error.message.include?("Cannot read property 'match' of ") &&
|
241
|
+
!resolvable_before_update?(lockfile)
|
242
|
+
raise_missing_lockfile_version_resolvability_error(error, lockfile)
|
243
|
+
end
|
244
|
+
|
245
|
+
if (error.message.start_with?("No matching vers", "404 Not Found") ||
|
234
246
|
error.message.include?("not match any file(s) known to git") ||
|
235
247
|
error.message.include?("Non-registry package missing package") ||
|
236
|
-
error.message.include?("
|
237
|
-
|
238
|
-
|
239
|
-
unless resolvable_before_update?(lockfile)
|
240
|
-
raise_resolvability_error(error, lockfile)
|
241
|
-
end
|
242
|
-
|
243
|
-
# Dependabot has probably messed something up with the update and we
|
244
|
-
# want to hear about it
|
245
|
-
raise error
|
248
|
+
error.message.include?("Invalid tag name")) &&
|
249
|
+
!resolvable_before_update?(lockfile)
|
250
|
+
raise_resolvability_error(error, lockfile)
|
246
251
|
end
|
247
252
|
|
248
253
|
raise error
|
@@ -259,6 +264,23 @@ module Dependabot
|
|
259
264
|
raise Dependabot::DependencyFileNotResolvable, msg
|
260
265
|
end
|
261
266
|
|
267
|
+
def raise_missing_lockfile_version_resolvability_error(error, lockfile)
|
268
|
+
lockfile_dir = Pathname.new(lockfile.name).dirname
|
269
|
+
modules_path = lockfile_dir.join("node_modules")
|
270
|
+
# Note: don't include the dependency names to prevent opening
|
271
|
+
# multiple issues for each dependency that fails because we unique
|
272
|
+
# issues on the error message (issue detail) on the backend
|
273
|
+
#
|
274
|
+
# ToDo: add an error ID to issues to make it easier to unique them
|
275
|
+
msg = "Error whilst updating dependencies in #{lockfile.name}:\n"\
|
276
|
+
"#{error.message}\n\n"\
|
277
|
+
"It looks like your lockfile has some corrupt entries with "\
|
278
|
+
"missing versions and needs to be re-generated.\n"\
|
279
|
+
"You'll need to remove #{lockfile.name} and #{modules_path} "\
|
280
|
+
"before you run npm install."
|
281
|
+
raise Dependabot::DependencyFileNotResolvable, msg
|
282
|
+
end
|
283
|
+
|
262
284
|
def handle_missing_package(package_name, error, lockfile)
|
263
285
|
missing_dep = lockfile_dependencies(lockfile).
|
264
286
|
find { |dep| dep.name == package_name }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.97.
|
4
|
+
version: 0.97.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-03-
|
11
|
+
date: 2019-03-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.97.
|
19
|
+
version: 0.97.6
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.97.
|
26
|
+
version: 0.97.6
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|