dependabot-npm_and_yarn 0.97.5 → 0.97.6

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb

@@ -230,19 +230,24 @@ module Dependabot
             raise Dependabot::GitDependenciesNotReachable, dependency_url
           end
 
-          if error.message.start_with?("No matching vers", "404 Not Found") ||
+          # This error happens when the lockfile has been messed up and some
+          # entries are missing a version, source:
+          # https://npm.community/t/cannot-read-property-match-of-undefined/203/3
+          #
+          # In this case we want to raise a more helpful error message asking
+          # people to re-generate their lockfiles (Future feature idea: add a
+          # way to click-to-fix the lockfile from the issue)
+          if error.message.include?("Cannot read property 'match' of ") &&
+             !resolvable_before_update?(lockfile)
+            raise_missing_lockfile_version_resolvability_error(error, lockfile)
+          end
+
+          if (error.message.start_with?("No matching vers", "404 Not Found") ||
              error.message.include?("not match any file(s) known to git") ||
              error.message.include?("Non-registry package missing package") ||
-             error.message.include?("Cannot read property 'match' of ") ||
-             error.message.include?("Invalid tag name")
-
-            unless resolvable_before_update?(lockfile)
-              raise_resolvability_error(error, lockfile)
-            end
-
-            # Dependabot has probably messed something up with the update and we
-            # want to hear about it
-            raise error
+             error.message.include?("Invalid tag name")) &&
+             !resolvable_before_update?(lockfile)
+            raise_resolvability_error(error, lockfile)
           end
 
           raise error
@@ -259,6 +264,23 @@ module Dependabot
           raise Dependabot::DependencyFileNotResolvable, msg
         end
 
+        def raise_missing_lockfile_version_resolvability_error(error, lockfile)
+          lockfile_dir = Pathname.new(lockfile.name).dirname
+          modules_path = lockfile_dir.join("node_modules")
+          # Note: don't include the dependency names to prevent opening
+          # multiple issues for each dependency that fails because we unique
+          # issues on the error message (issue detail) on the backend
+          #
+          # ToDo: add an error ID to issues to make it easier to unique them
+          msg = "Error whilst updating dependencies in #{lockfile.name}:\n"\
+                "#{error.message}\n\n"\
+                "It looks like your lockfile has some corrupt entries with "\
+                "missing versions and needs to be re-generated.\n"\
+                "You'll need to remove #{lockfile.name} and #{modules_path} "\
+                "before you run npm install."
+          raise Dependabot::DependencyFileNotResolvable, msg
+        end
+
         def handle_missing_package(package_name, error, lockfile)
           missing_dep = lockfile_dependencies(lockfile).
                         find { |dep| dep.name == package_name }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.97.5
+  version: 0.97.6
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-12 00:00:00.000000000 Z
+date: 2019-03-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.97.5
+        version: 0.97.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.97.5
+        version: 0.97.6
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement